search

open-policy-agent / opa

Open Policy Agent (OPA) is an open source, general-purpose policy engine.
https://www.openpolicyagent.org
Apache License 2.0
9.68k stars 1.34k forks source link

Panic during eval #147

Closed timothyhinrichs closed 7 years ago

timothyhinrichs commented 7 years ago

$ cat test.rego package foo

bar["a"] :- true

bar = {"a"}

$ opa run test.rego OPA 0.2.1-dev (commit 47199b9, built at 2016-11-14T17:09:08Z)

Run 'help' to see a list of commands.

data.foo.bar panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x2eacb9]

goroutine 1 [running]: panic(0x3fa040, 0xc4200100a0) /usr/local/go/src/runtime/panic.go:500 +0x1a1 github.com/open-policy-agent/opa/topdown.evalRefRulePartialSetDocFull.func1(0xc420140780, 0x10da8, 0x80) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1522 +0x59 github.com/open-policy-agent/opa/topdown.evalContext(0xc420140780, 0xc420183440, 0xc42013f19f, 0xc42013f100) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:748 +0x206 github.com/open-policy-agent/opa/topdown.evalContext.func1.1(0xc420140700, 0x644101, 0xc42013f19f) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:772 +0x94 github.com/open-policy-agent/opa/topdown.evalExpr(0xc420140700, 0xc420183480, 0xc4201887b0, 0x28) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:848 +0x24b github.com/open-policy-agent/opa/topdown.evalContext.func1(0xc420140700, 0xc42011c8e8, 0x1057e) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:773 +0xbb github.com/open-policy-agent/opa/topdown.evalTermsRec(0xc420140700, 0xc420183460, 0xc4200de2c8, 0x0, 0x0, 0x0, 0x0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1773 +0x66b github.com/open-policy-agent/opa/topdown.evalTermsRec(0xc420140700, 0xc420183460, 0xc4200de2c8, 0x1, 0x1, 0xc4200de2c8, 0x0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1795 +0x18e github.com/open-policy-agent/opa/topdown.evalTerms(0xc420140700, 0xc420183460, 0xc4201887e0, 0x41d0c0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1720 +0x424 github.com/open-policy-agent/opa/topdown.evalContext(0xc420140700, 0xc420183440, 0xc42010c240, 0x1) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:786 +0x121 github.com/open-policy-agent/opa/topdown.evalRefRulePartialSetDocFull(0xc420140580, 0xc4201832a0, 0x3, 0x4, 0xc42013ee20, 0x2, 0x2, 0xc420189770, 0x660780, 0xc42011cd70) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1527 +0x29f github.com/open-policy-agent/opa/topdown.evalRefRule(0xc420140580, 0xc4201832a0, 0x3, 0x4, 0xc420183340, 0x3, 0x3, 0xc42013ee20, 0x2, 0x2, ...) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1181 +0x2a5 github.com/open-policy-agent/opa/topdown.evalRefRec(0xc420140580, 0xc4201832a0, 0x3, 0x4, 0xc420189770, 0x0, 0xc42011cf18) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:936 +0x39d github.com/open-policy-agent/opa/topdown.evalRef(0xc420140580, 0xc4201822b8, 0x0, 0x1, 0xc4201832a0, 0x3, 0x4, 0xc420189770, 0xc42013f2a0, 0xc4200de298) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:873 +0x205 github.com/open-policy-agent/opa/topdown.evalRef(0xc420140580, 0xc4201822b0, 0x1, 0x2, 0xc4201832a0, 0x3, 0x4, 0xc420189770, 0xc4200de298, 0x6809e0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:880 +0x3b2 github.com/open-policy-agent/opa/topdown.evalRef(0xc420140580, 0xc4201822a8, 0x2, 0x3, 0xc42013f2a0, 0x2, 0x2, 0xc420189770, 0xc420189770, 0x0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:880 +0x3b2 github.com/open-policy-agent/opa/topdown.evalRef(0xc420140580, 0xc4201822a0, 0x3, 0x4, 0xc4200de298, 0x1, 0x1, 0xc420189770, 