Error: called `Option::unwrap()` on a `None` value
Opened this issue · 1 comments
dappelt commented
Description
When running vuln-reach-cli with @gitlab/cluster-client in version 2.1.0 an error is returned. I also get the error with a couple of other projects. Any idea what causes the error?
The config is:
[[projects]]
name = "@gitlab/cluster-client:2.1.0"
tarballs = "./tarballs"
packages = [
{ name = "@gitlab/cluster-client", version = "2.1.0" },
{ name = "@ampproject/remapping", version = "2.2.1" },
{ name = "@babel/code-frame", version = "7.22.13" },
{ name = "@babel/compat-data", version = "7.22.20" },
{ name = "@babel/core", version = "7.23.0" },
{ name = "@babel/generator", version = "7.23.0" },
{ name = "@babel/helper-compilation-targets", version = "7.22.15" },
{ name = "@babel/helper-environment-visitor", version = "7.22.20" },
{ name = "@babel/helper-function-name", version = "7.23.0" },
{ name = "@babel/helper-hoist-variables", version = "7.22.5" },
{ name = "@babel/helper-module-imports", version = "7.22.15" },
{ name = "@babel/helper-module-transforms", version = "7.23.0" },
{ name = "@babel/helper-plugin-utils", version = "7.22.5" },
{ name = "@babel/helper-simple-access", version = "7.22.5" },
{ name = "@babel/helper-split-export-declaration", version = "7.22.6" },
{ name = "@babel/helper-string-parser", version = "7.22.5" },
{ name = "@babel/helper-validator-identifier", version = "7.22.20" },
{ name = "@babel/helper-validator-option", version = "7.22.15" },
{ name = "@babel/helpers", version = "7.23.1" },
{ name = "@babel/highlight", version = "7.22.20" },
{ name = "@babel/parser", version = "7.23.0" },
{ name = "@babel/plugin-syntax-async-generators", version = "7.8.4" },
{ name = "@babel/plugin-syntax-bigint", version = "7.8.3" },
{ name = "@babel/plugin-syntax-class-properties", version = "7.12.13" },
{ name = "@babel/plugin-syntax-import-meta", version = "7.10.4" },
{ name = "@babel/plugin-syntax-json-strings", version = "7.8.3" },
{ name = "@babel/plugin-syntax-jsx", version = "7.22.5" },
{ name = "@babel/plugin-syntax-logical-assignment-operators", version = "7.10.4" },
{ name = "@babel/plugin-syntax-nullish-coalescing-operator", version = "7.8.3" },
{ name = "@babel/plugin-syntax-numeric-separator", version = "7.10.4" },
{ name = "@babel/plugin-syntax-object-rest-spread", version = "7.8.3" },
{ name = "@babel/plugin-syntax-optional-catch-binding", version = "7.8.3" },
{ name = "@babel/plugin-syntax-optional-chaining", version = "7.8.3" },
{ name = "@babel/plugin-syntax-top-level-await", version = "7.14.5" },
{ name = "@babel/plugin-syntax-typescript", version = "7.22.5" },
{ name = "@babel/template", version = "7.22.15" },
{ name = "@babel/traverse", version = "7.23.0" },
{ name = "@babel/types", version = "7.23.0" },
{ name = "@bcoe/v8-coverage", version = "0.2.3" },
{ name = "@istanbuljs/load-nyc-config", version = "1.1.0" },
{ name = "@istanbuljs/schema", version = "0.1.3" },
{ name = "@jest/console", version = "29.7.0" },
{ name = "@jest/core", version = "29.7.0" },
{ name = "@jest/environment", version = "29.7.0" },
{ name = "@jest/expect", version = "29.7.0" },
{ name = "@jest/expect-utils", version = "29.7.0" },
{ name = "@jest/fake-timers", version = "29.7.0" },
{ name = "@jest/globals", version = "29.7.0" },
{ name = "@jest/reporters", version = "29.7.0" },
