Skip to content

fix(relationship): favor real paths over symlinks for ownership by file#3923

Merged
kzantow merged 4 commits intoanchore:mainfrom
luhring:apk-fight
May 23, 2025
Merged

fix(relationship): favor real paths over symlinks for ownership by file#3923
kzantow merged 4 commits intoanchore:mainfrom
luhring:apk-fight

Conversation

@luhring
Copy link
Copy Markdown
Contributor

@luhring luhring commented May 20, 2025

Description

This adjusts the way "ownership by file" relationships are formed, by preventing the scenario where a symlinked path can cause two packages to "own" the same package (one via the real path, and the other via the symlink). Now, when we're about to form a relationship via a symlink, we first check to see if there's a non-symlink ownership that exists, which should prevent the symlink-based relationship from being created.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

luhring added 2 commits May 20, 2025 15:08
@luhring
test(relationship): by_file_ownership should favor real files over sy…
749da2d 
…mlinks

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
@luhring
fix(relationship): favor real paths over symlinks for ownership by file
6a31b6e 
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
@luhring luhring mentioned this pull request May 20, 2025
Closed
kzantow
kzantow reviewed May 20, 2025
View reviewed changes
Comment thread internal/relationship/by_file_ownership.go Outdated
kzantow
kzantow approved these changes May 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @luhring! 👍

@kzantow kzantow merged commit bbf3bb5 into anchore:main May 23, 2025
12 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Jun 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Syft incorrectly reports multiple APKs as parents of symlinked files

2 participants

@luhring @kzantow