-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: allow extractraction on all files to fail #1285
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1285 +/- ##
==========================================
- Coverage 78.96% 78.90% -0.06%
==========================================
Files 262 262
Lines 4801 4812 +11
Branches 578 580 +2
==========================================
+ Hits 3791 3797 +6
- Misses 856 861 +5
Partials 154 154
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
We may wan to change the default across all extractors before merging this code, will discuss during our meeting tomorrow. |
Discussed in meeting:
|
I checked with the person who originally reported the issue and this PR doesn't solve it yet. I'm going to work on adding some additional tests to see if we can cover their use case better, as well as extending the allow-fail behaviour to other checkers. |
Changes in intel#1181 to check return codes made it so failed extractions caused cve-bin-tool to halt rather than log an error. This was particularly a problem for .exe files, which we try to extract as zipfiles in case they are self-extracting exectables. Signed-off-by: Terri Oda <terri.oda@intel.com>
This test is expected to fail currently and will need to pass before this PR is ready to merge. Signed-off-by: Terri Oda <terri.oda@intel.com>
Signed-off-by: Terri Oda <terri.oda@intel.com>
Looks great for zip, however, the PR title implys we want to do this for all file types. If that's still the case then we should make sure to hit apk, cab, deb, and rpm. That said, I think that it makes more sense to just merge this PR as is for zip files and then do the others in other PRs |
) | ||
if stderr or not stdout: | ||
if is_exe: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return (int(not is_exe))
Take it or leave it, just saves a couple of lines, but not great readability.
It's not immediately obvious because I put in explicit changes for zip and then went ahead and changed the default here:
But because the default has changed, all file types should fail without halting now. I should update the tests to include more than just zip-related extensions to show it, though. |
Actually, since I don't see any objections right now, and I think halting on .exe files is a problem, I'm going to go ahead and merge this and open a good first issue for additional tests for additional file extensions. |
* fixes #1281 * Related to #1181 Changes in #1181 to check return codes made it so that cve-bin-tool failed if any file did not extract correctly. This changes the default so that failures during extraction are logged but do not halt the scan. Error messages are not logged when the file extension is .exe because users found those confusing (cve-bin-tool tries to unzip all .exe files in case they are self-extracting zipfiles, but many are not) Signed-off-by: Terri Oda <terri.oda@intel.com>
Changes in #1181 to check return codes made it so that cve-bin-tool failed if any file did not extract correctly.
This changes the default so that failures during extraction are logged but do not halt the scan. Error messages are not logged when the file extension is .exe because users found those confusing (cve-bin-tool tries to unzip all .exe files in case they are self-extracting zipfiles, but many are not)
Signed-off-by: Terri Oda terri.oda@intel.com