0x10da8, 0x18) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:880 +0x3b2 github.com/open-policy-agent/opa/topdown.evalTermsRec(0xc420140580, 0xc4201831c0, 0xc420183108, 0x2, 0x3, 0x10, 0x409d00) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1785 +0x55a github.com/open-policy-agent/opa/topdown.evalTermsRec(0xc420140580, 0xc4201831c0, 0xc420183100, 0x3, 0x4, 0x0, 0x1) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1795 +0x18e github.com/open-policy-agent/opa/topdown.evalTerms(0xc420140580, 0xc4201831c0, 0xc420189680, 0x40bd80) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:1720 +0x424 github.com/open-policy-agent/opa/topdown.evalContext(0xc420140580, 0xc42013f230, 0xc4201831a0, 0x436560) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:786 +0x121 github.com/open-policy-agent/opa/topdown.Eval(0xc420140580, 0xc420183180, 0x1, 0xc4200e1040) /Users/tim/gocode/src/github.com/open-policy-agent/opa/topdown/topdown.go:380 +0xb6 github.com/open-policy-agent/opa/repl.(REPL).evalTermSingleValue(0xc4200d60c0, 0xc4200e1040, 0xc4200de158, 0x1, 0x1, 0x1f2b49) /Users/tim/gocode/src/github.com/open-policy-agent/opa/repl/repl.go:640 +0x275 github.com/open-policy-agent/opa/repl.(REPL).evalBody(0xc4200d60c0, 0xc4200e1040, 0xc4200de158, 0x1, 0x1, 0x1) /Users/tim/gocode/src/github.com/open-policy-agent/opa/repl/repl.go:494 +0x65b github.com/open-policy-agent/opa/repl.(REPL).evalStatement(0xc4200d60c0, 0x436560, 0xc4200dbce0, 0xc) /Users/tim/gocode/src/github.com/open-policy-agent/opa/repl/repl.go:473 +0x6d3 github.com/open-policy-agent/opa/repl.(REPL).evalBufferOne(0xc4200d60c0, 0x0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/repl/repl.go:408 +0x152 github.com/open-policy-agent/opa/repl.(REPL).OneShot(0xc4200d60c0, 0xc42013e360, 0xc, 0xc42013e300) /Users/tim/gocode/src/github.com/open-policy-agent/opa/repl/repl.go:153 +0x415 github.com/open-policy-agent/opa/repl.(REPL).Loop(0xc4200d60c0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/repl/repl.go:105 +0x1c1 github.com/open-policy-agent/opa/runtime.(Runtime).startRepl(0xc42002e078, 0xc420018720) /Users/tim/gocode/src/github.com/open-policy-agent/opa/runtime/runtime.go:158 +0xe2 github.com/open-policy-agent/opa/runtime.(Runtime).Start(0xc42002e078, 0xc420018720) /Users/tim/gocode/src/github.com/open-policy-agent/opa/runtime/runtime.go:78 +0x8d github.com/open-policy-agent/opa/cmd.init.1.func1(0xc42008efc0, 0xc420011ba0, 0x1, 0x1) /Users/tim/gocode/src/github.com/open-policy-agent/opa/cmd/run.go:68 +0x82 github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra.(Command).execute(0xc42008efc0, 0xc420011b50, 0x1, 0x1, 0xc42008efc0, 0xc420011b50) /Users/tim/gocode/src/github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra/command.go:636 +0x443 github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra.(Command).ExecuteC(0x661220, 0x0, 0x661220, 0xc42004fef8) /Users/tim/gocode/src/github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra/command.go:722 +0x367 github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra.(*Command).Execute(0x661220, 0x0, 0x0) /Users/tim/gocode/src/github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra/command.go:681 +0x2b main.main() /Users/tim/gocode/src/github.com/open-policy-agent/opa/main.go:12 +0x31

tsandall commented 7 years ago

The panic occurs because the topdown implementation assumes all rules in a set are of the same type. In this case, the first rule is a partial set and the second rule is a complete set. A simple check during compile-time could prevent this from happening.