fix: fix issues with file paths (#105)

- Fix issue where the .docker file gets the wrong permissions
- Fix issues when using docker mode and the paths are incorrect

Makefile

@@ -10,11 +10,20 @@ lint:
 	cd ui && npm install -f && npm run lint
 	cd trivy-task && npm install -f && npm run lint
 
+.PHONY: lint-fix
+lint-fix:
+	cd ui && npm install -f && npm run lint:fix
+	cd trivy-task && npm install -f && npm run lint:fix
+
 .PHONY: format
 format:
 	cd ui && npm install -f && npm run format
 	cd trivy-task && npm install -f && npm run format
 
+
+.PHONY: tidy
+tidy: lint-fix format
+
 .PHONY: build-ui
 build-ui: clean
 	cd ui && npm install -f && npm run build

trivy-task/index.ts

@@ -7,8 +7,12 @@ import { generateAdditionalReports } from './additionalReporting';
 
 async function run() {
   task.debug('Starting Trivy task...');
-  const outputPath = tmpPath + 'trivy-results-' + Math.random() + '.json';
-  task.rmRF(outputPath);
+  const resultsFile = `trivy-results-${Math.random()}.json`;
+  const localOutputPath = `${tmpPath}/${resultsFile}`;
+  const outputPath = task.getBoolInput('docker', false)
+    ? `/tmp/${resultsFile}`
+    : localOutputPath;
+  task.rmRF(localOutputPath);
   const scanPath = task.getInput('path', false);
   const image = task.getInput('image', false);
   const scanners = task.getInput('scanners', false) ?? '';
@@ -89,11 +93,7 @@ async function run() {
   }
 
   task.debug('Publishing JSON results...');
-  task.addAttachment(
-    'JSON_RESULT',
-    'trivy' + Math.random() + '.json',
-    outputPath
-  );
+  task.addAttachment('JSON_RESULT', resultsFile, localOutputPath);
 
   if (hasAccount) {
     console.log('Publishing JSON assurance results...');
@@ -105,8 +105,8 @@ async function run() {
   }
 
   task.debug('Generating additional reports...');
-  if (task.exist(outputPath)) {
-    generateAdditionalReports(outputPath);
+  if (task.exist(localOutputPath)) {
+    generateAdditionalReports(localOutputPath);
   } else {
     task.error(
       'Trivy seems to have failed so no output path to generate reports from.'

trivy-task/task.json

@@ -8,7 +8,7 @@
   "helpUrl": "https://github.com/aquasecurity/trivy-azure-pipelines-task",
   "category": "Test",
   "author": "Aqua Security",
-  "version": { "Major":1,"Minor":11,"Patch":32 },
+  "version": { "Major":1,"Minor":11,"Patch":36 },
   "instanceNameFormat": "Echo trivy $(version)",
 
   "groups": [

trivy-task/trivyLoader.ts

@@ -49,14 +49,18 @@ export async function createRunner(): Promise<ToolRunner> {
   const loginDockerConfig = task.getBoolInput('loginDockerConfig', false);
   const home = homedir();
   const cwd = process.cwd();
+  const dockerHome = home + '/.docker';
+
+  // ensure the docker home dir is created
+  task.mkdirP(dockerHome);
 
   runner.line('run --rm');
   loginDockerConfig
-    ? runner.line('-v ' + task.getVariable('DOCKER_CONFIG') + ':/root/.docker')
-    : runner.line('-v ' + home + '/.docker:/root/.docker');
-  runner.line('-v /tmp:/tmp');
+    ? runner.line('-v ' + `task.getVariable('DOCKER_CONFIG') + :/root/.docker`)
+    : runner.line('-v ' + `${dockerHome}:/root/.docker`);
+  runner.line(`-v ${tmpPath}:/tmp`);
   runner.line('-v /var/run/docker.sock:/var/run/docker.sock');
-  runner.line('-v ' + cwd + ':/src');
+  runner.line(`-v ${cwd}:/src`);
   runner.line('--workdir /src');
 
   if (hasAquaAccount()) {

vss-extension.dev.json

@@ -2,7 +2,7 @@
   "manifestVersion": 1,
   "id": "trivy-official-dev",
   "publisher": "AquaSecurityOfficial",
-  "version": "1.11.32",
+  "version": "1.11.36",
   "name": "trivy-dev",
   "description": "Trivy is the world’s most popular open source vulnerability and misconfiguration scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.",
   "repository": {