Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected logs WARN unable to resolve java package identifier on scanning AWS CDK #2095

Open
metametadata opened this issue Sep 1, 2024 · 1 comment
Open

Unexpected logs WARN unable to resolve java package identifier on scanning AWS CDK #2095

metametadata opened this issue Sep 1, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@metametadata
Copy link

What happened:

Unexpected warnings:

# grype --name fs dir:/
...
[0001]  WARN unable to resolve java package identifier from purl="pkg:maven/software.amazon.awscdk/aws-cdk-lib@%cdk-version%": failed to unescape purl version: invalid URL escape "%"
[0001]  WARN unable to resolve java package identifier from purl="pkg:maven/software.amazon.awscdk/aws-cdk-lib@%cdk-version%": failed to unescape purl version: invalid URL escape "%"
[0001]  WARN unable to resolve java package identifier from purl="pkg:maven/software.constructs/constructs@%constructs-version%": failed to unescape purl version: invalid URL escape "%co"
[0001]  WARN unable to resolve java package identifier from purl="pkg:maven/software.constructs/constructs@%constructs-version%": failed to unescape purl version: invalid URL escape "%co"
...

What you expected to happen:

No warnings

How to reproduce it (as minimally and precisely as possible):

Dockerfile with AWS CDK installed via npm:

# https://hub.docker.com/_/debian
FROM debian:bookworm-20240812-slim

RUN set -eux \
  ; apt-get update \
  ; apt-get install -y curl \
  ; rm -rf /var/lib/apt/lists/*

RUN set -eux \
  ; curl https://deb.nodesource.com/setup_22.x | bash \
  ; apt-get install -y nodejs=22.7.0-1nodesource1 \
  ; rm -rf /var/lib/apt/lists/*

RUN set -eux \
  ; npm install -g aws-cdk@2.151.0

RUN set -eux \
  ; curl -o install_grype.sh https://raw.githubusercontent.com/anchore/grype/main/install.sh \
  ; sh install_grype.sh -b /usr/local/bin v0.80.0 \
  ; rm install_grype.sh

Build and enter Bash in the container:

docker build -t foo .

docker run --name foo --rm -it foo bash

Run Grype inside the container:

grype --name fs dir:/

Environment:

  • Output of grype version:
root@0e345de1b6e4:/# grype version
Application:         grype
Version:             0.80.0
BuildDate:           2024-08-20T17:56:40Z
GitCommit:           205ccfb6c90edb7258a9d25995f0a59c32e48142
GitDescription:      v0.80.0
Platform:            linux/arm64
GoVersion:           go1.22.6
Compiler:            gc
Syft Version:        v1.11.1
Supported DB Schema: 5
  • OS: Debian Bookworm
@metametadata metametadata added the bug Something isn't working label Sep 1, 2024
@willmurphyscode
Copy link
Contributor

Hi @metametadata, thanks for the steps to reproduce! I see this is still happening, so I'll add this to our backlog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
2 participants
@metametadata @willmurphyscode