Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: logging level for parsing potential PE files #2367

Merged
merged 1 commit into from
Nov 29, 2023
Merged

fix: logging level for parsing potential PE files #2367

merged 1 commit into from
Nov 29, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Nov 28, 2023

While looking in to an issue that a library parsing DotNET Portable Executables was writing to stdout, I noticed a number of warnings show up, for example, running:

syft --platform windows/amd64 registry:mcr.microsoft.com/windows/servercore:ltsc2019

Resulted in:

 ✔ Parsed image                                                                                           sha256:c632661e39bb365cf34bfdd943baa4ce5ba1ebdd713d790d1af0b9da20ae0bea
 ✔ Cataloged packages              [4566 packages]  
[0084]  WARN cataloger failed cataloger=dotnet-portable-executable-cataloger error=unable to parse PE file: DOS Header magic not found location=/Files/Windows/WinSxS/x86_microsoft
[0084]  WARN cataloger failed cataloger=dotnet-portable-executable-cataloger error=unable to parse PE file: DOS Header magic not found location=/Files/Windows/WinSxS/x86_microsoft
[0084]  WARN cataloger failed cataloger=dotnet-portable-executable-cataloger error=unable to parse PE file: DOS Header magic not found location=/Files/Windows/WinSxS/x86_microsoft

This PR adjusts the warnings to DEBUG level, e.g. nothing is printed by default but using the -vv option, you'd see:

...
[0083] DEBUG unable to parse PE file '/Files/Windows/WinSxS/x86_microsoft-windows-d..s-commandline-tools_31bf3856ad364e35_10.0.17763.1_none_5c764e9c11f85b2a/dsquery.exe': DOS Header magic not found
[0083] DEBUG unable to parse PE file '/Files/Windows/WinSxS/x86_microsoft-windows-d..s-commandline-tools_31bf3856ad364e35_10.0.17763.1_none_5c764e9c11f85b2a/dsrm.exe': DOS Header magic not found
...

We can see that these are just .exe files, many of which are not portable executables, so we really shouldn't be warning about them.

wagoodman
wagoodman approved these changes Nov 28, 2023
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think even the debugs should be trace logs though, since the given input is not guaranteed to be a PE file at all

@kzantow kzantow enabled auto-merge (squash) November 29, 2023 03:32
@kzantow kzantow merged commit f5a6b5a into anchore:main Nov 29, 2023
10 checks passed
@kzantow kzantow deleted the fix/pe-logging-level branch November 29, 2023 05:58
@wagoodman wagoodman added the bug Something isn't working label Nov 29, 2023
@chenrui333 chenrui333 mentioned this pull request Nov 29, 2023
Merged
spiffcs added a commit to coheigea/syft that referenced this pull request Dec 5, 2023
@spiffcs
Merge branch 'main' into coheigea/yarn-licenses
09423aa 
* main: (40 commits)
  chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (anchore#2392)
  Retrieve remote licenses using pom.properties when there is no pom.xml (anchore#2315)
  fix(java): improve identification for org.apache.tapestry artifacts (anchore#2384)
  fix(java): improve identification for io.ratpack artifacts (anchore#2379)
  fix(java): improve identification for org.apache.cassandra artifacts (anchore#2386)
  fix(java): improve identification for org.neo4j.procedure artifacts (anchore#2388)
  fix: bump fangs for ptr summarize fix (anchore#2387)
  fix(java): improve identification for org.elasticsearch artifacts (anchore#2383)
  fix(java): improve identification for org.apache.geode artifacts (anchore#2382)
  fix(java): improve identification for org.apache.tomcat.embed artifacts (anchore#2381)
  fix(java): improve identification for io.projectreactor.netty artifacts (anchore#2378)
  fix(java): improve identification for org.eclipse.platform artifacts (anchore#2349)
  Generalize UI events for cataloging tasks (anchore#2369)
  chore(deps): update tools to latest versions (anchore#2376)
  chore(deps): bump github.com/google/go-containerregistry (anchore#2377)
  chore: fix tests failing due to Mac Rosetta cache (anchore#2374)
  fix: improve dotnet portable executable identification (anchore#2133)
  fix file metadata cataloger to use resolved locations (anchore#2370)
  fix: logging level for parsing potential PE files (anchore#2367)
  only remove breaking-change label when there are schema changes (anchore#2371)
  ...

Signed-off-by: Christopher Phillips <[email protected]>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
fix: logging level for parsing potential PE files (anchore#2367)
34c686f 
Signed-off-by: Keith Zantow <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kzantow @wagoodman