Horusec-cli:Improvement - Support single-digit subversions of docker
smoogie opened this issue · comments
Hello, I'm not sure if we should treat it as a bug or improvement:
When we try to run horusec on Ubuntu 22.04.2 LTS with Docker version 24.0.2, build cb74dfc, we get error:
level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
We can run with flag -D to disable docker, but then we do not get the benefit of additional tools for analysis. The issue is with how the docker version is validated, more precise - how we get versions internal/controllers/requirements/docker/docker.go:84 - funciton getVersionAndSubVersion:
func getVersionAndSubVersion(fullVersion string) (int, int, error) {
version, err := strconv.Atoi(fullVersion[0:2])
if err != nil {
return 0, 0, ErrDockerNotInstalled
}
subversion, err := strconv.Atoi(fullVersion[3:5])
if err != nil {
return 0, 0, ErrDockerNotInstalled
}
return version, subversion, nil
}
fullVersion == "24.0.2"
fullVersion[3:5] == "0."
And with Atoi we get error:
strconv.Atoi: parsing "0.": invalid syntax
When we changed line::
subversion, err = strconv.Atoi(fullVersion[3:5])
to
subversion, err := strconv.Atoi(strings.Split(fullVersion[3:5], ".")[0])
It starts to work. But the code looks strange, and we need to fork the repo. So it would be good to have a fix for that issue in the original repo and original tool.
Maybe we can already split the string that represents the version number and read the correct one, like this:
func getVersionAndSubVersion(fullVersion string) (int, int, error) {
versions := strings.Split(fullVersion, ".")
if len(versions) < 2 {
return 0, 0, ErrDockerNotInstalled
}
version, err := strconv.Atoi(versions[0])
if err != nil {
return 0, 0, ErrDockerNotInstalled
}
subversion, err := strconv.Atoi(versions[1])
if err != nil {
return 0, 0, ErrDockerNotInstalled
}
return version, subversion, nil
}
But I don't know what format we can get in fullVersion. Would it always be x.x.x, or can we have other options too?