fix: do not exit code 1 with invalid glibc #6342
Conversation
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
2 times, most recently
from
4027467 to
7546c5a
Compare
| // ValidateGlibcVersion checks if the glibc version is supported and returns an Error Catalog error if it is not. | ||
| // This check only applies to glibc-based Linux systems (amd64, arm64). | ||
| // Optionally accepts a custom GlibcVersion, mainly for testing. | ||
| func ValidateGlibcVersion(opt ...GlibcVersion) error { |
There was a problem hiding this comment.
Suggestion: Move the glibc validation logic and constants close to the legacycli workflow, since the requirement comes from there. The logic to return the glibc version can be here.
| } | ||
|
|
||
| // detectGlibcVersion attempts to detect the glibc version on Linux systems | ||
| func detectGlibcVersion() (string, error) { |
There was a problem hiding this comment.
Suggestion: I think we do have plenty of examples on the structure of the ldd output, maybe we can improve the implementation by using this knowledge and adding tests for the different cases? Adding tests for the extraction logic would require it to be callable with a string though. But this would actually implement IOSP. So probably worth it.
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
6 times, most recently
from
0b9dd34 to
20b3987
Compare
| } | ||
|
|
||
| version, err := versionFn() | ||
| if err != nil { |
There was a problem hiding this comment.
Question: Do we really want to fail the validation, if there was an error in the version function? I would think this could be to strict and fail more often then we want to. IMO it would be better to not fail the validation if any intermediate step fails.
| } | ||
|
|
||
| res, err := utils.SemverCompare(version, minVersion) | ||
| if err != nil { |
There was a problem hiding this comment.
same question about failing as above
cliv2/internal/utils/helpers.go
Outdated
| // parseSemver("2.27") // returns []int{2, 27} | ||
| // parseSemver("2.31") // returns []int{2, 31} | ||
| // parseSemver("2.35") // returns []int{2, 35} | ||
| func parseSemver(v string) ([]int, error) { |
There was a problem hiding this comment.
Suggestion: since semver is actually a bit more advanced than just 1.2.3 should we maybe use a library to do proper parsing and comparison?
There was a problem hiding this comment.
depending on the decision, if we keep our own implementation, let's add some tests for parseSemver() and SemverCompare().
There was a problem hiding this comment.
Will use golang.org/x/mod/semver package instead, which performs the same functionality and should be more robust
cliv2/internal/utils/glibcversion.go
Outdated
| "sync" | ||
| ) | ||
|
|
||
| const ( |
There was a problem hiding this comment.
Suggestion: Move this to legacycli, as it is defined by the nodejs runtime which is part of the legacycli workflow.
cliv2/internal/utils/helpers.go
Outdated
| // SemverCompare("2.27", "2.31") // returns -1 | ||
| // SemverCompare("2.31", "2.31") // returns 0 | ||
| // SemverCompare("2.35", "2.31") // returns 1 | ||
| func SemverCompare(v1 string, v2 string) (int, error) { |
There was a problem hiding this comment.
Question: It took me a while to fully understand the behaviour and the usage, so I'm wondering if a simpler function like SemverGreaterEquals() bool or SemverLessThan() bool is easier to understand.
There was a problem hiding this comment.
Will use golang.org/x/mod/semver package for semver comparison instead
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
3 times, most recently
from
d135904 to
8be1f1b
Compare
| } | ||
|
|
||
| var minVersion string | ||
| switch runtime.GOARCH { |
There was a problem hiding this comment.
Suggestion: If the architecture becomes a parameter to the function, tests can actually be written without depending on the platform architecture they are executed on.
| // ValidateGlibcVersion checks if the glibc version is supported and returns an Error Catalog error if it is not. | ||
| // This check only applies to glibc-based Linux systems (amd64, arm64). | ||
| // Optionally accepts a custom GlibcVersion, mainly for testing. | ||
| func ValidateGlibcVersion(debugLogger *zerolog.Logger, opt ...utils.GlibcVersion) error { |
There was a problem hiding this comment.
Suggestion: just use regular parameter for utils.GlibcVersion, debuglogger, runtime, goos, goarch and skip the optional parameter.
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
from
8be1f1b to
342a4ec
Compare
| expectedSnykErrCode string | ||
| } | ||
|
|
||
| tests := []test{ |
There was a problem hiding this comment.
Suggestion: Let's also add some edge cases (like windows ...) to ensure they are correctly covered.
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
3 times, most recently
from
20f379e to
f721656
Compare
| v2 = "v" + v2 | ||
| } | ||
|
|
||
| return semver.Compare(v1, v2) |
There was a problem hiding this comment.
Suggestion: Let's be a bit paranoid and check if both versions are actually valid using isValid()
There was a problem hiding this comment.
just because the doc of Compare() says the following
An invalid semantic version string is considered less than a valid one. All invalid semantic version strings compare equal to each other.
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
from
f721656 to
d9eab3d
Compare
j-luong
force-pushed
the
fix/cli-1230_glibcChecker
branch
from
d9eab3d to
66fbb50
Compare
Pull Request Submission Checklist
are release-note ready, emphasizing
what was changed, not how.
What does this PR do?
This PR fixes an issue where an unsupported
glibcversion will result in a generic error catalog error and an exit code 1 for some Snyk commands.We will not exit code 2 and provide a more useful
RequirementsNotMeterror catalog error.Low risk as it fixes an already existing exit condition by changing exit codes and messaging.
Where should the reviewer start?
How should this be manually tested?
What's the product update that needs to be communicated to CLI users?
Fixed an issue where the CLI would exit with the wrong exit code when certain runtime requirements are not met. The CLI will now exit correctly with an appropriate error message.