output error while running the chain-bench scan

[bparinas]

Description

Executing this simple command: docker run aquasec/chain-bench scan --repository-url [git repo] --access-token [git token]

Produce these errors: 2022-07-28 03:44:50 INF 🚩 Fetch Starting 2022-07-28 03:44:50 ERR error in authenticated user data 2022-07-28 03:44:50 ERR error in fetching repository data 2022-07-28 03:44:50 INF 🛢️ Fetching Repository Settings Finished 2022-07-28 03:44:50 ERR error in fetching branch protection 2022-07-28 03:44:50 INF 🌱 Fetching Branch Protection Settings Finished 2022-07-28 03:44:50 ERR error in fetching workflows 2022-07-28 03:44:50 INF 🔧 Fetching Pipelines Finished panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xb3f265]

goroutine 1 [running]: github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x0, 0x0}, {0x7fffb403df52?, 0x1?}) /home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5 github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000242280?, {0xcfc484?, 0x2?, 0x2?}) /home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xac github.com/spf13/cobra.(Command).execute(0xc000242280, {0xc00024c040, 0x2, 0x2}) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:872 +0x694 github.com/spf13/cobra.(Command).ExecuteC(0xc000242000) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3b4 github.com/spf13/cobra.(*Command).Execute(...) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918 github.com/aquasecurity/chain-bench/internal/commands.Execute({0xe4c9a8?, 0xc0000021a0?}) /home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32 main.main() /home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27

[venkyvikram]

Same Issue for me also. I don't see any issue on token permission or the repository. Looking forward if someone fix this similar issue. panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1741885]

goroutine 1 [running]: github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x7ffeefbffafb, 0x28}, {0x7ffeefbffaba?, 0x1?}) github.com/aquasecurity/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5 github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000264280?, {0x1900f9c?, 0x4?, 0x4?})

Regards, Venkat

[rgreinho]

The scan seems to work fine though:

$ docker run aquasec/chain-bench scan --repository-url https://github.com/buildsec/frsca --access-token $GITHUB_TOKEN
Unable to find image 'aquasec/chain-bench:latest' locally
latest: Pulling from aquasec/chain-bench
b3c136eddcbf: Pull complete
d55ff444f396: Pull complete
508144a78229: Pull complete
Digest: sha256:a5940490930d6fc45a00dc65090a92c7514a5a9451ba435523bcb711b93ce87a
Status: Downloaded newer image for aquasec/chain-bench:latest
2022-08-02 12:15:49 INF 🚩   Fetch Starting
2022-08-02 12:15:55 WRN failed to fetch hooks data
2022-08-02 12:15:55 INF 🛢️  Fetching Repository Settings Finished
2022-08-02 12:15:55 ERR error in fetching branch protection
2022-08-02 12:15:55 INF 🌱   Fetching Branch Protection Settings Finished
2022-08-02 12:15:56 WRN file .github/workflows/ci.yaml not found
2022-08-02 12:15:56 WRN file dynamic/pages/pages-build-deployment not found
2022-08-02 12:15:56 INF 🔧   Fetching Pipelines Finished
2022-08-02 12:15:57 WRN failed to fetch organization hooks
2022-08-02 12:15:57 INF 🏢   Fetching Organization Settings Finished
2022-08-02 12:15:58 INF 👫   Fetching Members Finished
2022-08-02 12:15:58 INF 🏁   Fetch succeeded
   ID                                                 Name                                                Result                                    Reason
-------- ----------------------------------------------------------------------------------------------- --------- ------------------------------------------------------------------------

[bparinas]

@rgreinho it works now in my end as well

[LalitLab]

I have seen the same error, it happened to me when my repository is not having any GitHub workflows.

[naortalmor1]

@LiorVais Can you please tale a look in that pls?

[VaismanLior]

Thank you for the issue! The latest version seems to work just fine with and without docker. @LalitTurbot I tried it on a repository without workflows, should work as well. If you are running it on docker please make sure you use the latest image Closing the issue, please reopen if anyone has this problem again 🥇

[Shan-KulK]

Bumping this issue as I also cannot run the tool from cli, valid repo url and PAT. Same with a friend I know trying it on his repo.

[VaismanLior]

Bumping this issue as I also cannot run the tool from cli, valid repo url and PAT. Same with a friend I know trying it on his repo.

@Shan-KulK Thanks for reporting this! I couldn't reproduce the issue. Can you please provide more information on how you ran the scan? If you are using docker, what image are you using?

Also, what type of repository is it? Under a user or organization?

[naortalmor1]

Hi @Shan-KulK, can you help us please reproduce this issue?

[YuviGold]

Got the same panic when authentication token was not provided. The repository function return nil object to repo which isn't validated and tried to be accessed via *repo.Owner.Type

➜  ~ docker run aquasec/chain-bench scan --repository-url https://github.com/aquasecurity/chain-bench -v
2022-09-14 13:31:33 INF 🚩   Fetch Starting
2022-09-14 13:31:33 ERR error in authenticated user data
2022-09-14 13:31:33 DBG error in authenticated user data error="GET https://api.github.com/user: 401 Bad credentials []"
2022-09-14 13:31:34 ERR error in fetching repository data
2022-09-14 13:31:34 DBG error in fetching repository data error="GET https://api.github.com/repos/aquasecurity/chain-bench: 401 Bad credentials []"
2022-09-14 13:31:34 INF 🛢️  Fetching Repository Settings Finished
2022-09-14 13:31:34 ERR error in fetching branch protection
2022-09-14 13:31:34 DBG error in fetching branch protection error="GET https://api.github.com/repos/aquasecurity/chain-bench/branches//protection: 401 Bad credentials []"
2022-09-14 13:31:34 INF 🌱   Fetching Branch Protection Settings Finished
2022-09-14 13:31:34 ERR error in fetching workflows
2022-09-14 13:31:34 DBG error in fetching workflows error="GET https://api.github.com/repos/aquasecurity/chain-bench/actions/workflows: 401 Bad credentials []"
2022-09-14 13:31:34 INF 🔧   Fetching Pipelines Finished
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xb3f265]

goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x0, 0x0}, {0x7ffeb8378f4b?, 0x1?})
    /home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000250280?, {0xcfc484?, 0x3?, 0x3?})
    /home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xac
github.com/spf13/cobra.(*Command).execute(0xc000250280, {0xc0001fdf20, 0x3, 0x3})
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0xc000250000)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918
github.com/aquasecurity/chain-bench/internal/commands.Execute({0xe4c9a8?, 0xc0000021a0?})
    /home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32
main.main()
    /home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27

[Shan-KulK]

Sorry for the late reply, it seems to have fixed itself upon reinstall

[acramagnac2]

Hello, Same Issue for me also. Does the issue may appear when we have a dash symbol "-" in the repository-url value or token content ?