chore(deps): update anchore/sbom-action action to v0.17.8 (#353)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/release-github-package.yml

@@ -61,7 +61,7 @@ jobs:
 
       - name: Download Syft
         id: syft
-        uses: anchore/sbom-action/[email protected].7
+        uses: anchore/sbom-action/[email protected].8
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

.github/workflows/release-npm-package.yml

@@ -6,7 +6,7 @@ on:
       - main
     paths:
       - "src/sdk/javascript/**"
-      - .github/workflows/release-npm-package.yml
+      - ".github/workflows/release-npm-package.yml"
 
 permissions:
   contents: read
@@ -34,10 +34,6 @@ jobs:
         working-directory: "src/sdk/javascript/"
         run: npm install
 
-      - name: Build project
-        working-directory: "src/sdk/javascript/"
-        run: npm run build
-
       - name: Publish to npm
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

go.mod

@@ -5,9 +5,10 @@ go 1.23.1
 require (
 	github.com/fsnotify/fsnotify v1.8.0
 	github.com/gorilla/mux v1.8.1
+	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/rs/xid v1.6.0
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/vmihailenco/msgpack/v5 v5.4.1
 	go.uber.org/zap v1.27.0
 	gopkg.in/yaml.v3 v3.0.1

go.sum

@@ -199,8 +199,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=

script/build_package.sh

@@ -41,7 +41,7 @@ cp "${CMAKE_CURRENT_SOURCE_DIR}/script/"{app*.sh,*.service,prom*.yml,docker*.yam
 cp "${CMAKE_CURRENT_SOURCE_DIR}/src/cli/"{bash_completion.sh,container_monitor.py,appmesh_arm.py} "${PACKAGE_HOME}/script/"
 cp "${CMAKE_CURRENT_SOURCE_DIR}/src/sdk/python/py_exec.py" "${PACKAGE_HOME}/bin/"
 cp "${CMAKE_CURRENT_SOURCE_DIR}/script/ssl_cert_generate.sh" /usr/local/bin/{cfssl,cfssljson} "${PACKAGE_HOME}/ssl/"
-cp -r "${CMAKE_CURRENT_SOURCE_DIR}/script/apps" "${PACKAGE_HOME}/script/"
+cp -r "${CMAKE_CURRENT_SOURCE_DIR}/script/apps" "${PACKAGE_HOME}/"
 
 chmod +x "${PACKAGE_HOME}/script/"*.sh
 

src/common/Utility.cpp

@@ -32,13 +32,7 @@
 
 const char *GET_STATUS_STR(unsigned int status)
 {
-	static const char *STATUS_STR[] =
-		{
-			"disabled",
-			"enabled",
-			"N/A",
-			"init",
-			"fini"};
+	static const char *STATUS_STR[] = {"disabled", "enabled", "N/A"};
 	assert(status < ARRAY_LEN(STATUS_STR));
 	return STATUS_STR[status];
 };
@@ -786,8 +780,16 @@ std::string Utility::humanReadableDuration(const std::chrono::system_clock::time
 	return result;
 }
 
-bool Utility::getUid(std::string userName, unsigned int &uid, unsigned int &groupid)
+bool Utility::getUid(const std::string &userName, unsigned int &uid, unsigned int &groupid)
 {
+	const static char fname[] = "Utility::getUid() ";
+
+	if (userName.empty())
+	{
+		LOG_ERR << fname << "Empty username provided";
+		return false;
+	}
+
 	bool rt = false;
 	struct passwd pwd;
 	struct passwd *result = NULL;
@@ -876,9 +878,9 @@ void Utility::applyFilePermission(const std::string &file, const std::map<std::s
 		if (headers.count(HTTP_HEADER_KEY_file_mode))
 			os::fileChmod(file, std::stoi(headers.find(HTTP_HEADER_KEY_file_mode)->second));
 		if (headers.count(HTTP_HEADER_KEY_file_user) && headers.count(HTTP_HEADER_KEY_file_group))
-			os::chown(std::stoi(headers.find(HTTP_HEADER_KEY_file_user)->second),
-					  std::stoi(headers.find(HTTP_HEADER_KEY_file_group)->second),
-					  file, false);
+			os::chown(file,
+					  std::stoi(headers.find(HTTP_HEADER_KEY_file_user)->second),
+					  std::stoi(headers.find(HTTP_HEADER_KEY_file_group)->second));
 	}
 }
 

