Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filesystem scan error (eval_conflict_error: object keys must be unique) #2394

Closed
caiohasouza opened this issue Jun 23, 2022 · 4 comments · Fixed by #2400, aquasecurity/defsec#1327 or #4474
Closed

filesystem scan error (eval_conflict_error: object keys must be unique) #2394

caiohasouza opened this issue Jun 23, 2022 · 4 comments · Fixed by #2400, aquasecurity/defsec#1327 or #4474
Assignees
@liamg
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.30.0

Comments

@caiohasouza
Copy link

Description

On 0.29.x version i'm receiving an error on run "trivy config", on older versions all works fine.

What did you expect to happen?

The command trivy config /dockerfilefolder/ works fine.

What happened instead?

Error:

2022-06-23T13:01:04.072Z	FATAL	filesystem scan error: scan error: image scan failed: failed analysis: failed to call hooks: post handler error: scan config error: docker/lib/docker.rego:23: eval_conflict_error: object keys must be unique

Output of run with -debug:

2022-06-23T13:04:30.822Z	DEBUG	Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2022-06-23T13:04:30.828Z	DEBUG	cache dir:  /root/.cache/trivy
2022-06-23T13:04:30.828Z	INFO	Misconfiguration scanning is enabled
2022-06-23T13:04:31.029Z	FATAL	filesystem scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:359
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:217
  - image scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:515
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:112
  - failed to call hooks:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/local/fs.go:126
  - post handler error:
    github.com/aquasecurity/trivy/pkg/fanal/handler.Manager.PostHandle
        /home/runner/work/trivy/trivy/pkg/fanal/handler/handler.go:75
  - scan config error:
    github.com/aquasecurity/trivy/pkg/fanal/handler/misconf.misconfPostHandler.Handle
        /home/runner/work/trivy/trivy/pkg/fanal/handler/misconf/misconf.go:239
  - docker/lib/docker.rego:23: eval_conflict_error: object keys must be unique

Output of trivy -v:

version: 0.29.2

Additional details (base image name, container registry info...):

Dockerfile to simulate error:

FROM alpine:3.16

RUN mkdir /app/

# Configure files permissions
RUN set -ex && \
    find /app/ -type d -exec chmod 775 {} \;

### APP Image ###
FROM alpine:3.16

COPY --from=0 app/ /app/
@caiohasouza caiohasouza added the kind/bug Categorizes issue or PR as related to a bug. label Jun 23, 2022
@knqyf263 knqyf263 added the scan/misconfiguration Issues relating to misconfiguration scanning label Jun 23, 2022
@liamg
Copy link
Contributor

liamg commented Jun 23, 2022

Thanks, this is interesting, it looks like it's the usage of multiple FROM commands with the same image ref. I'll take a look later today 👍

@afdesk afdesk mentioned this issue Jun 23, 2022
Merged
6 tasks
@caiohasouza
Copy link
Author

Hi @liamg

Perfect, thank you!

Regards

@liamg liamg mentioned this issue Jun 24, 2022
Merged
liamg added a commit that referenced this issue Jun 24, 2022
@liamg
fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key
bad99ce 
Resolves #2394

Signed-off-by: Liam Galvin <[email protected]>
@liamg liamg mentioned this issue Jun 24, 2022
Merged
knqyf263 pushed a commit that referenced this issue Jun 26, 2022
@liamg
fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (
c537c91 
#2400)

Resolves #2394

Signed-off-by: Liam Galvin <[email protected]>
@knqyf263 knqyf263 added this to the v0.30.0 milestone Jun 26, 2022
@cnwaldron
Copy link

I'm experiencing this issue with Trivy v0.34.0.

simar7 added a commit to aquasecurity/defsec that referenced this issue May 24, 2023
@simar7
fix(docker): Support stages with dupe names
518da92 
Fixes: aquasecurity/trivy#2394

Signed-off-by: Simar <[email protected]>
@simar7 simar7 mentioned this issue May 24, 2023
Merged
simar7 added a commit to aquasecurity/defsec that referenced this issue May 24, 2023
@simar7
fix(docker): Support stages with dupe names
e45e17a 
Fixes: aquasecurity/trivy#2394

Signed-off-by: Simar <[email protected]>
@simar7 simar7 reopened this May 24, 2023
@simar7
Copy link
Member

simar7 commented May 24, 2023
edited
Loading

A simple example to repro:

FROM foo
CMD bar
FROM foo
ENTRYPOINT fff
ENTRYPOINT zzz

This also happens with multiple healthchecks as well. I've created aquasecurity/defsec#1327 to fix it.

simar7 added a commit to aquasecurity/defsec that referenced this issue May 24, 2023
@simar7
fix(docker): Support stages with dupe names (#1327)
6f8a5a7 
* fix(docker): Support stages with dupe names

Fixes: aquasecurity/trivy#2394

Signed-off-by: Simar <[email protected]>

* revert opa back

Signed-off-by: Simar <[email protected]>

* update messaging

Signed-off-by: Simar <[email protected]>

---------

Signed-off-by: Simar <[email protected]>
@simar7 simar7 mentioned this issue May 26, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liamg liamg

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
v0.30.0
5 participants
@liamg @simar7 @knqyf263 @caiohasouza @cnwaldron