search

jfrog / froggit-go

Froggit-Go is a universal Go library, allowing to perform actions on VCS providers.
https://pkg.go.dev/github.com/jfrog/froggit-go
Apache License 2.0
45 stars 17 forks source link

nil pointer dereference panic: BitbucketServerClient.DownloadFileFromRepo #100

Closed tammert closed 1 year ago

tammert commented 1 year ago

Describe the bug Full error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xd9a398]

goroutine 1 [running]:
github.com/jfrog/froggit-go/vcsclient.(*BitbucketServerClient).DownloadFileFromRepo(0xc00030f468?, {0x127dc38?, 0xc0000c0140?}, {0xc00003a03d, 0x4}, {0xc00003a054, 0xb}, {0xc000038043, 0xf}, {0xc0000c57e0, ...})
        /home/frogger/go/pkg/mod/github.com/jfrog/froggit-go@v1.9.0/vcsclient/bitbucketserver.go:624 +0x178
github.com/jfrog/frogbot/commands/utils.readConfigFromTarget({0x1286a70, 0xc0000cbef0}, 0xc00027b450)
        /var/opt/jfrog/pipelines/data/release_frogbot/runs/1859134/steps/Release/15770954/dependencyState/resources/frogbotGit/commands/utils/params.go:553 +0x424

The cause of the issue on our end was a missing CA cert for our private BitBucket Server. However, instead of a proper error we are seeing a panic. I believe it's because of the following: https://github.com/jfrog/froggit-go/blob/master/vcsclient/bitbucketserver.go#L646-L647 -> in this case, the resp object is not nil, but the resp.StatusCode seems to be. I guess this makes sense, as underwater a TLS error will be thrown, as opposed to a HTTP error.

To Reproduce Run frogbot, connecting to a non-public BitBucket Server, for which the proper CA cert (or self-signed cert) is not imported into the system truststore.

Expected behavior When TLS is not configured properly, I'd expect a TLS error as opposed to a panic.

Versions

tammert commented 1 year ago

I've managed to verify my assumption by debugging locally: error_obfuscated

omerzi commented 1 year ago

Hey @tammert, thank you for reporting this issue and bringing it to our attention. I've opened a PR - https://github.com/jfrog/froggit-go/pull/101. I will update you once we release Frogbot and Froggit-go with the fix.

omerzi commented 1 year ago

Hi @tammert, Froggit-go v1.11.0 and Frogbot v2.11.1 have been released with the fix. Let me know if you have any further questions, and thank you once again for reporting this issue.