src/common/Utility.h

@@ -196,7 +196,7 @@ class Utility
 
 	// OS related
 	static unsigned long long getThreadId();
-	static bool getUid(std::string userName, unsigned int &uid, unsigned int &groupid);
+	static bool getUid(const std::string &userName, unsigned int &uid, unsigned int &groupid);
 	static std::string getUsernameByUid(uid_t uid = getuid());
 	static void getEnvironmentSize(const std::map<std::string, std::string> &envMap, int &totalEnvSize, int &totalEnvArgs);
 	static void applyFilePermission(const std::string &file, const std::map<std::string, std::string> &headers);

src/common/os/chown.hpp

@@ -1,107 +1,179 @@
 #pragma once
 
-#include <string>
 #include <fts.h>
+#include <grp.h>
+#include <string>
 #include <sys/types.h>
-#include <pwd.h>
 #include <unistd.h>
-#include "../../common//Utility.h"
-namespace os {
 
-	// Set the ownership for a path. This function never follows any symlinks.
-	inline bool chown(int uid, int gid, const std::string& path, bool recursive)
+#include "../../common/Utility.h"
+
+namespace os
+{
+
+	/**
+	 * @brief Changes owner and group of a file or directory
+	 * @param path Path to the file or directory
+	 * @param uid User id of the new owner
+	 * @param gid Group id of the new group
+	 * @param recursive If true, applies changes recursively for directories
+	 * @return true if successful, false otherwise
+	 */
+	inline bool chown(const std::string &path, uid_t uid, gid_t gid, bool recursive = false)
 	{
-		const static char fname[] = "os::chown() ";
+		constexpr char fname[] = "os::chown() ";
 
-		if (uid < 0 || gid < 0)
+		// Input validation
+		if (path.empty() || !fs::exists(path))
 		{
-			LOG_WAR << fname << "invalid uid: <" << uid << "> or gid <" << gid << ">";
+			LOG_ERR << fname << "Path does not exist: " << path;
 			return false;
 		}
 
-		char* path_[] = { const_cast<char*>(path.c_str()), nullptr };
+		// Prepare FTS path array
+		char *const path_arr[] = {const_cast<char *>(path.c_str()), nullptr};
 
-		FTS* tree = ::fts_open(path_, FTS_NOCHDIR | FTS_PHYSICAL, nullptr);
+		// Open file hierarchy
+		const int fts_options = FTS_NOCHDIR | FTS_PHYSICAL;
+		std::unique_ptr<FTS, decltype(&::fts_close)> tree(::fts_open(path_arr, fts_options, nullptr), ::fts_close);
 
 		if (tree == nullptr)
 		{
+			LOG_ERR << fname << "Failed to open path: " << path << ", error: " << std::strerror(errno);
 			return false;
 		}
 
 		FTSENT *node;
-		while ((node = ::fts_read(tree)) != nullptr)
+		while ((node = ::fts_read(tree.get())) != nullptr)
 		{
+			// Early exit for non-recursive mode
+			if (node->fts_level > FTS_ROOTLEVEL && !recursive)
+			{
+				break;
+			}
+
 			switch (node->fts_info)
 			{
-				// Preorder directory.
-			case FTS_D:
-				// Regular file.
-			case FTS_F:
-				// Symbolic link.
-			case FTS_SL:
-				// Symbolic link without target.
-			case FTS_SLNONE: {
-				if (::lchown(node->fts_path, static_cast<uid_t>(uid), static_cast<gid_t>(gid)) < 0)
+			case FTS_D:	 // Preorder directory
+			case FTS_F:	 // Regular file
+			case FTS_SL: // Symbolic link
+			case FTS_SLNONE:
+			{ // Symbolic link without target
+				if (::lchown(node->fts_path, uid, gid) < 0)
 				{
-					::fts_close(tree);
+					LOG_ERR << fname << "Failed to change ownership of " << node->fts_path << ", error: " << std::strerror(errno);
 					return false;
 				}
-
+				LOG_DBG << fname << "Changed ownership of " << node->fts_path << " to uid=" << uid << " gid=" << gid;
 				break;
 			}
 