{ name = "@jest/schemas", version = "29.6.3" },
{ name = "@jest/source-map", version = "29.6.3" },
{ name = "@jest/test-result", version = "29.7.0" },
{ name = "@jest/test-sequencer", version = "29.7.0" },
{ name = "@jest/transform", version = "29.7.0" },
{ name = "@jest/types", version = "29.6.3" },
{ name = "@jridgewell/gen-mapping", version = "0.3.3" },
{ name = "@jridgewell/resolve-uri", version = "3.1.1" },
{ name = "@jridgewell/set-array", version = "1.1.2" },
{ name = "@jridgewell/sourcemap-codec", version = "1.4.15" },
{ name = "@jridgewell/trace-mapping", version = "0.3.19" },
{ name = "@sinclair/typebox", version = "0.27.8" },
{ name = "@sinonjs/commons", version = "3.0.0" },
{ name = "@sinonjs/fake-timers", version = "10.3.0" },
{ name = "@types/babel__core", version = "7.20.2" },
{ name = "@types/babel__generator", version = "7.6.5" },
{ name = "@types/babel__template", version = "7.4.2" },
{ name = "@types/babel__traverse", version = "7.20.2" },
{ name = "@types/graceful-fs", version = "4.1.7" },
{ name = "@types/istanbul-lib-coverage", version = "2.0.4" },
{ name = "@types/istanbul-lib-report", version = "3.0.1" },
{ name = "@types/istanbul-reports", version = "3.0.2" },
{ name = "@types/jest", version = "29.5.5" },
{ name = "@types/node", version = "20.7.1" },
{ name = "@types/stack-utils", version = "2.0.1" },
{ name = "@types/yargs", version = "17.0.25" },
{ name = "@types/yargs-parser", version = "21.0.1" },
{ name = "ansi-escapes", version = "4.3.2" },
{ name = "ansi-regex", version = "5.0.1" },
{ name = "ansi-styles", version = "3.2.1" },
{ name = "ansi-styles", version = "4.3.0" },
{ name = "ansi-styles", version = "5.2.0" },
{ name = "anymatch", version = "3.1.3" },
{ name = "argparse", version = "1.0.10" },
{ name = "axios", version = "0.24.0" },
{ name = "babel-jest", version = "29.7.0" },
{ name = "babel-plugin-istanbul", version = "6.1.1" },
{ name = "babel-plugin-jest-hoist", version = "29.6.3" },
{ name = "babel-preset-current-node-syntax", version = "1.0.1" },
{ name = "babel-preset-jest", version = "29.6.3" },
{ name = "balanced-match", version = "1.0.2" },
{ name = "brace-expansion", version = "1.1.11" },
{ name = "braces", version = "3.0.2" },
{ name = "browserslist", version = "4.22.0" },
{ name = "bs-logger", version = "0.2.6" },
{ name = "bser", version = "2.1.1" },
{ name = "buffer-from", version = "1.1.2" },
{ name = "callsites", version = "3.1.0" },
{ name = "camelcase", version = "5.3.1" },
{ name = "camelcase", version = "6.3.0" },
{ name = "caniuse-lite", version = "1.0.30001541" },
{ name = "chalk", version = "2.4.2" },
{ name = "chalk", version = "4.1.2" },
{ name = "char-regex", version = "1.0.2" },
{ name = "ci-info", version = "3.8.0" },
{ name = "cjs-module-lexer", version = "1.2.3" },
{ name = "cliui", version = "8.0.1" },
{ name = "co", version = "4.6.0" },
{ name = "collect-v8-coverage", version = "1.0.2" },
{ name = "color-convert", version = "1.9.3" },
{ name = "color-convert", version = "2.0.1" },
{ name = "color-name", version = "1.1.3" },
{ name = "color-name", version = "1.1.4" },
{ name = "concat-map", version = "0.0.1" },
{ name = "convert-source-map", version = "1.9.0" },
{ name = "convert-source-map", version = "2.0.0" },
{ name = "core-js", version = "3.32.2" },
{ name = "create-jest", version = "29.7.0" },
