jar: support unconventional jar names

Signed-off-by: RTann <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Author: RTann

java/jar/errors.go

@@ -11,11 +11,8 @@ type localError struct {
 	msg   string
 }
 
-// These are sentinel errors that can be used with errors.Is.
-var (
-	ErrUnidentified = errors.New("unidentified jar")
-	ErrNotAJar      = errors.New("does not seem to be a jar")
-)
+// ErrNotAJar is a sentinel error that can be used with errors.Is.
+var ErrNotAJar = errors.New("does not seem to be a jar")
 
 func (e *localError) Error() string {
 	switch {
@@ -45,22 +42,6 @@ func archiveErr(m srcPath, err error) *localError {
 	}
 }
 
-type errUnidentified struct {
-	name string
-}
-
-func unidentified(n string) *errUnidentified {
-	return &errUnidentified{n}
-}
-
-func (e *errUnidentified) Is(target error) bool {
-	return target == ErrUnidentified || target == e
-}
-
-func (e *errUnidentified) Error() string {
-	return fmt.Sprintf("unidentified jar: %s", e.name)
-}
-
 type errNotAJar struct {
 	inner error
 	name  string

java/jar/jar.go

@@ -136,7 +136,7 @@ func parse(ctx context.Context, name srcPath, z *zip.Reader) ([]Info, error) {
 	default:
 		return nil, archiveErr(name, err)
 	}
-	// As a last resort, just look at the name of the jar.
+	// Try to learn something from the name of the jar if that fails.
 	i, err = checkName(ctx, name.Cur())
 	switch {
 	case errors.Is(err, nil):
@@ -148,9 +148,11 @@ func parse(ctx context.Context, name srcPath, z *zip.Reader) ([]Info, error) {
 	default:
 		return nil, archiveErr(name, err)
 	}
-	// If we haven't jumped past this point, this is almost certainly not a jar,
-	// so return an error.
-	return nil, mkErr("", unidentified(base))
+
+	// At this point, we have yet to find anything other than the file
+	// extension which can help confirm this is, in fact, a JAR.
+	// We accept this, and continue to search through the non-standard JAR
+	// in case we may find any valid inner JARs.
 
 Finish:
 	// Now, we need to examine any jars bundled in this jar.
@@ -308,7 +310,6 @@ func extractInner(ctx context.Context, p srcPath, z *zip.Reader) ([]Info, error)
 		switch {
 		case errors.Is(err, nil):
 		case errors.Is(err, ErrNotAJar) ||
-			errors.Is(err, ErrUnidentified) ||
 			errors.Is(err, errInsaneManifest):
 			zlog.Debug(ctx).
 				Str("member", name).

java/jar/jar_test.go

@@ -20,6 +20,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/quay/zlog"
 
 	"github.com/quay/claircore/test"
@@ -70,8 +71,6 @@ func TestParse(t *testing.T) {
 			switch {
 			case errors.Is(err, nil):
 				t.Log(ps)
-			case errors.Is(err, ErrUnidentified):
-				t.Log(err)
 			case filepath.Base(h.Name) == "javax.inject-1.jar" && errors.Is(err, ErrNotAJar):
 				// This is an odd one, it has no metadata.
 				t.Log(err)
@@ -111,8 +110,6 @@ func TestWAR(t *testing.T) {
 		for _, p := range ps {
 			t.Log(p.String())
 		}
-	case errors.Is(err, ErrUnidentified):
-		t.Error(err)
 	default:
 		t.Errorf("unexpected: %v", err)
 	}
@@ -475,3 +472,53 @@ func TestManifestSectionReader(t *testing.T) {
 		})
 	}
 }
+
+func TestInnerJar(t *testing.T) {
+	name := filepath.Join("testdata", "inner", "inner.jar")
+	rc, err := zip.OpenReader(name)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		if err := rc.Close(); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	ctx := zlog.Test(context.Background(), t)
+	got, err := Parse(ctx, name, &rc.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(got) != 3 {
+		t.Errorf("got %d entries, expected 3", len(got))
+	}
+
+	// Ignore the SHA.
+	for i := range got {
+		got[i].SHA = nil
+	}
+
+	want := []Info{
+		{
+			Name:    "jackson-annotations",
+			Version: "2.13.0",
+			Source:  ".",
+		},
+		{
+			Name:    "log4j-api",
+			Version: "2.14",
+			Source:  ".",
+		},
+		{
+			Name:    "log4j",
+			Version: "2.14.0",
+			Source:  ".",
+		},
+	}
+
+	if !cmp.Equal(got, want, cmpopts.IgnoreFields(Info{}, "SHA")) {
+		t.Error(cmp.Diff(got, want))
+	}
+}

java/jar/testdata/inner/README.md

@@ -0,0 +1,21 @@
+inner.jar looks as such:
+
+```
+inner.jar
+|-- META-INF/
+    |-- MANIFEST.MF
+|-- BOOT-INF/
+    |-- lib/
+        |-- jackson-annotations-2.13.0.jar
+            |-- META-INF/
+                |-- MANIFEST.MF
+        |-- log4j-api-2.14.jar
+            |-- META-INF/
+                |-- MANIFEST.MF
+            |-- inner-jar/
+                |-- META-INF/
+                    |-- MANIFEST.MF
+               |-- log4j-2.14.0.jar
+                   |-- META-INF/
+                       |-- MANIFEST.MF
+```

java/jar/testdata/inner/inner.jar

@@ -71,7 +71,7 @@ type Scanner struct {
 func (*Scanner) Name() string { return "java" }
 
 // Version implements scanner.VersionedScanner.
-func (*Scanner) Version() string { return "6" }
+func (*Scanner) Version() string { return "7" }
 
 // Kind implements scanner.VersionedScanner.
 func (*Scanner) Kind() string { return "package" }
@@ -185,9 +185,8 @@ func (s *Scanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircor
 		infos, err := jar.Parse(ctx, n, z)
 		switch {
 		case err == nil:
-		case errors.Is(err, jar.ErrUnidentified) || errors.Is(err, jar.ErrNotAJar):
-			// If there's an error that's one of the "known" reasons (e.g. not a
-			// read error or a malformed file), just log it and continue on.
+		case errors.Is(err, jar.ErrNotAJar):
+			// Could not prove this is really a jar. Skip it and move on.
 			zlog.Info(ctx).
 				AnErr("reason", err).
 				Msg("skipping jar")