Convert: Crash converting JSON to SARIF due to panic

Question

Convert: Crash converting JSON to SARIF due to panic

chtzvt opened this issue a year ago · 6 comments

TL;DR

Currently, when using the new SARIF action, Legitify crashes due to a nil pointer dereference. This crash occurs when calling the action as Legit-Labs/legitify@36a5bc20c2fc38b31f1288af9fced03fb254a7d3.

Expected behavior

Ideally, the conversion would run.

Observed behavior

Legitify crashes 😢

Version

36a5bc2

On which operating system are you using legitify?

Linux

Relevant log output

legitify failed with:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x103d61c]

goroutine 1 [running]:
github.com/Legit-Labs/legitify/internal/outputer/formatter.ValidateOutputFormat({0x7ffe3169bf37, 0x5}, {0x152d50a, 0x9})
/home/runner/work/legitify/legitify/internal/outputer/formatter/output_format.go:38 +0x5c
github.com/Legit-Labs/legitify/cmd.(*args).validateSchemeOutputOptions(0x211b460)
/home/runner/work/legitify/legitify/cmd/common_args.go:140 +0xc5
github.com/Legit-Labs/legitify/cmd.(*args).applySchemeOutputOptions(0x0?)
/home/runner/work/legitify/legitify/cmd/common_args.go:124 +0x1e
github.com/Legit-Labs/legitify/cmd.executeConvertCommand(0xc00032b180?, {0x1526f55?, 0x6?, 0x6?})
/home/runner/work/legitify/legitify/cmd/convert.go:55 +0x75
github.com/spf13/cobra.(*Command).execute(0xc00032b180, {0xc00007ad80, 0x6, 0x6})
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0x2109160)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918
github.com/Legit-Labs/legitify/cmd.Execute()
/home/runner/work/legitify/legitify/cmd/root.go:35 +0x198
main.main()
/home/runner/work/legitify/legitify/main.go:6 +0x17

Additional information

Here's an excerpt of the Actions workflow calling Legitify:

jobs:
  audit_log:
    runs-on: ubuntu-latest
    name: Organization Security Audit

    steps:
      - name: Legitify
        uses: Legit-Labs/legitify@36a5bc20c2fc38b31f1288af9fced03fb254a7d3
        with:
          github_token: ${{ secrets.AUDIT_GITHUB_TOKEN }}
          upload_code_scanning: true

Answer 1 · 2023-05-24T20:44:13.000Z

CCing @gal-legit. I can help triage further if need be, but I haven't dug into your conversion codebase much yet.

Answer 2 · 2023-05-28T13:46:18.000Z

Thanks @chtzvt, we are looking into it.
Were you able to run the sarif action successfully previously?

Answer 3 · 2023-06-07T12:49:20.000Z

I am hitting the same problem. I tried several hashes, both before 36a5bc and after, and none of them showed me sarif files.

Answer 4 · 2023-06-07T13:38:24.000Z

@chtzvt @ygworldr
Sorry for not getting to this earlier.
I just released v0.2.7 which should fix the issue.
Please let me know if it still reproduces with the new version:
https://github.com/Legit-Labs/legitify/releases/tag/v0.2.7

Answer 5 · 2023-06-07T13:51:38.000Z

@gal-legit Perfect! It works. Thank you.

Answer 6 · 2023-06-11T13:01:41.000Z

Closing :)
@chtzvt please reopen if you still have any problems