search

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Apache License 2.0
715 stars 62 forks source link

scan: segmentation fault while fetching authorized user #55

Closed Dentrax closed 2 years ago

Dentrax commented 2 years ago

Description

scan throws segmentation fault.

What did you expect to happen?

$ chain-bench scan --repository-url github.com/Dentrax/cocert --access-token $TOKEN

What happened instead?

Error line: https://github.com/aquasecurity/chain-bench/blob/25fe2336cefc0ebf6ba664a26ee13f6d927a0714/internal/scm-clients/clients/clients.go#L32

2022-07-07 17:12:19 INF 🚩      Fetch Starting
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x17370bb]

goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x7ff7bfeff380, 0x1}, {0x7ff7bfeff357?, 0x1?})
        /home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:32 +0x9b
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc00020e280?, {0x18f4738?, 0x4?, 0x4?})
        /home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xac
github.com/spf13/cobra.(*Command).execute(0xc00020e280, {0xc000175f80, 0x4, 0x4})
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc00020e000)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902
github.com/aquasecurity/chain-bench/internal/commands.Execute({0x1a41c1c?, 0xc0000021a0?})
        /home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32
main.main()
        /home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27

Additional details (base image name, container registry info...):

rgreinho commented 2 years ago

You need to pass a valid URL for it to work.

This could be a check providing a better error message for the user though.

MorAlon1 commented 2 years ago

Hey @Dentrax , as @rgreinho suggested please try to add https in the beginning of the url and check if its still happening