-							 // Unreadable directory.
-			case FTS_DNR:
-				// Error; errno is set.
-			case FTS_ERR:
-				// Directory that causes cycles.
-			case FTS_DC:
-				// `stat(2)` failed.
-			case FTS_NS: {
-				::fts_close(tree);
+			case FTS_DNR: // Unreadable directory
+			case FTS_ERR: // Error; errno is set
+			case FTS_DC:  // Directory that causes cycles
+			case FTS_NS:
+			{ // stat(2) failed
+				LOG_ERR << fname << "Failed to process " << node->fts_path << ", error type: " << node->fts_info << ", error: " << std::strerror(node->fts_errno);
 				return false;
 			}
 
 			default:
 				break;
 			}
-
-			if (node->fts_level == FTS_ROOTLEVEL && !recursive)
-			{
-				break;
-			}
 		}
 
-		::fts_close(tree);
+		LOG_DBG << fname << "Successfully changed ownership" << (recursive ? " recursively" : "") << " for " << path;
 		return true;
 	}
 
-
-	// Changes the specified path's user and group ownership to that of
-	// the specified user.
-	inline bool chown(const std::string& path, const std::string& user, bool recursive = false)
+	/**
+	 * @brief Changes owner and group of a file or directory
+	 * @param path Path to the file or directory
+	 * @param user Username of the new owner (can be empty to keep current)
+	 * @param group Group name of the new group (can be empty to keep current)
+	 * @param recursive If true, applies changes recursively for directories
+	 * @return true if successful, false otherwise
+	 */
+	inline bool chown(const std::string &path, std::string user, std::string group = "", bool recursive = false)
 	{
-		const static char fname[] = "os::chown() ";
+		constexpr char fname[] = "os::chown() ";
+
+		// Input validation
+		if (path.empty())
+		{
+			LOG_ERR << fname << "Empty path provided";
+			return false;
+		}
 
-		if (user.empty()) return false;
+		// Verify path exists
+		if (!fs::exists(path))
+		{
+			LOG_ERR << fname << "Path does not exist: " << path;
+			return false;
+		}
 
-		passwd* passwd;
-		errno = 0;
-		if ((passwd = ::getpwnam(user.c_str())) == nullptr)
+		// Get current ownership
+		struct stat st;
+		if (::lstat(path.c_str(), &st) != 0)
 		{
+			LOG_ERR << fname << "Failed to get file stats for " << path << ": " << std::strerror(errno);
+			return false;
+		}
+
+		// Initialize with current values
+		uid_t uid = st.st_uid;
+		gid_t gid = st.st_gid;
+
+		// Update uid if user is specified
+		if (!user.empty())
+		{
+			if (!Utility::getUid(user, uid, gid))
+			{
+				LOG_ERR << fname << "Failed to get user information for '" << user << "'";
+				return false;
+			}
+		}
 
-			if (errno)
+		// Update gid if group is specified
+		if (!group.empty())
+		{
+			// Determine required buffer size (cached static value)
+			static const auto bufsize = []()
+			{
+				long size = sysconf(_SC_GETGR_R_SIZE_MAX);
+				return (size == -1) ? 16384 : size;
+			}();
+
+			// Allocate buffer
+			std::vector<char> buffer(bufsize);
+			struct group grp;
+			struct group *result = nullptr;
+
+			// Try getting group information
+			int err = ::getgrnam_r(group.c_str(), &grp, buffer.data(), buffer.size(), &result);
+			if (err != 0)
 			{
-				LOG_WAR << fname << "Failed to get user information for '" << user << "'";
+				LOG_WAR << fname << "Failed to get group information for '" << group << "': " << std::strerror(err);
+			}
+			else if (result == nullptr)
+			{
+				LOG_WAR << fname << "Group '" << group << "' not found";
 			}
 			else
 			{
-				LOG_WAR << fname << "No such user '" << user << "'";
+				gid = grp.gr_gid;
 			}
-			return false;
 		}
 
-		return chown(passwd->pw_uid, passwd->pw_gid, path, recursive);
+		LOG_DBG << fname << "Attempting to change ownership of " << path
+				<< " to " << (user.empty() ? "current user" : user)
+				<< " (uid=" << uid << ")"
+				<< ", group=" << (group.empty() ? "current group" : group)
+				<< " (gid=" << gid << ")"
+				<< (recursive ? " recursively" : "");
+
+		// Attempt to change ownership
+		return chown(path, uid, gid, recursive);
 	}
 
 } // namespace os {