-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to parse apk constraint phrase: failed to create comparator for '&{>= 1.0.2zk}' #2195
Comments
This exception happens on any package that contains the next CVE: "CVE-2024-5535". |
Hi @bergernir thanks for the report! I'm trying to investigate, and I haven't been able to trigger this error behavior. It looks like you're scanning a particular Alpine image with libssl or openssl installed? Can you share any more details that might help us reproduce the issue? For example, a link to a public image that exhibits the issue, or a snippet of Dockerfile that can be used to build an image that triggers the issue would be a big help. What version of Alpine? What version of OpenSSL? Even an alpine version and the Also, I have a few questions that will help me understand and fix the bug:
You mentioned that this is the same issue as #2048, but the Dockerfile snippet from that image scans fine for me. I'll keep investigating regardless, but a few more details would be a big help. Thanks! |
Hi @willmurphyscode, thanks for your assistance. |
Thanks for letting us know! |
Hello, |
@willmurphyscode I think this is a good subject to discuss in the OSS weekly chat.. how to monitor bad values are not getting inside the DB and causes failures. maybe worth running a script which will check the version meeting the constraints of the versions. |
What happened:
Scans started to fail, with the next error message:
"error creating a constraint: version: 1.1.1y error: unable to parse apk constraint phrase: failed to create comparator for '&{>= 1.0.2zk}': unable to parse constraint version (1.0.2zk): invalid version"
What you expected to happen:
Scan should pass
Anything else we need to know?:
It looks like it is the same bug you had before:
#2048
Environment:
cat /etc/os-release
or similar): LinuxThe text was updated successfully, but these errors were encountered: