feat(image): prevent scanning oversized container images

cmd/trivy/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"errors"
+	"fmt"
 	"os"
 
 	"golang.org/x/xerrors"
@@ -21,6 +22,13 @@ func main() {
 		if errors.As(err, &exitError) {
 			os.Exit(exitError.Code)
 		}
+
+		var userErr *types.UserError
+		if errors.As(err, &userErr) {
+			fmt.Println("Error: " + userErr.Error())
+			os.Exit(1)
+		}
+
 		log.Fatal("Fatal error", log.Err(err))
 	}
 }

docs/docs/references/configuration/cli/trivy_image.md

@@ -79,6 +79,7 @@ trivy image [flags] IMAGE_NAME
       --license-confidence-level float    specify license classifier's confidence level (default 0.9)
       --license-full                      eagerly look for licenses in source code headers and license files
       --list-all-pkgs                     output all packages in the JSON report regardless of vulnerability
+      --max-image-size string             maximum image size to process, specified in a human-readable format (e.g., '44kB', '17MB'); an error will be returned if the image exceeds this size
       --misconfig-scanners strings        comma-separated list of misconfig scanners to use for misconfiguration scanning (default [azure-arm,cloudformation,dockerfile,helm,kubernetes,terraform,terraformplan-json,terraformplan-snapshot])
       --module-dir string                 specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
       --no-progress                       suppress progress bar

docs/docs/references/configuration/config-file.md

@@ -137,6 +137,9 @@ image:
   # Same as '--input'
   input: ""
 
+  # Same as '--max-image-size'
+  max-size: ""
+
   # Same as '--platform'
   platform: ""
 

go.mod

@@ -45,6 +45,7 @@ require (
 	github.com/docker/cli v27.4.1+incompatible
 	github.com/docker/docker v27.4.1+incompatible
 	github.com/docker/go-connections v0.5.0
+	github.com/docker/go-units v0.5.0
 	github.com/fatih/color v1.18.0
 	github.com/go-git/go-git/v5 v5.12.0
 	github.com/go-openapi/runtime v0.28.0 // indirect
@@ -217,7 +218,6 @@ require (
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
 	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
 	github.com/dsnet/compress v0.0.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect

integration/docker_engine_test.go

@@ -25,6 +25,7 @@ func TestDockerEngine(t *testing.T) {
 		ignoreStatus  []string
 		severity      []string
 		ignoreIDs     []string
+		maxImageSize  string
 		input         string
 		golden        string
 		wantErr       string
@@ -34,6 +35,12 @@ func TestDockerEngine(t *testing.T) {
 			input:  "testdata/fixtures/images/alpine-39.tar.gz",
 			golden: "testdata/alpine-39.json.golden",
 		},
+		{
+			name:         "alpine:3.9, with max image size",
+			maxImageSize: "100mb",
+			input:        "testdata/fixtures/images/alpine-39.tar.gz",
+			golden:       "testdata/alpine-39.json.golden",
+		},
 		{
 			name: "alpine:3.9, with high and critical severity",
 			severity: []string{
@@ -195,6 +202,12 @@ func TestDockerEngine(t *testing.T) {
 			input:        "badimage:latest",
 			wantErr:      "unable to inspect the image (badimage:latest)",
 		},
+		{
+			name:         "sad path, image size is larger than the maximum",
+			input:        "testdata/fixtures/images/alpine-39.tar.gz",
+			maxImageSize: "1mb",
+			wantErr:      "uncompressed image size 5.8MB exceeds maximum allowed size 1MB",
+		},
 	}
 
 	// Set up testing DB
@@ -263,6 +276,11 @@ func TestDockerEngine(t *testing.T) {
 				require.NoError(t, err, "failed to write .trivyignore")
 				defer os.Remove(trivyIgnore)
 			}
+
+			if tt.maxImageSize != "" {
+				osArgs = append(osArgs, []string{"--max-image-size", tt.maxImageSize}...)
+			}
+
 			osArgs = append(osArgs, tt.input)
 
 			// Run Trivy

pkg/commands/artifact/run.go

@@ -587,6 +587,7 @@ func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (Scan
 					Host: opts.PodmanHost,
 				},
 				ImageSources: opts.ImageSources,
+				MaxImageSize: opts.MaxImageSize,
 			},
 
