Fix - containers oci dir scans bugs (AST-130779)#1435
Open
cx-dmitri-rivin wants to merge 5 commits intomainfrom
Open
Fix - containers oci dir scans bugs (AST-130779)#1435cx-dmitri-rivin wants to merge 5 commits intomainfrom
cx-dmitri-rivin wants to merge 5 commits intomainfrom
Conversation
Route all prefixed inputs (oci-dir:, docker:, etc.) directly to their prefix-specific validators to fix Windows absolute path handling. Previously, oci-dir:C:\path\to\dir was misrouted through tar file validation causing "not a valid tar file" errors. - Move prefix validation check before file path detection - Remove unreachable dead code (23 lines) - Add Windows full path test coverage (C:\, D:\ variations) - Both AST-130779 and AST-130781 are now fixed Co-authored-by: Cursor <cursoragent@cursor.com>
cx-dmitri-rivin
requested review from
cx-anjali-deore,
cx-anurag-dalke and
cx-umesh-waghode
as code owners
|
Great job! No new security vulnerabilities introduced in this pull request |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, you agree to the terms within the Checkmarx Code of Conduct. Please review the contributing guidelines for guidance on creating high-quality pull requests.
Description
Please provide a summary of the changes and the related issue. Include relevant motivation and context.
Type of Change
Bug Fixes (AST-130779 & AST-130781) in ast-cli:
Fixed validateContainerImageFormat in scan.go so that prefixed inputs like oci-dir:C:\path are routed directly to their specific validators instead of being misidentified as tar file paths on Windows.
Removed dead code blocks that became unreachable after the fix.
Added 3 new test cases for Windows paths in scan_test.go.
Committed and merged main into the working branch.
Image Name Extraction Fix in containers-syft-packages-extractor:
Fixed extractImageNameAndTagFromOCIDir in utils.go — the function only split paths on /, so Windows paths like .\docker.io\library\alpine were kept as the full image name instead of extracting just alpine.
Fix: normalize \ to /, use filepath.Base() to extract the last path component, apply normalizeImageName(), and use filepath.Join() for building the index.json path.
https://checkmarx.atlassian.net/jira/software/c/projects/AST/boards/488?assignee=613f1e6be6c39d007212005d&selectedIssue=AST-130779
https://checkmarx.atlassian.net/jira/software/c/projects/AST/boards/488?assignee=613f1e6be6c39d007212005d&selectedIssue=AST-130781
Checklist
Screenshots (if applicable)
Add screenshots to help explain your changes.
Additional Notes
Add any other relevant information.