{ name = "cross-spawn", version = "7.0.3" },
{ name = "debug", version = "4.3.4" },
{ name = "dedent", version = "1.5.1" },
{ name = "deepmerge", version = "4.3.1" },
{ name = "detect-newline", version = "3.1.0" },
{ name = "diff-sequences", version = "29.6.3" },
{ name = "electron-to-chromium", version = "1.4.532" },
{ name = "emittery", version = "0.13.1" },
{ name = "emoji-regex", version = "8.0.0" },
{ name = "error-ex", version = "1.3.2" },
{ name = "escalade", version = "3.1.1" },
{ name = "escape-string-regexp", version = "1.0.5" },
{ name = "escape-string-regexp", version = "2.0.0" },
{ name = "esprima", version = "4.0.1" },
{ name = "execa", version = "5.1.1" },
{ name = "exit", version = "0.1.2" },
{ name = "expect", version = "29.7.0" },
{ name = "fast-json-stable-stringify", version = "2.1.0" },
{ name = "fb-watchman", version = "2.0.2" },
{ name = "fill-range", version = "7.0.1" },
{ name = "find-up", version = "4.1.0" },
{ name = "follow-redirects", version = "1.15.3" },
{ name = "fs.realpath", version = "1.0.0" },
{ name = "fsevents", version = "2.3.3" },
{ name = "function-bind", version = "1.1.1" },
{ name = "gensync", version = "1.0.0-beta.2" },
{ name = "get-caller-file", version = "2.0.5" },
{ name = "get-package-type", version = "0.1.0" },
{ name = "get-stream", version = "6.0.1" },
{ name = "glob", version = "7.2.3" },
{ name = "globals", version = "11.12.0" },
{ name = "graceful-fs", version = "4.2.11" },
{ name = "has", version = "1.0.3" },
{ name = "has-flag", version = "3.0.0" },
{ name = "has-flag", version = "4.0.0" },
{ name = "html-escaper", version = "2.0.2" },
{ name = "human-signals", version = "2.1.0" },
{ name = "import-local", version = "3.1.0" },
{ name = "imurmurhash", version = "0.1.4" },
{ name = "inflight", version = "1.0.6" },
{ name = "inherits", version = "2.0.4" },
{ name = "is-arrayish", version = "0.2.1" },
{ name = "is-core-module", version = "2.13.0" },
{ name = "is-fullwidth-code-point", version = "3.0.0" },
{ name = "is-generator-fn", version = "2.1.0" },
{ name = "is-number", version = "7.0.0" },
{ name = "is-stream", version = "2.0.1" },
{ name = "isexe", version = "2.0.0" },
{ name = "istanbul-lib-coverage", version = "3.2.0" },
{ name = "istanbul-lib-instrument", version = "5.2.1" },
{ name = "istanbul-lib-instrument", version = "6.0.0" },
{ name = "istanbul-lib-report", version = "3.0.1" },
{ name = "istanbul-lib-source-maps", version = "4.0.1" },
{ name = "istanbul-reports", version = "3.1.6" },
{ name = "jest", version = "29.7.0" },
{ name = "jest-changed-files", version = "29.7.0" },
{ name = "jest-circus", version = "29.7.0" },
{ name = "jest-cli", version = "29.7.0" },
{ name = "jest-config", version = "29.7.0" },
{ name = "jest-diff", version = "29.7.0" },
{ name = "jest-docblock", version = "29.7.0" },
{ name = "jest-each", version = "29.7.0" },
{ name = "jest-environment-node", version = "29.7.0" },
{ name = "jest-get-type", version = "29.6.3" },
{ name = "jest-haste-map", version = "29.7.0" },
{ name = "jest-leak-detector", version = "29.7.0" },
{ name = "jest-matcher-utils", version = "29.7.0" },
{ name = "jest-message-util", version = "29.7.0" },
{ name = "jest-mock", version = "29.7.0" },
{ name = "jest-pnp-resolver", version = "1.2.3" },
{ name = "jest-regex-util", version = "29.6.3" },