 			// For misconfiguration scanning

pkg/fanal/artifact/image/image.go

@@ -3,13 +3,16 @@ package image
 import (
 	"context"
 	"errors"
+	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"reflect"
 	"slices"
 	"strings"
 	"sync"
 
+	"github.com/docker/go-units"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
@@ -24,6 +27,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/parallel"
 	"github.com/aquasecurity/trivy/pkg/semaphore"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/types"
 )
 
 type Artifact struct {
@@ -36,6 +40,8 @@ type Artifact struct {
 	handlerManager handler.Manager
 
 	artifactOption artifact.Option
+
+	layerCacheDir string
 }
 
 type LayerInfo struct {
@@ -60,6 +66,11 @@ func NewArtifact(img types.Image, c cache.ArtifactCache, opt artifact.Option) (a
 		return nil, xerrors.Errorf("config analyzer group error: %w", err)
 	}
 
+	cacheDir, err := os.MkdirTemp("", "layers")
+	if err != nil {
+		return nil, xerrors.Errorf("failed to create a temp dir: %w", err)
+	}
+
 	return Artifact{
 		logger:         log.WithPrefix("image"),
 		image:          img,
@@ -70,6 +81,7 @@ func NewArtifact(img types.Image, c cache.ArtifactCache, opt artifact.Option) (a
 		handlerManager: handlerManager,
 
 		artifactOption: opt,
+		layerCacheDir:  cacheDir,
 	}, nil
 }
 
@@ -88,6 +100,13 @@ func (a Artifact) Inspect(ctx context.Context) (artifact.Reference, error) {
 	diffIDs := a.diffIDs(configFile)
 	a.logger.Debug("Detected diff ID", log.Any("diff_ids", diffIDs))
 
+	if err := a.checkImageSize(ctx, diffIDs); err != nil {
+		if err := os.RemoveAll(a.layerCacheDir); err != nil {
+			log.Error("Failed to remove layer cache", log.Err(err))
+		}
+		return artifact.Reference{}, err
+	}
+
 	// Try retrieving a remote SBOM document
 	if res, err := a.retrieveRemoteSBOM(ctx); err == nil {
 		// Found SBOM
@@ -141,8 +160,8 @@ func (a Artifact) Inspect(ctx context.Context) (artifact.Reference, error) {
 	}, nil
 }
 
-func (Artifact) Clean(_ artifact.Reference) error {
-	return nil
+func (a Artifact) Clean(_ artifact.Reference) error {
+	return os.RemoveAll(a.layerCacheDir)
 }
 
 func (a Artifact) calcCacheKeys(imageID string, diffIDs []string) (string, []string, error) {
@@ -198,6 +217,69 @@ func (a Artifact) consolidateCreatedBy(diffIDs, layerKeys []string, configFile *
 	return layerKeyMap
 }
 
+func (a Artifact) checkImageSize(ctx context.Context, diffIDs []string) error {
+	maxSize := a.artifactOption.ImageOption.MaxImageSize
+	if maxSize == 0 {
+		return nil
+	}
+
+	imageSize, err := a.imageSize(ctx, diffIDs)
+	if err != nil {
+		return xerrors.Errorf("failed to calculate image size: %w", err)
+	}
+
+	if imageSize > maxSize {
+		return &trivyTypes.UserError{
+			Message: fmt.Sprintf(
+				"uncompressed image size %s exceeds maximum allowed size %s",
+				units.HumanSizeWithPrecision(float64(imageSize), 3),
+				units.HumanSize(float64(maxSize)),
+			),
+		}
+	}
+	return nil
+}
+
+func (a Artifact) imageSize(ctx context.Context, diffIDs []string) (int64, error) {
+	var imageSize int64
+
+	p := parallel.NewPipeline(a.artifactOption.Parallel, false, diffIDs,
+		func(_ context.Context, diffID string) (int64, error) {
+			layerSize, err := a.saveLayer(diffID)
+			if err != nil {
+				return -1, xerrors.Errorf("failed to save layer: %w", err)
+			}
+			return layerSize, nil
+		},
+		func(layerSize int64) error {
+			imageSize += layerSize
+			return nil
+		},
+	)
+
+	if err := p.Do(ctx); err != nil {
+		return -1, xerrors.Errorf("pipeline error: %w", err)
+	}
+
+	return imageSize, nil
+}
+
+func (a Artifact) saveLayer(diffID string) (int64, error) {
+	_, rc, err := a.uncompressedLayer(diffID)
+	if err != nil {
+		return -1, xerrors.Errorf("unable to get uncompressed layer %s: %w", diffID, err)
+	}
+	defer rc.Close()
+
+	f, err := os.Create(filepath.Join(a.layerCacheDir, diffID))
+	if err != nil {
+		return -1, xerrors.Errorf("failed to create a file: %w", err)
+	}
+	defer f.Close()
+
+	return io.Copy(f, rc)
+}
+
 func (a Artifact) inspect(ctx context.Context, missingImage string, layerKeys, baseDiffIDs []string,
 	layerKeyMap map[string]LayerInfo, configFile *v1.ConfigFile) error {
 
