Merge pull request #370 from snyk/test/removed-files

test: falsely identify deleted files
snyk · Sep 13, 2021 · 3377eea · 3377eea
2 parents 2d5a85d + f783dba
commit 3377eea
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/test/fixtures/docker-archives/skopeo-copy/node-removed.tar b/test/fixtures/docker-archives/skopeo-copy/node-removed.tar
diff --git a/test/system/static.test.ts b/test/system/static.test.ts
@@ -290,3 +290,37 @@ test("able to scan opensuse/leap images", async (t) => {
 
   t.equal(depGraph.getDepPkgs().length, 125, "expected number of direct deps");
 });
+
+/**
+ * This test asserts that our scanner ignores files' deletion
+ * by still reporting that they are part of the image.
+ * The image in the example below was built with the following Dockerfile:
+ *
+ * FROM busybox
+ * COPY node /
+ * RUN rm /node
+ *
+ * Even though the node "binary"
+ * (actually just an empty file to keep the fixture small)
+ * has been removed, we still report it exists.
+ */
+
+test("bug exists: false positive for deleted files", async (t) => {
+  const fixturePath = getFixture("skopeo-copy/node-removed.tar");
+  const imagePath = `oci-archive:${fixturePath}`;
+
+  const pluginResult = await plugin.scan({
+    path: imagePath,
+  });
+
+  const keyBinariesHashes: string[] = pluginResult.scanResults[0].facts.find(
+    (fact) => fact.type === "keyBinariesHashes",
+  )!.data;
+
+  t.equal(keyBinariesHashes.length, 1, "one hash found for a file called node");
+  t.equal(
+    keyBinariesHashes[0],
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+    "matched file hash",
+  );
+});