Home >Backend Development >Golang >Artifactory XRAY fails when scanning images containing golang packages due to indexer compression ratio limitations
Artifactory XRAY fails when scanning images containing golang packages due to indexer compression ratio limitations
- WBOYforward
- 2024-02-09 09:30:10582browse
Artifactory XRAY fails when scanning images containing golang packages due to indexer compression ratio limitations. This issue may lead to vulnerabilities not being discovered, thereby increasing the risk of system attacks. The Artifactory XRAY team is actively working on resolving this issue and expects to release a fix in the next release. Until then, users are advised to be aware of this issue when scanning images with Artifactory XRAY and take additional measures to ensure the security of their systems. PHP editor Apple will continue to pay attention to the progress of this issue and provide readers with relevant updates in a timely manner.
Question content
Recently encountered an XRAY problem when scanning docker images containing golang packages, and intercepted the following errors
TarOpener.DeepArchiveScan) --- Caused by: total bytes limit reached with the following values
I have researched this issue and it is caused by the xray limitation of the index packet compression ratio, which is to prevent zip bomb attacks (https://jfrog.com/help/r/xray-why-am-i -getting-a-total-bytes-limit-reached-error-when-indexing-a-package-in-xray/xray-why-am-i-getting-a-total-bytes-limit-reached-in-xray An error occurred while indexing the package).
I'm always pushing limits. This works for a while, but it seems like every time golang is updated, the size of the zip file gets bigger and bigger.
Has anyone implemented a long-term solution to this problem or has a new idea that doesn't just set the limit to an extreme cap value? I basically have to almost double every time?
Workaround
Golang has inserted the pax-bad-hdr-large.tar.bz2 file into its package, which is a test for zip bomb attacks.
A value of 4600 should resolve this file compression ratio.
The above is the detailed content of Artifactory XRAY fails when scanning images containing golang packages due to indexer compression ratio limitations. For more information, please follow other related articles on the PHP Chinese website!