EBS snapshot scanning error - incorrect API endpoint

[varunupps]

Description

Given an ebs snapshot for scanning
When a vulnerability scan is run against the snapshot
A fatal error occurs due to trivy calling a malformed EBS endpoint (https://ebs..amazonaws.com/snapshots/snap-04adadasd69521a6d94/blocks)

Notice the double dot .. in the hostname, which is not a valid domain format.

Desired Behavior

For EBS snapshot scan to work

Actual Behavior

ubuntu@ip-172-31-40-120:~$ trivy vm --scanners vuln ebs:snap-02a4e2069521a6d91

2024-09-15T14:42:47Z INFO Timeout is set to less than 30 min - upgrading to 30 min for this command.

2024-09-15T14:42:47Z INFO [db] Need to update DB

2024-09-15T14:42:47Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"

53.23 MiB / 53.23 MiB [-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 31.12 MiB p/s 1.9s

2024-09-15T14:42:49Z INFO [vuln] Vulnerability scanning is enabled

2024-09-15T14:42:49Z FATAL Fatal error vm scan error: scan error: scan failed: failed analysis: EBS open error: EBS error: operation error EBS: ListSnapshotBlocks, https response error StatusCode: 0, RequestID: , request send failed, Get "https://ebs..amazonaws.com/snapshots/snap-02a4e2069521a6d91/blocks": dial tcp: lookup ebs..amazonaws.com: no such host

Reproduction Steps

1. Install trivy version 0.55.1
2. Run scan against an EBS snapshot, for example: trivy vm --scanners vuln ebs:snap-02a4e2069521a6d91
3. Encounter error

Ec2 instance is assigned the correct IAM instance profile with relevant permissions

Target

None

Scanner

None

Output Format

None

Mode

None

Debug Output

ubuntu@ip-172-31-40-130:~$ trivy vm --scanners vuln ebs:snap-02a4e2069521a6d91 --debug

2024-09-15T14:51:08Z	DEBUG	No plugins loaded

2024-09-15T14:51:08Z	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values

2024-09-15T14:51:08Z	DEBUG	Cache dir	dir="/home/ubuntu/.cache/trivy"

2024-09-15T14:51:08Z	DEBUG	Cache dir	dir="/home/ubuntu/.cache/trivy"

2024-09-15T14:51:08Z	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]

2024-09-15T14:51:08Z	DEBUG	Ignore statuses	statuses=[]

2024-09-15T14:51:08Z	INFO	Timeout is set to less than 30 min - upgrading to 30 min for this command.

2024-09-15T14:51:08Z	DEBUG	DB update was skipped because the local DB is the latest

2024-09-15T14:51:08Z	DEBUG	DB info	schema=2 updated_at=2024-09-15T12:13:38.386655408Z next_update=2024-09-15T18:13:38.386655258Z downloaded_at=2024-09-15T14:42:49.697020762Z

2024-09-15T14:51:08Z	DEBUG	[pkg] Package types	types=[os library]

2024-09-15T14:51:08Z	DEBUG	[pkg] Package relationships	relationships=[unknown root direct indirect]

2024-09-15T14:51:08Z	INFO	[vuln] Vulnerability scanning is enabled

2024-09-15T14:51:08Z	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]

2024-09-15T14:51:08Z	DEBUG	Initializing scan cache...	type="fs"

2024-09-15T14:51:08Z	FATAL	Fatal error

  - vm scan error:

    github.com/aquasecurity/trivy/pkg/commands/artifact.Run

        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:386

  - scan error:

    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact

        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:260

  - scan failed:

    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scan

        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:615

  - failed analysis:

    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact

        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:158

  - EBS open error:

    github.com/aquasecurity/trivy/pkg/fanal/artifact/vm.(*EBS).Inspect

        /home/runner/work/trivy/trivy/pkg/fanal/artifact/vm/ebs.go:46

  - EBS error:

    github.com/aquasecurity/trivy/pkg/fanal/artifact/vm.(*EBS).openEBS

        /home/runner/work/trivy/trivy/pkg/fanal/artifact/vm/ebs.go:88

  - operation error EBS: ListSnapshotBlocks, https response error StatusCode: 0, RequestID: , request send failed, Get "https://ebs..amazonaws.com/snapshots/snap-02a4e2069521a6d91/blocks": dial tcp: lookup ebs..amazonaws.com: no such host

Operating System

ubuntu 22.0

Version

Version: 0.55.1

Checklist

• Run trivy clean --all
• Read the troubleshooting

[nikpivkin]

Hi @varunupps !

I'll take a look.

[varunupps]

thanks @nikpivkin - I noticed it works if the --aws-region switch is used. It's currently not specified as a required parameter

[nikpivkin]

@varunupps Region can be specified in many ways, such as through environment variables or a configuration file, so we do not specify the region argument to be required.

[nikpivkin]

Track #7512