@@ -361,6 +443,11 @@ func (a Artifact) uncompressedLayer(diffID string) (string, io.ReadCloser, error
 		digest = d.String()
 	}
 
+	f, err := os.Open(filepath.Join(a.layerCacheDir, diffID))
+	if err == nil {
+		return digest, f, nil
+	}
+
 	rc, err := layer.Uncompressed()
 	if err != nil {
 		return "", nil, xerrors.Errorf("failed to get the layer content (%s): %w", diffID, err)

pkg/fanal/artifact/image/image_test.go

@@ -6,6 +6,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/docker/go-units"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -348,6 +349,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			imagePath: "../../test/testdata/alpine-311.tar.gz",
 			artifactOpt: artifact.Option{
 				LicenseScannerOption: analyzer.LicenseScannerOption{Full: true},
+				ImageOption:          types.ImageOptions{MaxImageSize: units.GB},
 			},
 			missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{
 				Args: cache.ArtifactCacheMissingBlobsArgs{
@@ -2243,6 +2245,14 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			wantErr: "put artifact failed",
 		},
+		{
+			name:      "sad path, image size is larger than the maximum",
+			imagePath: "../../test/testdata/alpine-311.tar.gz",
+			artifactOpt: artifact.Option{
+				ImageOption: types.ImageOptions{MaxImageSize: units.MB * 1},
+			},
+			wantErr: "uncompressed image size 5.86MB exceeds maximum allowed size 1MB",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -2262,6 +2272,8 @@ func TestArtifact_Inspect(t *testing.T) {
 				assert.ErrorContains(t, err, tt.wantErr, tt.name)
 				return
 			}
+			defer a.Clean(got)
+
 			require.NoError(t, err, tt.name)
 			assert.Equal(t, tt.want, got)
 		})

pkg/fanal/artifact/image/remote_sbom_test.go

@@ -170,6 +170,8 @@ func TestArtifact_InspectRekorAttestation(t *testing.T) {
 				assert.ErrorContains(t, err, tt.wantErr)
 				return
 			}
+			defer a.Clean(got)
+
 			require.NoError(t, err, tt.name)
 			got.BOM = nil
 			assert.Equal(t, tt.want, got)
@@ -312,6 +314,7 @@ func TestArtifact_inspectOCIReferrerSBOM(t *testing.T) {
 				assert.ErrorContains(t, err, tt.wantErr)
 				return
 			}
+			defer a.Clean(got)
 
 			require.NoError(t, err, tt.name)
 			got.BOM = nil

pkg/fanal/test/integration/registry_test.go

@@ -256,6 +256,7 @@ func analyze(ctx context.Context, imageRef string, opt types.ImageOptions) (*typ
 	if err != nil {
 		return nil, err
 	}
+	defer ar.Clean(imageInfo)
 
 	imageDetail, err := ap.ApplyLayers(imageInfo.ID, imageInfo.BlobIDs)
 	if err != nil {

pkg/fanal/types/image.go

@@ -53,6 +53,7 @@ type ImageOptions struct {
 	PodmanOptions     PodmanOptions
 	ContainerdOptions ContainerdOptions
 	ImageSources      ImageSources
+	MaxImageSize      int64
 }
 
 type DockerOptions struct {