search

crashappsec / chalk

Chalk allows you to follow code from development, through builds and into production.
https://crashoverride.com/
GNU General Public License v3.0
322 stars 11 forks source link

chalk loads an invalid config without error if it was previously valid and then is trapped forever #312

Closed indecisivedragon closed 1 month ago

indecisivedragon commented 1 month ago

Description

chalk loaded a valid config and then on reloading the same config but with an invalid line, the validation will passed without error, but then any further actions with that chalk binary will fail immediately because of the invalid config (including trying to load another config or get back to default)

Impact

we can't reload updated configs since validation is wonky, or if we do try a reload then chalk is broken forever after

Steps to Reproduce

  1. build chalk (from main)

  2. load some valid config, ex one of the standard ones:

    liming@system76-pc:~/workspace/chalk$ ./chalk load ./configs/embed_sboms.c4m
info:  Invalid chalk mark in autocompletion script. Updating.
info:  Installed bash auto-completion file to: /home/liming/.local/share/bash_completion/completions/chalk.bash
info:  Attempting to load module from: ./configs/embed_sboms.c4m

Configuring Component: /home/liming/workspace/chalk/configs/embed_sboms                                                                            
Finished configuration for /home/liming/workspace/chalk/configs/embed_sboms                                                                        
info:  [testing config]: Validating configuration.
info:  [testing config]: Configuration successfully validated.
info:  Configuration replaced in binary: /home/liming/workspace/chalk/chalk
info:  /home/liming/.local/chalk/chalk.log: Open (sink conf='default_out')
info:  Full chalk report appended to: ~/.local/chalk/chalk.log

    and observe validation passes

  3. add the following invalid line to the above config: log_level = debug

  4. reload the same config and see that validation passes again:

    liming@system76-pc:~/workspace/chalk$ ./chalk load ./configs/embed_sboms.c4m
info:  Invalid chalk mark in autocompletion script. Updating.
info:  Installed bash auto-completion file to: /home/liming/.local/share/bash_completion/completions/chalk.bash
info:  Attempting to load module from: ./configs/embed_sboms.c4m

Configuring Component: /home/liming/workspace/chalk/configs/embed_sboms                                                                            
Finished configuration for /home/liming/workspace/chalk/configs/embed_sboms                                                                        
info:  [testing config]: Validating configuration.
info:  [testing config]: Configuration successfully validated.
info:  Configuration replaced in binary: /home/liming/workspace/chalk/chalk
info:  /home/liming/.local/chalk/chalk.log: Open (sink conf='default_out')
info:  Full chalk report appended to: ~/.local/chalk/chalk.log
  5. any further chalk actions result in error: 
    liming@system76-pc:~/workspace/chalk$ ./chalk insert ls-test
error: chalk: [embedded config]: 10:13: 
Variable debug used before definition
log_level = debug
          ^
error: Could not load configuration files. exiting.
liming@system76-pc:~/workspace/chalk$ ./chalk load default
error: chalk: [embedded config]: 10:13: 
Variable debug used before definition
log_level = debug
          ^
error: Could not load configuration files. exiting.

Other Information

ee7 commented 1 month ago

Good catch. This is a regression in chalk versions 0.4.0 and 0.4.1 introduced by https://github.com/crashappsec/chalk/commit/a08d38e6d3f3648d7facf88d8828043d06fec3d5. Worked in 0.3.5.