Merge pull request #1413 from snyk/staging

RELEASE
snyk · Nov 24, 2023 · c30a2e6 · c30a2e6
2 parents cadfba3 + c6d73cd
commit c30a2e6
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 9 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -48,7 +48,7 @@
     "needle": "^3.2.0",
     "sleep-promise": "^9.1.0",
     "snyk-config": "5.1.0",
-    "snyk-docker-plugin": "^6.5.9",
+    "snyk-docker-plugin": "^6.5.10",
     "source-map-support": "^0.5.21",
     "tunnel": "0.0.6",
     "typescript": "4.7.4",

diff --git a/src/scanner/images/index.ts b/src/scanner/images/index.ts
@@ -50,14 +50,24 @@ export async function pullImages(
       pulledImages.push(pulledImage);
     } catch (error) {
       logger.error(
-        { error, image: image.imageWithDigest ?? image.imageName },
+        {
+          error: sanitizeSkopeoErrorForLogging(error),
+          image: image.imageWithDigest ?? image.imageName,
+        },
         'failed to pull image docker/oci archive image',
       );
     }
   }
   return pulledImages;
 }
 
+function sanitizeSkopeoErrorForLogging(error) {
+  delete error.stack;
+  delete error.message;
+  delete error.childProcess;
+  return error;
+}
+
 export function getImagesWithFileSystemPath(
   images: IScanImage[],
 ): IPullableImage[] {

diff --git a/test/unit/snyk-dep-graph.spec.ts b/test/unit/snyk-dep-graph.spec.ts
@@ -0,0 +1,59 @@
+import { createFromJSON } from '@snyk/dep-graph';
+
+describe('@snyk/dep-graph', () => {
+  describe('createFromJSON', () => {
+    it('supports percent-encoded plus sign in purl version', () => {
+      // Arrange
+      const json = {
+        schemaVersion: '1.3.0',
+        pkgManager: {
+          name: 'deb',
+          repositories: [
+            {
+              alias: 'repository:tag',
+            },
+          ],
+        },
+        pkgs: [
+          {
+            id: 'repository@digest',
+            info: {
+              name: 'repository',
+              version: 'digest',
+            },
+          },
+          {
+            id: 'db5.3/[email protected]+dfsg1-0.6ubuntu2',
+            info: {
+              name: 'db5.3/libdb5.3',
+              version: '5.3.28+dfsg1-0.6ubuntu2',
+              purl: 'pkg:deb/[email protected]%2Bdfsg1-0.6ubuntu2?upstream=db5.3',
+            },
+          },
+        ],
+        graph: {
+          rootNodeId: 'root-node',
+          nodes: [
+            {
+              nodeId: 'root-node',
+              pkgId: 'repository@digest',
+              deps: [
+                {
+                  nodeId: 'db5.3/[email protected]+dfsg1-0.6ubuntu2',
+                },
+              ],
+            },
+            {
+              nodeId: 'db5.3/[email protected]+dfsg1-0.6ubuntu2',
+              pkgId: 'db5.3/[email protected]+dfsg1-0.6ubuntu2',
+              deps: [],
+            },
+          ],
+        },
+      };
+
+      // Act
+      createFromJSON(json);
+    });
+  });
+});