205hlab-mirrors/dockhand
2
0
Fork 0
mirror of https://github.com/Finsys/dockhand.git synced 2026-06-17 19:09:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

1.0.18

Browse Source
This commit is contained in:
jarek
2026-02-16 16:19:55 +01:00
parent 0372737f3d
commit 4b430340db
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/server/scanner.ts
+13 -4
View File
@@ -238,8 +238,9 @@ function parseCliArgs(argsString: string, imageName: string): string[] {
async function isScannerImageAvailable(scannerImage: string, envId?: number): Promise<boolean> { async function isScannerImageAvailable(scannerImage: string, envId?: number): Promise<boolean> {
try { try {
const images = await listImages(envId); const images = await listImages(envId);
const imageWithTag = scannerImage.includes(':') ? scannerImage : `${scannerImage}:latest`;
return images.some((img) => return images.some((img) =>
img.tags?.some((tag: string) => tag === scannerImage) img.tags?.some((tag: string) => tag === imageWithTag)
); );
} catch { } catch {
return false; return false;
@@ -275,7 +276,7 @@ async function ensureScannerImage(
// Extract JSON object from raw scanner output that may contain non-JSON content // Extract JSON object from raw scanner output that may contain non-JSON content
// (binary Docker stream headers, warning lines, control characters) // (binary Docker stream headers, warning lines, control characters)
function extractJson(output: string): string { export function extractJson(output: string): string {
const firstBrace = output.indexOf('{'); const firstBrace = output.indexOf('{');
const lastBrace = output.lastIndexOf('}'); const lastBrace = output.lastIndexOf('}');
if (firstBrace === -1 || lastBrace === -1 || lastBrace <= firstBrace) { if (firstBrace === -1 || lastBrace === -1 || lastBrace <= firstBrace) {
@@ -289,7 +290,7 @@ function extractJson(output: string): string {
* Some scanners (Grype) may include raw control chars (newlines, tabs, null bytes) * Some scanners (Grype) may include raw control chars (newlines, tabs, null bytes)
* in vulnerability descriptions that aren't properly JSON-escaped. * in vulnerability descriptions that aren't properly JSON-escaped.
*/ */
function sanitizeJsonString(json: string): string { export function sanitizeJsonString(json: string): string {
// Replace unescaped control characters (0x00-0x1F) inside JSON string values // Replace unescaped control characters (0x00-0x1F) inside JSON string values
// by walking through the string and tracking whether we're inside a quoted string // by walking through the string and tracking whether we're inside a quoted string
let result = ''; let result = '';
@@ -301,7 +302,15 @@ function sanitizeJsonString(json: string): string {
const ch = json.charCodeAt(i); const ch = json.charCodeAt(i);
if (escaped) { if (escaped) {
result += json[i]; // Validate JSON escape sequences: only " \ / b f n r t u are valid
const ch2 = json[i];
if ('"\\\/bfnrtu'.includes(ch2)) {
result += ch2;
} else {
// Invalid escape like \x, \a, \0, \_ — convert backslash to literal \\
result += '\\' + ch2;
sanitized++;
}
escaped = false; escaped = false;
continue; continue;
} }