Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cli): avoid panic when assessment has NO vulns #600

Merged
merged 1 commit into from
Nov 5, 2021
Merged

fix(cli): avoid panic when assessment has NO vulns #600

merged 1 commit into from
Nov 5, 2021

Conversation

afiune
Copy link
Contributor

@afiune afiune commented Nov 5, 2021
edited
Loading

Summary

The Lacework CLI panics when trying to run a scan, check for a scan-status, or show
the results of a container image that has NO vulnerabilities.

$ lacework vulnerability container scan-status 36940f74-cad7-4007-ac3d-f702f01254ba
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1612dc6]

goroutine 1 [running]:
[github.com/lacework/go-sdk/cli/cmd.buildVulnContainerAssessmentReports(0xc00061e100|http://github.com/lacework/go-sdk/cli/cmd.buildVulnContainerAssessmentReports(0xc00061e100], 0x24, 0xc00061e100)
	/codefresh/volume/go-sdk/cli/cmd/vulnerability.go:343 +0x1e6
[github.com/lacework/go-sdk/cli/cmd.checkOnDemandContainerVulnerabilityStatus|http://github.com/lacework/go-sdk/cli/cmd.checkOnDemandContainerVulnerabilityStatus](0x7ffeefbffbb5, 0x24, 0x11bec20, 0xc0001f9cb8)
	/codefresh/volume/go-sdk/cli/cmd/vuln_container.go:431 +0x1bb
[github.com/lacework/go-sdk/cli/cmd.glob..func37(0x1c1fa40|http://github.com/lacework/go-sdk/cli/cmd.glob..func37(0x1c1fa40], 0xc000192c70, 0x1, 0x1, 0x0, 0x0)
	/codefresh/volume/go-sdk/cli/cmd/vuln_container.go:82 +0x65
[github.com/spf13/cobra.(*Command).execute(0x1c1fa40|http://github.com/spf13/cobra.(*Command).execute(0x1c1fa40], 0xc000192c50, 0x1, 0x1, 0x1c1fa40, 0xc000192c50)
	/codefresh/volume/go-sdk/vendor/github.com/spf13/cobra/command.go:856 +0x472
[github.com/spf13/cobra.(*Command).ExecuteC(0x1c2abc0|http://github.com/spf13/cobra.(*Command).ExecuteC(0x1c2abc0], 0x2, 0x1006625, 0xc000078000)
	/codefresh/volume/go-sdk/vendor/github.com/spf13/cobra/command.go:974 +0x375
[github.com/spf13/cobra.(*Command).Execute(...)|http://github.com/spf13/cobra.(*Command).Execute(...)]
	/codefresh/volume/go-sdk/vendor/github.com/spf13/cobra/command.go:902
[github.com/lacework/go-sdk/cli/cmd.Execute|http://github.com/lacework/go-sdk/cli/cmd.Execute](0x0, 0x0)
	/codefresh/volume/go-sdk/cli/cmd/root.go:118 +0xa8
main.main()
	/codefresh/volume/go-sdk/cli/main.go:29 +0x26

Signed-off-by: Salim Afiune Maya [email protected]

How did you test this change?

Added a bunch of unit tests that should have been added on previous refactors.

Additionally, I ran a scan against an image without vulnerabilities and it worked great, as well as showing an existing assessment without vulnerabilities, the result:

$ lacework vuln ctr show sha256:c838ee70a4aa2a13be872269746035faac7b5f7706d5faca9fd147615ac5db73
Great news! This container image has no vulnerabilities... (time for 🍺 )

Issue

JIRA: https://lacework.atlassian.net/browse/ALLY-734

@afiune
fix(cli): avoid panic when assessment has NO vulns
bbd6948 
The Lacework CLI panics when trying to run a scan, check for a scan-status, or show
the results of a container image that has NO vulnerabilities.

```
$ lacework vulnerability container scan-status 36940f74-cad7-4007-ac3d-f702f01254ba
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1612dc6]

goroutine 1 [running]:
[github.com/lacework/go-sdk/cli/cmd.buildVulnContainerAssessmentReports(0xc00061e100|http://github.com/lacework/go-sdk/cli/cmd.buildVulnContainerAssessmentReports(0xc00061e100], 0x24, 0xc00061e100)
	/codefresh/volume/go-sdk/cli/cmd/vulnerability.go:343 +0x1e6
[github.com/lacework/go-sdk/cli/cmd.checkOnDemandContainerVulnerabilityStatus|http://github.com/lacework/go-sdk/cli/cmd.checkOnDemandContainerVulnerabilityStatus](0x7ffeefbffbb5, 0x24, 0x11bec20, 0xc0001f9cb8)
	/codefresh/volume/go-sdk/cli/cmd/vuln_container.go:431 +0x1bb
[github.com/lacework/go-sdk/cli/cmd.glob..func37(0x1c1fa40|http://github.com/lacework/go-sdk/cli/cmd.glob..func37(0x1c1fa40], 0xc000192c70, 0x1, 0x1, 0x0, 0x0)
	/codefresh/volume/go-sdk/cli/cmd/vuln_container.go:82 +0x65
[github.com/spf13/cobra.(*Command).execute(0x1c1fa40|http://github.com/spf13/cobra.(*Command).execute(0x1c1fa40], 0xc000192c50, 0x1, 0x1, 0x1c1fa40, 0xc000192c50)
	/codefresh/volume/go-sdk/vendor/github.com/spf13/cobra/command.go:856 +0x472
[github.com/spf13/cobra.(*Command).ExecuteC(0x1c2abc0|http://github.com/spf13/cobra.(*Command).ExecuteC(0x1c2abc0], 0x2, 0x1006625, 0xc000078000)
	/codefresh/volume/go-sdk/vendor/github.com/spf13/cobra/command.go:974 +0x375
[github.com/spf13/cobra.(*Command).Execute(...)|http://github.com/spf13/cobra.(*Command).Execute(...)]
	/codefresh/volume/go-sdk/vendor/github.com/spf13/cobra/command.go:902
[github.com/lacework/go-sdk/cli/cmd.Execute|http://github.com/lacework/go-sdk/cli/cmd.Execute](0x0, 0x0)
	/codefresh/volume/go-sdk/cli/cmd/root.go:118 +0xa8
main.main()
	/codefresh/volume/go-sdk/cli/main.go:29 +0x26
```

JIRA: https://lacework.atlassian.net/browse/ALLY-734

Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune afiune requested a review from a team November 5, 2021 13:40
@afiune afiune added bug Something isn't working cli Something related to the Lacework CLI labels Nov 5, 2021
afiune
afiune commented Nov 5, 2021
View reviewed changes
cli/cmd/vulnerability.go
details = vulnerabilityDetailsReport{
VulnerabilityDetails: filterVulContainerImageLayers(assessment.Image),
Packages: filterVulnContainerImagePackages(assessment.Image),
if assessment.TotalVulnerabilities == 0 {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the actual fix, but I added a bunch of tests and other checks.

hazedav
hazedav approved these changes Nov 5, 2021
View reviewed changes
Copy link
Collaborator

@hazedav hazedav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@afiune afiune merged commit 4638c7e into main Nov 5, 2021
@afiune afiune deleted the afiune/ALLY-734/container-bug branch November 5, 2021 14:57
@lacework-releng lacework-releng mentioned this pull request Nov 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hazedav hazedav hazedav approved these changes

Assignees
No one assigned
Labels
bug Something isn't working cli Something related to the Lacework CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@afiune @hazedav