search

fluidattacks / makes

A software supply chain framework powered by Nix.
https://makes.fluidattacks.tech/
MIT License
426 stars 42 forks source link

Problem - Key: namespace is required #983

Open BlackRoosie opened 1 year ago

BlackRoosie commented 1 year ago

I got a problem during executing command: m gitlab:fluidattacks/universe@trunk /skims scan ~/.makes/cache/sources/gitlab-fluidattacks-universe-trunk/integrates/secrets/lint/config.yaml

`[WARNING] Function: main.cli_scan_wrapped, type: Key: namespace is required Traceback (most recent call last): File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/config/init.py", line 141, in load namespace=config.pop("namespace"), KeyError: 'namespace'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/utils/function.py", line 220, in wrapper return function(*args, **kwargs) File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/cli/init.py", line 121, in cli_scan_wrapped success: bool = run( File "/nix/store/33z2zxmvnq9k4fmbqim6ffzhlgiwmxb6-skims-runtime/lib/python3.8/site-packages/aioextensions/init.py", line 292, in run return asyncio.run(coroutine, debug=debug) File "/nix/store/mbsng5p51yxdpkf53v91i6ck8fdg4w9b-python3-3.8.13/lib/python3.8/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "/nix/store/mbsng5p51yxdpkf53v91i6ck8fdg4w9b-python3-3.8.13/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/core/scan.py", line 233, in main load(group, config) # NOSONAR File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/config/init.py", line 161, in load raise confuse.ConfigError(f"Key: {exc.args[0]} is required") confuse.exceptions.ConfigError: Key: namespace is required

[INFO] Success: False`

Can you help me to solve it?

drestrepom commented 1 year ago

You must specify a namespace with any name

language: EN
namespace: namespace
output:
  file_path: skims/test/outputs/lib_path.csv
  format: CSV
path:
  exclude:
    - glob(integrates/**/*)
  include:
    - skims/test/data/lib_path
  lib_path: true
  lib_root: false

https://gitlab.com/fluidattacks/universe/-/blob/6f37e27fa19521f993e4c18af330cfdb4e90b18e/skims/test/data/config/lib_path.yaml#L3

BlackRoosie commented 1 year ago

Where should I put this file?

drestrepom commented 1 year ago

If you are trying to execute skims, yo must create a file named settings.yaml and put the previous content, an execute the following command m gitlab:fluidattacks/universe@trunk /skims scan settings.yaml

BlackRoosie commented 1 year ago

thanks for help!

I got another question now, could you tell me what is the problem here?:

/nix/store/23lng6qisjckqkaxk7pwqi3pv1lsxq5q-make-template-for-skims-config-runtime/template: line 10: 12317 Killed python '/nix/store/l5njw5h0afshm7h13didf90rc3xqcj4z-skims/cli/init.py' "$@"

───────────────────────────────────────────────────────── 🤦 Failed with exit code 137 ─

ndreisg commented 7 months ago

On macOS I get the same error

/nix/store/1gv67p7sg3lkmwlx07l4i7f8y1yzcvy8-make-template-for-skims-config-runtime/template: line 10: 2929 Killed python '/nix/store/k7hxzzfrihasdyb0pqsw5h4c1f980fvx-skims/cli/__init__.py' "$@"

On Ubuntu I get

A child process terminated abruptly, the process pool is not usable anymore

I have a quite big repo and on both systems it fails at different percentages during SAST test. I would assume it is related to this issue: https://gitlab.com/fluidattacks/universe/-/issues/5976 Even though the issue was closed about a year ago it seems this reappeared.

ndreisg commented 7 months ago

I was able to workaround my issue (at least on macOS, didn't try on Ubuntu yet) by splitting my .yaml file into two files (one only containing SAST, the other containing SCA and APK) and running them separately.

jgomezb11 commented 7 months ago

Hi, could you answer some questions to narrow the cause of the error. How many vulnerabilities did the scanner report after splitting the config? How many files does the repo have? What is the configuration being used in both cases (before splitting it and after)

ndreisg commented 7 months ago

Sure,

the original config before splitting was the one from this link: https://docs.fluidattacks.com/tech/scanner/standalone/casa/

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results.csv
  format: CSV
working_dir: .
language: EN
sast:
  include:
    - .
sca:
  include:
    - .
apk:
  include:
    - glob(**/*.apk)

These are the two config files after splitting:

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results-SAST.csv
  format: CSV
working_dir: .
language: EN
sast:
  include:
    - .
namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results-SCA-APK.csv
  format: CSV
working_dir: .
language: EN
sca:
  include:
    - .
apk:
  include:
    - glob(**/*.apk)

The SAST scan reported 65 vulnerabilities. The SCA and APK scans reported 4 vulnerabilities.

The repo is an Android project containing 5008 files (310 MB) in total.

ndreisg commented 6 months ago

@jgomezb11 it seems this can be easily reproduced by adding more APK files In my project I have 4 APK files (3 with ~20MB each and one with ~40MB) If I run the SCA and APK test (last config file above) with all 4 APKs it already fails with the error above If I only test 1 APK at a time it works fine

drestrepom commented 6 months ago

@jgomezb11 it seems this can be easily reproduced by adding more APK files In my project I have 4 APK files (3 with ~20MB each and one with ~40MB) If I run the SCA and APK test (last config file above) with all 4 APKs it already fails with the error above If I only test 1 APK at a time it works fine

Try again, probably the problem is generated by multiprocessing, make a change to mitigate this possible situation

https://gitlab.com/fluidattacks/universe/-/merge_requests/55882