Skip to content

Ignore scripts that aren't executable #1427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jonjohnsonjr merged 1 commit into from
Dec 11, 2024
Merged

Ignore scripts that aren't executable #1427

jonjohnsonjr merged 1 commit into from
Dec 11, 2024

Conversation

@jonjohnsonjr
Copy link
Contributor

@jonjohnsonjr jonjohnsonjr commented Dec 11, 2024

This should probably be an allowlist like apk does, but this is a smaller diff and I'm worried about breaking more things.

@jonjohnsonjr
Ignore scripts that aren't executable
c0503f5 
This should probably be an allowlist like apk does, but this is a
smaller diff and I'm worried about breaking more things.

Signed-off-by: Jon Johnson <jon.johnson@chainguard.dev>
@jonjohnsonjr jonjohnsonjr enabled auto-merge (squash) December 11, 2024 00:34
luhring
luhring reviewed Dec 11, 2024
View reviewed changes
pkg/apk/apk/installed.go
Comment on lines +157 to +160
// Ignore files that aren't executable.
// This is mostly to ignore .melange.yaml files in the control section,
// but apk itself has hardcoded list of scripts that we might want to do too.
if header.FileInfo().Mode().Perm()&0555 != 0555 {
Copy link
Member

@luhring luhring Dec 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not immediately obvious to me from this why we're checking for these exact perm bits (r+x for all 3) but maybe that's just because I don't know this part of the domain

Copy link
Contributor Author

@jonjohnsonjr jonjohnsonjr Dec 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW I copied this from melange SCA that does similar checks for entirely different reasons, and it matched what I saw from sampling real-world scripts in alpine. If this ends up being brittle I'll come back and figure out exactly what apk does here and replicate it.

@jonjohnsonjr jonjohnsonjr merged commit c269982 into chainguard-dev:main Dec 11, 2024
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luhring luhring luhring approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonjohnsonjr @luhring