Revert "fix: improve subprocess spawning portability"

This reverts commit 2e9c8d3.

Author: adrobuta

lib/analyzer/image-inspector.ts

@@ -212,11 +212,8 @@ async function getImageArchive(
 
   try {
     inspectResult = await getInspectResult(docker, targetImage);
-  } catch (error) {
-    debug(
-      `${targetImage} does not exist locally, proceeding to pull image.`,
-      error.stack || error,
-    );
+  } catch {
+    debug(`${targetImage} does not exist locally, proceeding to pull image.`);
   }
 
   if (inspectResult === undefined) {

lib/sub-process.ts

@@ -1,4 +1,5 @@
 import * as childProcess from "child_process";
+import { quoteAll } from "shescape/stateless";
 
 export { execute, CmdOutput };
 interface CmdOutput {
@@ -12,15 +13,13 @@ function execute(
   options?,
 ): Promise<CmdOutput> {
   const spawnOptions: any = {
-    // Some distributions may not have /bin/bash, which would cause `child_process.spawn` to fail.
-    // By setting `shell: false`, we tell `spawn` to execute the command directly without a shell,
-    // which is more portable.
-    shell: false,
+    shell: process.platform !== "win32" ? "/bin/bash" : true,
     env: { ...process.env },
   };
   if (options && options.cwd) {
     spawnOptions.cwd = options.cwd;
   }
+  args = quoteAll(args, { ...spawnOptions, flagProtection: false });
 
   // Before spawning an external process, we look if we need to restore the system proxy configuration,
   // which overrides the cli internal proxy configuration.

package-lock.json

@@ -45,6 +45,7 @@
     "mkdirp": "^1.0.4",
     "packageurl-js": "1.2.0",
     "semver": "^7.6.3",
+    "shescape": "2.1.0",
     "snyk-nodejs-lockfile-parser": "^2.0.0",
     "snyk-poetry-lockfile-parser": "^1.4.0",
     "snyk-resolve-deps": "^4.7.1",

package.json

@@ -1,6 +1,5 @@
 import { DepGraph } from "@snyk/dep-graph";
 import * as plugin from "../../lib";
-import * as subProcess from "../../lib/sub-process";
 import { getFixture } from "../util";
 
 describe("plugin", () => {
@@ -92,35 +91,6 @@ describe("plugin", () => {
     });
   });
 
-  describe("when scanning a locally loaded image", () => {
-    const imageName = "busybox";
-    const imageTag = "latest";
-    const imageNameWithTag = `${imageName}:${imageTag}`;
-
-    beforeAll(async () => {
-      const fixturePath = getFixture([
-        "../fixtures/docker-archives",
-        "skopeo-copy/busybox.tar",
-      ]);
-      await subProcess.execute("docker", ["load", "--input", fixturePath]);
-    }, 10000); // 10s timeout for loading image
-
-    afterAll(async () => {
-      await subProcess.execute("docker", ["rmi", imageNameWithTag]);
-    });
-
-    test("should successfully scan a local image loaded from a tar archive", async () => {
-      const pluginResult = await plugin.scan({ path: imageNameWithTag });
-      const depGraph: DepGraph = pluginResult.scanResults[0].facts.find(
-        (fact) => fact.type === "depGraph",
-      )!.data;
-
-      expect(depGraph.rootPkg.name).toEqual(`docker-image|${imageName}`);
-      expect(depGraph.rootPkg.version).toEqual(imageTag);
-      expect(pluginResult.scanResults[0].identity.type).toEqual("linux");
-    });
-  });
-
   test("image pulled by tag has version set", async () => {
     const imageNameAndTag = `nginx:1.19.0`;