Giters

goodwithtech / dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Home Page:https://containers.goodwith.tech/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bug: Failed to check latest version. not found version patterns

marccarre opened this issue · comments

commented

Description

Running dockle logs the following:

INFO	Failed to check latest version. not found version patterns

even when running the latest version, or when being perfectly able to reach out to:

dockle/pkg/utils/fetch.go

Line 44 in 0e44bbb

"https://github.com/goodwithtech/dockle/releases/latest",

What did you expect to happen?

I'd expect dockle not to print anything regarding version checks.

What happened instead?

It did log:

INFO	Failed to check latest version. not found version patterns

Output of run

$ docker run --rm goodwithtech/dockle:v0.3.16 docker.io/library/hello-world:latest -v    
2021-09-09T05:16:26.919Z	INFO	Failed to check latest version. not found version patterns
[...]

Root cause analysis

The current logic expects to find a version token within the first 14000 characters:

dockle/pkg/utils/fetch.go

Line 17 in 0e44bbb

const enoughLength = 14000

However, with the current version of the GitHub website, the first occurrence only appears at position 17380 (modulo newlines):

$ curl -fSsL https://github.com/goodwithtech/dockle/releases/latest | tr -d '\n' | awk '{print index($0,"v0.3.16")}'
17380

This makes the current logic fail to find a string matching the regex defined here:

dockle/pkg/utils/fetch.go

Line 14 in 0e44bbb

var versionPattern = regexp.MustCompile(`v[0-9]+\.[0-9]+\.[0-9]+`)

dockle/pkg/utils/fetch.go

Lines 51 to 53 in 0e44bbb

if versionMatched := versionPattern.FindString(string(body)); versionMatched != "" {
return versionMatched, nil
}

Possible solutions

A. Configure the HTTP client to not follow redirects

Indeed, the version token is present in the URL from the redirect response:

$ curl -fSs https://github.com/goodwithtech/dockle/releases/latest                                                           
<html><body>You are being <a href="https://github.com/goodwithtech/dockle/releases/tag/v0.3.16">redirected</a>.</body></html>

For example, instead of DefaultClient, using the following may help:

client := &http.Client{
    CheckRedirect: func(req *http.Request, via []*http.Request) error {
        return http.ErrUseLastResponse
    },
}

An alternative to reading the body would also be to read the response's HTTP headers:

$ curl -fSs -v https://github.com/goodwithtech/dockle/releases/latest >/dev/null 2>&1 | grep 'location:'
< location: https://github.com/goodwithtech/dockle/releases/tag/v0.3.16

B. Increase enoughLength

For example:

// Dockle just want to check latest version string. No need to readall.
const enoughLength = 20000

so that enough HTML is read to reach the token (with the current version of the website, this may break again in the future).

commented

@marccarre
Thank you for your suggestions! It is perfect!
I fixed it on v0.3.17.

commented

Thank you for the quick fix @tomoyamachi! 🙏🏻
(And for maintaining dockle as a whole! 😁)