Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Prevent k8s scan panic #1773

Merged
merged 3 commits into from
Sep 20, 2023
Merged

🐛 Prevent k8s scan panic #1773

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
95be17b
🐛 Prevent k8s scan panic
czunker Sep 18, 2023
cb535f1
Prevent AWS from taking over the images
czunker Sep 19, 2023
0d823c7
Remove left-over from first try
czunker Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions explorer/scan/local_scanner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,15 +188,11 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstream *up
log.Error().Err(err).Msg("unable to connect to asset")
continue
}
inventorySpec := runtime.Provider.Connection
if inventorySpec.Inventory != nil &&
inventorySpec.Inventory.Spec != nil &&
inventorySpec.Inventory.Spec.Assets != nil {
log.Debug().Msgf("adding %d discovered asset(s)", len(runtime.Provider.Connection.Inventory.Spec.Assets))
assetCandidates = append(assetCandidates, inventorySpec.Inventory.Spec.Assets...)
} else {
assetCandidates = append(assetCandidates, runtime.Provider.Connection.Asset)
processedAssets, err := providers.ProcessAssetCandidates(runtime, runtime.Provider.Connection, upstream, "")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's the actual fix to prevent the panic.

if err != nil {
return nil, false, err
}
assetCandidates = append(assetCandidates, processedAssets...)
// TODO: we want to keep better track of errors, since there may be
// multiple assets coming in. It's annoying to abort the scan if we get one
// error at this stage.
Expand Down
19 changes: 2 additions & 17 deletions providers/aws/provider/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,12 @@ import (
"go.mondoo.com/cnquery/providers-sdk/v1/upstream"
"go.mondoo.com/cnquery/providers/aws/connection"
"go.mondoo.com/cnquery/providers/aws/resources"
osconnection "go.mondoo.com/cnquery/providers/os/connection"
"go.mondoo.com/cnquery/providers/os/connection/shared"
"go.mondoo.com/cnquery/providers/os/detector"
)

const (
defaultConnection uint32 = 1
DefaultConnectionType = "aws"
SshConnectionType = "ssh"
RegistryImageConnectionType = "registry-image"
Copy link
Contributor Author

@czunker czunker Sep 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This removal is also part of #1707. But I removed even more here.

I had to fix this here otherwise, the AWS provider would take over the provider for some images.

defaultConnection uint32 = 1
DefaultConnectionType = "aws"
)

type Service struct {
Expand Down Expand Up @@ -134,20 +130,9 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
var err error

switch conf.Type {
case SshConnectionType:
s.lastConnectionID++
conn, err = osconnection.NewSshConnection(s.lastConnectionID, conf, asset)
if pf, ok := detector.DetectOS(conn); ok {
conn.Asset().Platform = pf
}

case RegistryImageConnectionType:
s.lastConnectionID++
conn, err = osconnection.NewContainerRegistryImage(s.lastConnectionID, conf, asset)
default:
s.lastConnectionID++
conn, err = connection.NewAwsConnection(s.lastConnectionID, asset, conf)

}
if err != nil {
return nil, err
Expand Down
Loading