jar: support unconventional jar names

Signed-off-by: RTann <[email protected]>

Author: RTann

java/jar/errors.go

@@ -11,11 +11,8 @@ type localError struct {
 	msg   string
 }
 
-// These are sentinel errors that can be used with errors.Is.
-var (
-	ErrUnidentified = errors.New("unidentified jar")
-	ErrNotAJar      = errors.New("does not seem to be a jar")
-)
+// ErrNotAJar is a sentinel error that can be used with errors.Is.
+var ErrNotAJar = errors.New("does not seem to be a jar")
 
 func (e *localError) Error() string {
 	switch {
@@ -45,22 +42,6 @@ func archiveErr(m srcPath, err error) *localError {
 	}
 }
 
-type errUnidentified struct {
-	name string
-}
-
-func unidentified(n string) *errUnidentified {
-	return &errUnidentified{n}
-}
-
-func (e *errUnidentified) Is(target error) bool {
-	return target == ErrUnidentified || target == e
-}
-
-func (e *errUnidentified) Error() string {
-	return fmt.Sprintf("unidentified jar: %s", e.name)
-}
-
 type errNotAJar struct {
 	inner error
 	name  string

java/jar/jar.go

@@ -136,7 +136,7 @@ func parse(ctx context.Context, name srcPath, z *zip.Reader) ([]Info, error) {
 	default:
 		return nil, archiveErr(name, err)
 	}
-	// As a last resort, just look at the name of the jar.
+	// Try to learn something from the name of the jar if that fails.
 	i, err = checkName(ctx, name.Cur())
 	switch {
 	case errors.Is(err, nil):
@@ -148,9 +148,11 @@ func parse(ctx context.Context, name srcPath, z *zip.Reader) ([]Info, error) {
 	default:
 		return nil, archiveErr(name, err)
 	}
-	// If we haven't jumped past this point, this is almost certainly not a jar,
-	// so return an error.
-	return nil, mkErr("", unidentified(base))
+
+	// At this point, we have yet to find anything other than the file
+	// extension which can help confirm this is, in fact, a JAR.
+	// We accept this, and continue to search through the non-standard JAR
+	// in case we may find any valid inner JARs.
 
 Finish:
 	// Now, we need to examine any jars bundled in this jar.
@@ -308,7 +310,6 @@ func extractInner(ctx context.Context, p srcPath, z *zip.Reader) ([]Info, error)
 		switch {
 		case errors.Is(err, nil):
 		case errors.Is(err, ErrNotAJar) ||
-			errors.Is(err, ErrUnidentified) ||
 			errors.Is(err, errInsaneManifest):
 			zlog.Debug(ctx).
 				Str("member", name).

java/jar/jar_test.go

@@ -70,8 +70,6 @@ func TestParse(t *testing.T) {
 			switch {
 			case errors.Is(err, nil):
 				t.Log(ps)
-			case errors.Is(err, ErrUnidentified):
-				t.Log(err)
 			case filepath.Base(h.Name) == "javax.inject-1.jar" && errors.Is(err, ErrNotAJar):
 				// This is an odd one, it has no metadata.
 				t.Log(err)
@@ -111,8 +109,6 @@ func TestWAR(t *testing.T) {
 		for _, p := range ps {
 			t.Log(p.String())
 		}
-	case errors.Is(err, ErrUnidentified):
-		t.Error(err)
 	default:
 		t.Errorf("unexpected: %v", err)
 	}
@@ -475,3 +471,53 @@ func TestManifestSectionReader(t *testing.T) {
 		})
 	}
 }
+
+func TestInnerJar(t *testing.T) {
+	name := filepath.Join("testdata", "inner", "inner.jar")
+	rc, err := zip.OpenReader(name)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		if err := rc.Close(); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	ctx := zlog.Test(context.Background(), t)
+	got, err := Parse(ctx, name, &rc.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(got) != 3 {
+		t.Errorf("got %d entries, expected 3", len(got))
+	}
+
+	// Ignore the SHA.
+	for i := range got {
+		got[i].SHA = nil
+	}
+
+	want := []Info{
+		{
+			Name:    "jackson-annotations",
+			Version: "2.13.0",
+			Source:  ".",
+		},
+		{
+			Name:    "log4j-api",
+			Version: "2.14",
+			Source:  ".",
+		},
+		{
+			Name:    "log4j",
+			Version: "2.14.0",
+			Source:  ".",
+		},
+	}
+
+	if !cmp.Equal(got, want) {
+		t.Error(cmp.Diff(got, want))
+	}
+}

java/jar/testdata/inner/README.md

@@ -0,0 +1,20 @@
+inner.jar looks as such:
+
+inner.jar
+  META-INF/
+    MANIFEST.MF
+  BOOT-INF/
+    lib/
+      jackson-annotations-2.13.0.jar
+        META-INF/
+          MANIFEST.MF
+      log4j-api-2.14.jar
+        META-INF/
+          MANIFEST.MF
+          inner-jar/
+            something-invalid.jar
+              META-INF/
+                MANIFEST.MF
+            log4j-2.14.0.jar
+              META-INF/
+                MANIFEST.MF

java/jar/testdata/inner/inner.jar

@@ -71,7 +71,7 @@ type Scanner struct {
 func (*Scanner) Name() string { return "java" }
 
 // Version implements scanner.VersionedScanner.
-func (*Scanner) Version() string { return "6" }
+func (*Scanner) Version() string { return "7" }
 
 // Kind implements scanner.VersionedScanner.
 func (*Scanner) Kind() string { return "package" }
@@ -185,7 +185,7 @@ func (s *Scanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircor
 		infos, err := jar.Parse(ctx, n, z)
 		switch {
 		case err == nil:
-		case errors.Is(err, jar.ErrUnidentified) || errors.Is(err, jar.ErrNotAJar):
+		case errors.Is(err, jar.ErrNotAJar):
 			// If there's an error that's one of the "known" reasons (e.g. not a
 			// read error or a malformed file), just log it and continue on.
 			zlog.Info(ctx).