Problem with broken symlinks while scaning some containers

[Mariuxdeangelo]

Describe the bug
I'm currently trying to scan some containers with tern and have trouble for some because the application runs into an error ERROR - rootfs - Command failed. cp: not writing through dangling symlink '/root/.tern/temp/mergedir/sbin/ip' there i find, that ip is a dangling symlink to /bin/busybox what is odd because i'm working on a archlinux system. I also tried it out on Ubuntu and also in a docker container as described in the README.md. Ip is not the only symlink that is located there that can make issues. I also have seen others like unzip ...

I have also seen in the release nodes that something similar with symlinks in Alpine was already fixed in Version 2.2.0 (i use 2.12.0) might be related? #769
https://github.com/search?q=repo%3Atern-tools%2Ftern%20busybox&type=code

I have seen this issue also with other containers:

• ngoduykhanh/wireguard-ui:latest
• bonita:latest
• consul:1.15.4
• drupal:latest

I would be very happy if somebody could tell me what i'm doing wrong or confirm this behavior.

Error in terminal
Here the full command i used to scan the container:

###
-- with a PIP install (tern Version 2.12.0)
tern report -f spdxjson -i ngoduykhanh/wireguard-ui:latest -o tern.spdx.json

-- in docker
docker run --rm ternd report -f spdxjson -i ngoduykhanh/wireguard-ui:latest

Here also the full Tracelog:

Traceback (most recent call last):
  File "/usr/local/bin/tern", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/site-packages/tern/__main__.py", line 311, in main
    do_main(args)
  File "/usr/local/lib/python3.9/site-packages/tern/__main__.py", line 123, in do_main
    crun.execute_image(args)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/container/run.py", line 80, in execute_image
    cimage.default_analyze(full_image, args)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/container/image.py", line 75, in default_analyze
    multi_layer.analyze_subsequent_layers(
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/container/multi_layer.py", line 168, in analyze_subsequent_layers
    fresh_analysis(image_obj, curr_layer, prereqs, options)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/container/multi_layer.py", line 113, in fresh_analysis
    target = prep_layers(image_obj, curr_layer, options.driver)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/container/multi_layer.py", line 71, in prep_layers
    return apply_layers(image_obj, top_layer)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/container/multi_layer.py", line 63, in apply_layers
    rootfs.root_command(['cp', '-r'] + glob.glob(layer_contents), target)
  File "/usr/local/lib/python3.9/site-packages/tern/utils/rootfs.py", line 71, in root_command
    raise subprocess.CalledProcessError(  # nosec
subprocess.CalledProcessError: Command '['cp', '-r', '/root/.tern/temp/3/contents/var', '/root/.tern/temp/3/contents/sbin', '/root/.tern/temp/3/contents/usr', '/root/.tern/temp/3/contents/lib', '/root/.tern/temp/3/contents/etc', '/root/.tern/temp/3/contents/bin', '/root/.tern/temp/mergedir']' returned non-zero exit status 1.

Environment you are running Tern on

• Version 2.12.0
• archlinux / ubuntu / docker

[rnjudge]

May be related to #1189? Does the dockerfile have any type of symlink creation?

Thanks for the issue by the way! I'll take a look.

[Mariuxdeangelo]

Thanks for you reply.

I took a look into it. And i don't think that it's the same problem. Somehow tern ends up with some symlinks that assume the container is based on busybox even if this is not the case.

I also checked the Dockerfile of one of this containers and did not found something described in #1189
https://github.com/ngoduykhanh/wireguard-ui/blob/master/Dockerfile