search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
334 stars 84 forks source link

nil pointer dereference when registering repos #154

Closed aep-sunlife closed 2 weeks ago

aep-sunlife commented 2 weeks ago

Trace:

$ docker scout repo enable --org SecOps SecOps/hello-world-ant
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x10 pc=0x1063e7b44]

goroutine 1 [running]:
github.com/docker/scout-cli-plugin/internal/commands/repo.parseRepo(...)
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/commands/repo/enable.go:189
github.com/docker/scout-cli-plugin/internal/commands/repo.enableCmd.func1(0x14000b26f08?, {0x14000df5110, 0x1, 0x3?})
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/commands/repo/enable.go:68 +0x134
github.com/spf13/cobra.(*Command).execute(0x14000b26f08, {0x14000493dd0, 0x3, 0x3})
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:970 +0x7dc
github.com/spf13/cobra.(*Command).ExecuteC(0x14000ea8008)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1117 +0x344
github.com/spf13/cobra.(*Command).Execute(...)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.1/command.go:1041
github.com/docker/cli/cli-plugins/plugin.RunPlugin(0x14000bdc640, 0x14000d3ef08, {{0x10642bc9a, 0x5}, {0x106456350, 0xb}, {0x1400071f0f0, 0x7}, {0x1064636b8, 0xc}, ...})
    /home/runner/go/pkg/mod/github.com/docker/cli@v27.3.1+incompatible/cli-plugins/plugin/plugin.go:79 +0x138
main.runPlugin(0x14000bdc640)
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:30 +0x104
main.main()
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:57 +0x190

$ docker scout version

      ⢀⢀⢀             ⣀⣀⡤⣔⢖⣖⢽⢝
   ⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀    ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
  ⡜⡜⡜⡜⡜⡜⠜⠈⠈        ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺ 
 ⢘⢜⢜⢜⢜⠜               ⠈⠪⡳⡵⣹⡪⠇ 
 ⠨⡪⡪⡪⠂    ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀    ⠘⢝⢮⡚       _____                 _   
  ⠱⡱⠁    ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦    ⠘⡵⠁      / ____| Docker        | |  
   ⠁    ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣    ⠁      | (___   ___ ___  _   _| |_ 
        ⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳            \___ \ / __/ _ \| | | | __|
   ⢀    ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏    ⡀       ____) | (_| (_) | |_| | |_ 
  ⢀⢾⠄    ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝    ⢠⢣⢂     |_____/ \___\___/ \__,_|\__|
  ⡼⣕⢗⡄    ⠈⠓⠝⢮⡳⣝⠮⠳⠙     ⢠⢢⢣⢣  
 ⢰⡫⡮⡳⣝⢦⡀              ⢀⢔⢕⢕⢕⢕⠅ 
 ⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀        ⡀⡠⡢⡣⡣⡣⡣⡣⡃  
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁    ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈   
⡯⡳⠳⠝⠊⠓⠉             ⠈⠈⠈⠈      

version: v1.15.1 (go1.23.2 - darwin/arm64)
git commit: ad403e2d1b1ab766fcaa740a0422ad7e54f99700
cdupuis commented 2 weeks ago

Thanks for raising this @aep-sunlife. While I think this shouldn't panic, the passed repository name SecOps/hello-world-ant is not a valid <name> by the OCI spec which is why this fails to parse internally and ultimately panics. I'll fix the panic.

Meanwhile, could you please try to run the command with --org secops secops/hello-world-ant?