{ name = "jest-resolve", version = "29.7.0" },
{ name = "jest-resolve-dependencies", version = "29.7.0" },
{ name = "jest-runner", version = "29.7.0" },
{ name = "jest-runtime", version = "29.7.0" },
{ name = "jest-snapshot", version = "29.7.0" },
{ name = "jest-util", version = "29.7.0" },
{ name = "jest-validate", version = "29.7.0" },
{ name = "jest-watcher", version = "29.7.0" },
{ name = "jest-worker", version = "29.7.0" },
{ name = "js-tokens", version = "4.0.0" },
{ name = "js-yaml", version = "3.14.1" },
{ name = "jsesc", version = "2.5.2" },
{ name = "json-parse-even-better-errors", version = "2.3.1" },
{ name = "json5", version = "2.2.3" },
{ name = "kleur", version = "3.0.3" },
{ name = "leven", version = "3.1.0" },
{ name = "lines-and-columns", version = "1.2.4" },
{ name = "locate-path", version = "5.0.0" },
{ name = "lodash.memoize", version = "4.1.2" },
{ name = "lru-cache", version = "5.1.1" },
{ name = "lru-cache", version = "6.0.0" },
{ name = "make-dir", version = "4.0.0" },
{ name = "make-error", version = "1.3.6" },
{ name = "makeerror", version = "1.0.12" },
{ name = "merge-stream", version = "2.0.0" },
{ name = "micromatch", version = "4.0.5" },
{ name = "mimic-fn", version = "2.1.0" },
{ name = "minimatch", version = "3.1.2" },
{ name = "mitt", version = "3.0.1" },
{ name = "ms", version = "2.1.2" },
{ name = "natural-compare", version = "1.4.0" },
{ name = "node-int64", version = "0.4.0" },
{ name = "node-releases", version = "2.0.13" },
{ name = "normalize-path", version = "3.0.0" },
{ name = "npm-run-path", version = "4.0.1" },
{ name = "once", version = "1.4.0" },
{ name = "onetime", version = "5.1.2" },
{ name = "p-limit", version = "2.3.0" },
{ name = "p-limit", version = "3.1.0" },
{ name = "p-locate", version = "4.1.0" },
{ name = "p-try", version = "2.2.0" },
{ name = "parse-json", version = "5.2.0" },
{ name = "path-exists", version = "4.0.0" },
{ name = "path-is-absolute", version = "1.0.1" },
{ name = "path-key", version = "3.1.1" },
{ name = "path-parse", version = "1.0.7" },
{ name = "picocolors", version = "1.0.0" },
{ name = "picomatch", version = "2.3.1" },
{ name = "pirates", version = "4.0.6" },
{ name = "pkg-dir", version = "4.2.0" },
{ name = "prettier", version = "3.0.3" },
{ name = "pretty-format", version = "29.7.0" },
{ name = "prompts", version = "2.4.2" },
{ name = "pure-rand", version = "6.0.4" },
{ name = "react-is", version = "18.2.0" },
{ name = "require-directory", version = "2.1.1" },
{ name = "resolve", version = "1.22.6" },
{ name = "resolve-cwd", version = "3.0.0" },
{ name = "resolve-from", version = "5.0.0" },
{ name = "resolve.exports", version = "2.0.2" },
{ name = "semver", version = "6.3.1" },
{ name = "semver", version = "7.5.4" },
{ name = "shebang-command", version = "2.0.0" },
{ name = "shebang-regex", version = "3.0.0" },
{ name = "signal-exit", version = "3.0.7" },
{ name = "sisteransi", version = "1.0.5" },
{ name = "slash", version = "3.0.0" },
{ name = "source-map", version = "0.6.1" },
{ name = "source-map-support", version = "0.5.13" },
{ name = "sprintf-js", version = "1.0.3" },
{ name = "stack-utils", version = "2.0.6" },
{ name = "string-length", version = "4.0.2" },
{ name = "string-width", version = "4.2.3" },
{ name = "strip-ansi", version = "6.0.1" },
{ name = "strip-bom", version = "4.0.0" },
