Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better handling of diffs between archives #626

Merged
merged 4 commits into from
Nov 15, 2024
Merged

Better handling of diffs between archives #626

merged 4 commits into from
Nov 15, 2024

Conversation

egibs
Copy link
Member

@egibs egibs commented Nov 14, 2024

This PR makes some improvements around diffing entire archives. Previously, determining the relative path between the original location of the archive and the extracted files in the temporary directory essentially did not work.

I also modified how paths are represented when displaying the diff regardless of the files being diffed. Instead of displaying relative path -> actual path, we just show actual paths for both now which looks cleaner.

That said, this PR doesn't address the findings in #599 since we're still comparing mismatched map keys in cases like ls and ls.x86_64 (or any equivalent filenames with different extensions).

Examples:

$ go run cmd/mal/mal.go diff /tmp/py3.13-debugpy-bin-1.8.6-r1.apk /tmp/py3.13-debugpy-bin-1.8.7-r0.apk
├─ 🔵 Changed: /private/tmp/py3.13-debugpy-bin-1.8.7-r0.apk ∴ /usr/bin/debugpy
│     ≡ filesystem [LOW]
│       🔵 path/usr_bin — path reference within /usr/bin: /usr/bin/python3.13
│
├─ 🟡 Moved: /private/tmp/py3.13-debugpy-bin-1.8.6-r1.apk ∴ /var/lib/db/sbom/py3.13-debugpy-bin-1.8.6-r1.spdx.json -> /private/tmp/py3.13-debugpy-bin-1.8.7-r0.apk ∴ /var/lib/db/sbom/py3.13-debugpy-bin-1.8.7-r0.spdx.json (score: 0.983784)
│

$ cd /tmp
$ $HOME/go/1.23.2/bin/mal diff py3.13-debugpy-bin-1.8.6-r1.apk py3.13-debugpy-bin-1.8.7-r0.apk
├─ 🔵 Changed: py3.13-debugpy-bin-1.8.7-r0.apk ∴ /usr/bin/debugpy
│     ≡ filesystem [LOW]
│       🔵 path/usr_bin — path reference within /usr/bin: /usr/bin/python3.13
│
├─ 🟡 Moved: py3.13-debugpy-bin-1.8.6-r1.apk ∴ /var/lib/db/sbom/py3.13-debugpy-bin-1.8.6-r1.spdx.json -> py3.13-debugpy-bin-1.8.7-r0.apk ∴ /var/lib/db/sbom/py3.13-debugpy-bin-1.8.7-r0.spdx.json (score: 0.983784)
│

$ go run cmd/mal/mal.go diff /bin/ls ../malcontent-samples/macOS/clean/ls
├─ 🔵 Changed: ../malcontent-samples/macOS/clean/ls
│     ≡ execution [LOW]
│       🔵 shell/TERM — Look up or override terminal settings: TERM
│     ≡ filesystem [LOW]
│       🔵 directory/traverse — traverse filesystem hierarchy: _fts_children, _fts_close, _fts_open, _fts_read, _fts_set
│       🔵 link_read — read value of a symbolic link: readlink
│

@egibs egibs requested a review from tstromberg November 14, 2024 22:43
@tstromberg tstromberg enabled auto-merge (squash) November 15, 2024 01:04
@tstromberg tstromberg merged commit 24b63d1 into chainguard-dev:main Nov 15, 2024
8 checks passed
@egibs egibs deleted the archive-diffs branch November 18, 2024 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tstromberg tstromberg tstromberg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@egibs @tstromberg