output error while running the chain-bench scan
bparinas opened this issue ยท 12 comments
Description
Executing this simple command: docker run aquasec/chain-bench scan --repository-url [git repo] --access-token [git token]
Produce these errors:
2022-07-28 03:44:50 INF ๐ฉ Fetch Starting
2022-07-28 03:44:50 ERR error in authenticated user data
2022-07-28 03:44:50 ERR error in fetching repository data
2022-07-28 03:44:50 INF ๐ข๏ธ Fetching Repository Settings Finished
2022-07-28 03:44:50 ERR error in fetching branch protection
2022-07-28 03:44:50 INF ๐ฑ Fetching Branch Protection Settings Finished
2022-07-28 03:44:50 ERR error in fetching workflows
2022-07-28 03:44:50 INF ๐ง Fetching Pipelines Finished
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xb3f265]
goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x0, 0x0}, {0x7fffb403df52?, 0x1?})
/home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000242280?, {0xcfc484?, 0x2?, 0x2?})
/home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xac
github.com/spf13/cobra.(*Command).execute(0xc000242280, {0xc00024c040, 0x2, 0x2})
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0xc000242000)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918
github.com/aquasecurity/chain-bench/internal/commands.Execute({0xe4c9a8?, 0xc0000021a0?})
/home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32
main.main()
/home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27
Same Issue for me also. I don't see any issue on token permission or the repository. Looking forward if someone fix this similar issue.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1741885]
goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x7ffeefbffafb, 0x28}, {0x7ffeefbffaba?, 0x1?})
github.com/aquasecurity/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000264280?, {0x1900f9c?, 0x4?, 0x4?})
Regards,
Venkat
The scan seems to work fine though:
$ docker run aquasec/chain-bench scan --repository-url https://github.com/buildsec/frsca --access-token $GITHUB_TOKEN
Unable to find image 'aquasec/chain-bench:latest' locally
latest: Pulling from aquasec/chain-bench
b3c136eddcbf: Pull complete
d55ff444f396: Pull complete
508144a78229: Pull complete
Digest: sha256:a5940490930d6fc45a00dc65090a92c7514a5a9451ba435523bcb711b93ce87a
Status: Downloaded newer image for aquasec/chain-bench:latest
2022-08-02 12:15:49 INF ๐ฉ Fetch Starting
2022-08-02 12:15:55 WRN failed to fetch hooks data
2022-08-02 12:15:55 INF ๐ข๏ธ Fetching Repository Settings Finished
2022-08-02 12:15:55 ERR error in fetching branch protection
2022-08-02 12:15:55 INF ๐ฑ Fetching Branch Protection Settings Finished
2022-08-02 12:15:56 WRN file .github/workflows/ci.yaml not found
2022-08-02 12:15:56 WRN file dynamic/pages/pages-build-deployment not found
2022-08-02 12:15:56 INF ๐ง Fetching Pipelines Finished
2022-08-02 12:15:57 WRN failed to fetch organization hooks
2022-08-02 12:15:57 INF ๐ข Fetching Organization Settings Finished
2022-08-02 12:15:58 INF ๐ซ Fetching Members Finished
2022-08-02 12:15:58 INF ๐ Fetch succeeded
ID Name Result Reason
-------- ----------------------------------------------------------------------------------------------- --------- ------------------------------------------------------------------------I have seen the same error, it happened to me when my repository is not having any GitHub workflows.
@LiorVais Can you please tale a look in that pls?
Thank you for the issue!
The latest version seems to work just fine with and without docker.
@LalitTurbot I tried it on a repository without workflows, should work as well.
If you are running it on docker please make sure you use the latest image
Closing the issue, please reopen if anyone has this problem again ๐ฅ
Bumping this issue as I also cannot run the tool from cli, valid repo url and PAT. Same with a friend I know trying it on his repo.
Bumping this issue as I also cannot run the tool from cli, valid repo url and PAT. Same with a friend I know trying it on his repo.
@Shan-KulK Thanks for reporting this!
I couldn't reproduce the issue. Can you please provide more information on how you ran the scan?
If you are using docker, what image are you using?
Also, what type of repository is it? Under a user or organization?
Hi @Shan-KulK,
can you help us please reproduce this issue?
Got the same panic when authentication token was not provided.
The repository function return nil object to repo which isn't validated and tried to be accessed via *repo.Owner.Type
โ ~ docker run aquasec/chain-bench scan --repository-url https://github.com/aquasecurity/chain-bench -v
2022-09-14 13:31:33 INF ๐ฉ Fetch Starting
2022-09-14 13:31:33 ERR error in authenticated user data
2022-09-14 13:31:33 DBG error in authenticated user data error="GET https://api.github.com/user: 401 Bad credentials []"
2022-09-14 13:31:34 ERR error in fetching repository data
2022-09-14 13:31:34 DBG error in fetching repository data error="GET https://api.github.com/repos/aquasecurity/chain-bench: 401 Bad credentials []"
2022-09-14 13:31:34 INF ๐ข๏ธ Fetching Repository Settings Finished
2022-09-14 13:31:34 ERR error in fetching branch protection
2022-09-14 13:31:34 DBG error in fetching branch protection error="GET https://api.github.com/repos/aquasecurity/chain-bench/branches//protection: 401 Bad credentials []"
2022-09-14 13:31:34 INF ๐ฑ Fetching Branch Protection Settings Finished
2022-09-14 13:31:34 ERR error in fetching workflows
2022-09-14 13:31:34 DBG error in fetching workflows error="GET https://api.github.com/repos/aquasecurity/chain-bench/actions/workflows: 401 Bad credentials []"
2022-09-14 13:31:34 INF ๐ง Fetching Pipelines Finished
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xb3f265]
goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x0, 0x0}, {0x7ffeb8378f4b?, 0x1?})
/home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000250280?, {0xcfc484?, 0x3?, 0x3?})
/home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xac
github.com/spf13/cobra.(*Command).execute(0xc000250280, {0xc0001fdf20, 0x3, 0x3})
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0xc000250000)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918
github.com/aquasecurity/chain-bench/internal/commands.Execute({0xe4c9a8?, 0xc0000021a0?})
/home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32
main.main()
/home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27Sorry for the late reply, it seems to have fixed itself upon reinstall
Hello, Same Issue for me also.
Does the issue may appear when we have a dash symbol "-" in the repository-url value or token content ?