{ name = "strip-final-newline", version = "2.0.0" },
{ name = "strip-json-comments", version = "3.1.1" },
{ name = "supports-color", version = "5.5.0" },
{ name = "supports-color", version = "7.2.0" },
{ name = "supports-color", version = "8.1.1" },
{ name = "supports-preserve-symlinks-flag", version = "1.0.0" },
{ name = "test-exclude", version = "6.0.0" },
{ name = "tmpl", version = "1.0.5" },
{ name = "to-fast-properties", version = "2.0.0" },
{ name = "to-regex-range", version = "5.0.1" },
{ name = "ts-jest", version = "29.1.1" },
{ name = "tsc", version = "2.0.4" },
{ name = "type-detect", version = "4.0.8" },
{ name = "type-fest", version = "0.21.3" },
{ name = "typescript", version = "4.9.5" },
{ name = "update-browserslist-db", version = "1.0.13" },
{ name = "v8-to-istanbul", version = "9.1.0" },
{ name = "walker", version = "1.0.8" },
{ name = "which", version = "2.0.2" },
{ name = "wrap-ansi", version = "7.0.0" },
{ name = "wrappy", version = "1.0.2" },
{ name = "write-file-atomic", version = "4.0.2" },
{ name = "y18n", version = "5.0.8" },
{ name = "yallist", version = "3.1.1" },
{ name = "yallist", version = "4.0.0" },
{ name = "yargs", version = "17.7.2" },
{ name = "yargs-parser", version = "21.1.1" },
{ name = "yocto-queue", version = "0.1.0" },
]
vuln = [
# "vulnerable_package": "@babel/traverse:7.23.0",
# "advisory_url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/npm/@babel/traverse/CVE-2023-45133.yml"
{ package = "@babel/traverse", module = "lib/path/evaluation.js", start_row = 298, start_column = 16, end_row = 298, end_column = 23 },
]
The error is:
RUST_BACKTRACE=1 ./vuln-reach-cli ./vuln-reach-config.toml
Reachability for @gitlab/cluster-client:2.1.0
thread 'main' panicked at vuln-reach/src/javascript/lang/symbol_table.rs:371:50:
called `Option::unwrap()` on a `None` value
stack backtrace:
0: rust_begin_unwind
at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/std/src/panicking.rs:595:5
1: core::panicking::panic_fmt
at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/core/src/panicking.rs:67:14
2: core::panicking::panic
at /rustc/cc66ad468955717ab92600c770da8c1601a4ff33/library/core/src/panicking.rs:117:5
3: vuln_reach::javascript::lang::symbol_table::SymbolTable::lookup
4: vuln_reach::javascript::lang::accesses::AccessGraph::new
5: vuln_reach::javascript::module::<impl core::convert::TryFrom<vuln_reach::Tree> for vuln_reach::javascript::module::ouroboros_impl_module::Module>::try_from
6: <vuln_reach::javascript::module::resolver::tgz::TarballModuleResolver as vuln_reach::javascript::module::resolver::ModuleResolver>::load
7: vuln_reach::javascript::module::module_cache::ModuleCache::with_initial_nodes
8: vuln_reach::javascript::package::Package<vuln_reach::javascript::module::resolver::tgz::TarballModuleResolver>::from_tarball_bytes
9: vuln_reach_cli::ProjectDef::reachability
10: vuln_reach_cli::main::{{closure}}
11: tokio::runtime::park::CachedParkThread::block_on
12: tokio::runtime::context::runtime::enter_runtime
13: tokio::runtime::runtime::Runtime::block_on
14: vuln_reach_cli::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
andreaphylum commented
Hi, thank you for reporting this!
I'll have to look into it.
It sounds like one invariant does not hold. A body node should always belong to a scope; at a minimum, the global scope of the module.