search

Azure / azqr

Azure Quick Review
https://azure.github.io/azqr
MIT License
526 stars 81 forks source link

Panic Error #266

Closed red-erik closed 1 week ago

red-erik commented 1 week ago

Hello, using latest version I'm receiving

panic: interface conversion: interface {} is nil, not string

goroutine 82 [running]: github.com/Azure/azqr/internal.AprlScanner.graphScan({}, {0x1fd3f68, 0xc0003c8050}, 0xc000386210, {0xc0003257c0, 0xc, 0x0?}, 0xc00048ae40) D:/a/azqr/azqr/internal/aprl_scanner.go:245 +0xc2a github.com/Azure/azqr/internal.(*AprlScanner).worker(0x2c76f60, {0x1fd3f68, 0xc0003c8050}, 0xc000386210, 0xc00048ae40, 0xc0004b24d0, 0xc0004b2540, 0xc0005b6c50) D:/a/azqr/azqr/internal/aprl_scanner.go:175 +0x127 created by github.com/Azure/azqr/internal.AprlScanner.Scan in goroutine 1 D:/a/azqr/azqr/internal/aprl_scanner.go:138 +0x1ce

Regards, Red.

cmendible commented 1 week ago

Hey, my friend, seems there is a query that is not returning a name for a resource. Can you please set the AZURE_SDK_GO_LOGGING environment variable to all, run the tool with the --debug flag to check if there is info there that can help us what is happening?

red-erik commented 1 week ago

Hey there, here we are:

2024-10-31T15:06:57+01:00 DBG // Azure Resource Graph query // Public IP addresses should have DDoS protection enabled resources | where type =~ 'Microsoft.Network/publicIPAddresses' | where properties.ddosSettings.protectionMode !in~ ("Enabled", "VirtualNetworkInherited") | project recommendationId="c4254c66-b8a5-47aa-82f6-e7d7fb418f47", name, id, tags, param1=strcat("Apply either DDoS Network protection or DDoS IP Protrection to the public IP address.")

panic: interface conversion: interface {} is nil, not string

goroutine 51 [running]: github.com/Azure/azqr/internal.AprlScanner.graphScan({}, {0x1fd3f68, 0xc000097770}, 0xc00007a1d8, {0xc00035f7c0, 0xc, 0x0?}, 0xc00027b410) D:/a/azqr/azqr/internal/aprl_scanner.go:245 +0xc2a github.com/Azure/azqr/internal.(*AprlScanner).worker(0x2c76f60, {0x1fd3f68, 0xc000097770}, 0xc00007a1d8, 0xc00027b410, 0xc000300930, 0xc0003009a0, 0xc000503880) D:/a/azqr/azqr/internal/aprl_scanner.go:175 +0x127 created by github.com/Azure/azqr/internal.AprlScanner.Scan in goroutine 1 D:/a/azqr/azqr/internal/aprl_scanner.go:138 +0x1ce

but the qeury it self is working with no issues (I hide id and name for privacy)

Image

Regards, Red.

cmendible commented 1 week ago

The code breaks trying to read the name field which is very strange. But I think the offending query is the following:

resources
| where location != "global"
| union (Resources
    | where type =~ "microsoft.network/networkwatchers")
| summarize NetworkWatcherCount = countif(type =~ 'Microsoft.Network/networkWatchers') by location
| where NetworkWatcherCount == 0
| project recommendationId = "4e133bd0-8762-bc40-a95b-b29142427d73", name=location, id="n/a", param1 = strcat("LocationMisingNetworkWatcher:", location)

To be sure, can you run it and let me know if any row has a null name?

cmendible commented 1 week ago

@red-erik can you try and download azqr from: https://github.com/Azure/azqr/actions/runs/11616273568 and let me know if that version fixes de issue for you?

red-erik commented 1 week ago

Hello, the tool worked for a long time than I received:

panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x0 pc=0xf8e8a5]

goroutine 17643 [running]: github.com/Azure/azqr/internal/scanners/pip.(*PublicIPScanner).Scan(0xc0003882d0, 0xc02e4bad80) D:/a/azqr/azqr/internal/scanners/pip/pip.go:45 +0x225 github.com/Azure/azqr/internal.Scanner.retry({}, 0x3, 0x0?, {0x1bd3a48, 0xc0003882d0}, 0xc02e4bad80) D:/a/azqr/azqr/internal/scanner.go:237 +0x103 github.com/Azure/azqr/internal.Scanner.Scan.func1({0x1bd3a48?, 0xc0003882d0?}) D:/a/azqr/azqr/internal/scanner.go:181 +0x5c created by github.com/Azure/azqr/internal.Scanner.Scan in goroutine 1 D:/a/azqr/azqr/internal/scanner.go:180 +0xc87

I'll run it again with debug option

Regards, Red.

cmendible commented 1 week ago

Ok that means that the initial issue parsing the ARG query results was fixed.

Now you are hitting something related to an IP which seems that is not returning a value for its type, and that is very strange.

Can you please check if there is at least one row without a type as a result of running the following command?

resources
| where type =~ 'Microsoft.Network/publicIPAddresses'
| project name, type

You can also try running just azqr scan pip -s <subscription id> to run a targeted scan for this test.

cmendible commented 1 week ago

@red-erik we'll track the pip scan issue here: https://github.com/Azure/azqr/issues/268