Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning

2026-06-15 20:07:55 +08:00 · 2020-08-18 23:03:16 -07:00
parent 2cf2c16137
commit 72ae02ca4b
6 changed files with 134 additions and 0 deletions
@@ -7,6 +7,7 @@ import (
 	"path"
 	"strings"

+	"github.com/anuvu/zot/errors"
 	"github.com/anuvu/zot/pkg/log"

 	cveinfo "github.com/anuvu/zot/pkg/extensions/search/cve"
@@ -54,6 +55,19 @@ func (r *queryResolver) CVEListForImage(ctx context.Context, image string) (*CVE

 	r.cveInfo.Log.Info().Str("Scanning Image", image).Msg("")

+	isValidImage, err := r.cveInfo.IsValidImageFormat(r.cveInfo.CveTrivyConfig.TrivyConfig.Input)
+	if !isValidImage {
+		r.cveInfo.Log.Debug().Msg("Image media type not supported for scanning")
+
+		return &CVEResultForImage{}, errors.ErrScanNotSupported
+	}
+
+	if err != nil {
+		r.cveInfo.Log.Error().Err(err).Msg("Error scanning image repository")
+
+		return &CVEResultForImage{}, err
+	}
+
 	cveResults, err := cveinfo.ScanImage(r.cveInfo.CveTrivyConfig)
 	if err != nil {
 		r.cveInfo.Log.Error().Err(err).Msg("Error scanning image repository")
@@ -143,6 +157,19 @@ func (r *queryResolver) ImageListForCve(ctx context.Context, id string) ([]*ImgR
 	for _, repo := range repoList {
 		r.cveInfo.Log.Info().Str("Extracting list of tags available in image", repo).Msg("")

+		isValidImage, err := r.cveInfo.IsValidImageFormat(path.Join(r.dir, repo))
+		if !isValidImage {
+			r.cveInfo.Log.Debug().Str("Image media type not supported for scanning", repo)
+
+			continue
+		}
+
+		if err != nil {
+			r.cveInfo.Log.Error().Err(err).Str("Error reading image media type", repo)
+
+			return cveResult, err
+		}
+
 		if err != nil {
 			r.cveInfo.Log.Error().Err(err).Str("Error reading image media type", repo)