search

Privado-Inc / privado

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
https://docs.privado.ai
GNU Lesser General Public License v3.0
483 stars 56 forks source link

[BUG] Unresponsive scan on Guess Language Failure #76

Open ojaswa1942 opened 1 year ago

ojaswa1942 commented 1 year ago

Describe the bug: Unhandled AccessDeniedException Environment: CentOS VM created using VMWare ESXI Hypervisor

Observed Behaviour: On running the scan in non-debug mode, the scan gets stuck after "Guessing language."
Upon running this with --debug, it shows an exception AccessDeniedException: /app/code raised from core.

Issues

Investigative Comments

Logs

[root@localhost sample_app]$ sudo /usr/local/bin/privado scan --debug BankingSystem-Backend/

> Scanning directory: /home/privado/dindia/sample_app/BankingSystem-Backend

> Pulling the latest image: public.ecr.aws/privado/privado:latest
Trying to pull repository public.ecr.aws/privado/privado ...
latest: Pulling from public.ecr.aws/privado/privado
Digest: sha256:47f9bd5a32ff4dbea131d39ed355ada0e9190416ffb61b70a2ecd686fa6278ba
Status: Image is up to date for public.ecr.aws/privado/privado:latest

> Starting container with the latest image
> Container ID: eb5c0af71802df04ab9af1b18bde7533f2ecc4d5221a1a59d5d5fcb377e38163

> Waiting for process to complete:
Privado CLI Version: v2.1.0
Privado Core Version: 1.1.0
Privado Main Version: 1.1.0

2022-09-28 06:33:31.443 INFO ScanProcessor$: Caching rules
Configuration parsed...
Guessing source code language...
2022-09-28 06:33:31.465 DEBUG Main$: Failure from scan process:
java.nio.file.AccessDeniedException: /app/code
        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[?:?]
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
        at sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:431) ~[?:?]
        at java.nio.file.Files.newDirectoryStream(Files.java:476) ~[?:?]
        at java.nio.file.FileTreeWalker.visit(FileTreeWalker.java:300) ~[?:?]
        at java.nio.file.FileTreeWalker.walk(FileTreeWalker.java:322) ~[?:?]
        at java.nio.file.FileTreeIterator.<init>(FileTreeIterator.java:71) ~[?:?]
        at java.nio.file.Files.walk(Files.java:3891) ~[?:?]
        at better.files.File.walk(File.scala:767) ~[com.github.pathikrit.better-files_2.13-3.9.1.jar:3.9.1]
        at better.files.File.listRecursively(File.scala:754) ~[com.github.pathikrit.better-files_2.13-3.9.1.jar:3.9.1]
        at io.joern.console.cpgcreation.package$.guessMajorityLanguageInDir(package.scala:59) ~[io.joern.console_2.13-1.1.1078.jar:1.1.1078]
        at io.joern.console.cpgcreation.package$.guessLanguage(package.scala:44) ~[io.joern.console_2.13-1.1.1078.jar:1.1.1078]
        at ai.privado.entrypoint.ScanProcessor$.processCPG(ScanProcessor.scala:281) ~[ai.privado.privado-core-1.1.0.jar:1.1.0]
        at ai.privado.entrypoint.ScanProcessor$.process(ScanProcessor.scala:259) ~[ai.privado.privado-core-1.1.0.jar:1.1.0]
        at ai.privado.entrypoint.Main$.$anonfun$main$1(Main.scala:39) ~[ai.privado.privado-core-1.1.0.jar:1.1.0]
        at ai.privado.metric.MetricHandler$.timeMetric(MetricHandler.scala:58) ~[ai.privado.privado-core-1.1.0.jar:1.1.0]
        at ai.privado.entrypoint.Main$.main(Main.scala:39) ~[ai.privado.privado-core-1.1.0.jar:1.1.0]
        at ai.privado.entrypoint.Main.main(Main.scala) ~[ai.privado.privado-core-1.1.0.jar:1.1.0]
2022-09-28 06:33:31.478 DEBUG Main$: Skipping auth flow due to scan failure
ojaswa1942 commented 1 year ago

cc: @pandurangpatil

ojaswa1942 commented 1 year ago

@abhstabs We need to handle any errors coming through guessLanguage, print it for the user, and fail the scan process.