Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add the debugging ability for scanning Helm chart #1215

Merged
merged 8 commits into from
Mar 1, 2024
Merged

feat: Add the debugging ability for scanning Helm chart #1215

merged 8 commits into from
Mar 1, 2024

Conversation

MMMMMMorty
Copy link
Member

@MMMMMMorty MMMMMMorty commented May 1, 2023
edited

Overview

Mapping struct is defined in. 'mappingnode.go'. Three mapping objects are used, the connection among them is that one MappingNode represents one line in one template, MappingNodes represents one template, FileMapping represents one file, and one file can contain many template.
GetMapping function in GetWorkLoads function is to call yqlib package to form the FileMapping, which is the most important part.
Adding one more output FileMapping for GetWorkLoads function and change all the related functions which call it.
After that, I connect the Filemappingwith sarif Printer. After connecting, I can use the mapping to generate correct location and fixed object for helm chart.

Additional Information

Kubescape can scan helm chart files, however, Helm does not give information about which output line is coming from which input line.
For kubescape, there is no backward connection to the original sources file after the chart was templated.
More than that, Kubescape cannot not produce correct fixes for Helm charts.

How to Test

I have created the unit tests for filemapping in helmchart.go and sarif report.
In addition, I created a Github-action repository where I change docker image to my branch image, so I could test and use my branch there.

Examples

Here is the result example, the report format is sarif.
report.sarif.txt
For the helm chart object, it has correct locations and recommended fix objects

@MMMMMMorty MMMMMMorty marked this pull request as ready for review May 2, 2023 16:51
@slashben slashben requested a review from amirmalka May 2, 2023 19:10
amirmalka
amirmalka previously requested changes May 3, 2023
View reviewed changes
Copy link
Contributor

@amirmalka amirmalka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A good starting point for not breaking existing tests however I am missing unit tests as this PR introduces a quite amount of new code.

core/cautils/helmchart.go Outdated Show resolved Hide resolved
core/cautils/mappingnode.go Outdated Show resolved Hide resolved
core/cautils/parseFile.go Outdated Show resolved Hide resolved
core/cautils/parseFile.go Show resolved Hide resolved
@MMMMMMorty MMMMMMorty requested a review from amirmalka May 18, 2023 05:58
HollowMan6
HollowMan6 previously requested changes May 18, 2023
View reviewed changes
Copy link
Contributor

@HollowMan6 HollowMan6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some nit.

install Outdated Show resolved Hide resolved
report.sarif Outdated Show resolved Hide resolved
dwertent
dwertent requested changes Jun 5, 2023
View reviewed changes
Copy link
Contributor

@dwertent dwertent left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this great work!

Here are my few comments:

  1. I see there are some linter issues, please resolve them
  2. We are missing here unit tests. Please add unit tests to the cautils package and to the SARIF printer.
  3. Please keep your fork up-to-date with the master
  4. Please attach an example of the output. I suggest you set up a repository with a helm chart and a GitHub workflow so we can test this properly
  5. Please update the PR description

core/cautils/fileutils.go Show resolved Hide resolved
core/cautils/helmchart.go Show resolved Hide resolved
core/cautils/helmchart.go Show resolved Hide resolved
core/cautils/helmchart.go Show resolved Hide resolved
core/cautils/helmchart.go Show resolved Hide resolved
core/cautils/mappingnode.go Outdated Show resolved Hide resolved
install Outdated Show resolved Hide resolved
@MMMMMMorty MMMMMMorty changed the title Fix issue 11552 Adding the debugging ability for scanning Helm chart Jun 28, 2023
@MMMMMMorty MMMMMMorty changed the title Adding the debugging ability for scanning Helm chart feat: Add the debugging ability for scanning Helm chart Jul 24, 2023
@matthyx
Copy link
Contributor

matthyx commented Oct 9, 2023

@MMMMMMorty can you rebase?

@MMMMMMorty
Copy link
Member Author

@MMMMMMorty can you rebase?

Yes, I can do that.

@dwertent
Copy link
Contributor

@MMMMMMorty please notice the tests failed

@MMMMMMorty
Copy link
Member Author

@MMMMMMorty please notice the tests failed

Yes, I noticed that. I guess it is the part in unit test, I will change them.

@dwertent
Copy link
Contributor

dwertent commented Feb 28, 2024
edited

This is a great contribution that we would like to merge to Kubescape.
Here are my two findings:

  1. We are printing everything to the stdout. We should not do that:
example 
2024/02/28 13:42:52 its a map with 3 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 Processing Op: name
2024/02/28 13:42:52 D0, P[value], (!!map)::name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[value], (!!map)::name: null
2024/02/28 13:42:52 its a map with 1 entries
2024/02/28 13:42:52 checking name (!!str)
2024/02/28 13:42:52 pattern: name
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 crossFunction LHS len: 1
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value = name
2024/02/28 13:42:52 UpdateAttributesFrom: n: key-0 - [value name] other: key-0 - [value name]
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: 0 - [value name]
2024/02/28 13:42:52 merge - lhsPath [value name]
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.SequenceNode: false
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.ScalarNode: true
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.AliasNode: false
2024/02/28 13:42:52 merge - assignmentOp.OperationType = assignOpType, no updateassign
2024/02/28 13:42:52 Processing Op: ASSIGN
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: SHORT_PIPE
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: value
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 its a map with 3 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 Processing Op: name
2024/02/28 13:42:52 D0, P[value], (!!map)::name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[value], (!!map)::name: null
2024/02/28 13:42:52 its a map with 1 entries
2024/02/28 13:42:52 checking name (!!str)
2024/02/28 13:42:52 pattern: name
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 assignUpdateOperator prefs: {false false false}
2024/02/28 13:42:52 crossFunction evaluate apart!
2024/02/28 13:42:52 Processing Op: SHORT_PIPE
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: value
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 its a map with 3 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 Processing Op: name
2024/02/28 13:42:52 D0, P[value], (!!map)::name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[value], (!!map)::name: null
2024/02/28 13:42:52 its a map with 1 entries
2024/02/28 13:42:52 checking name (!!str)
2024/02/28 13:42:52 pattern: name
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 crossFunction LHS len: 1
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value = storage
2024/02/28 13:42:52 UpdateAttributesFrom: n: 0 - [value name] other: 0 - [value name]
2024/02/28 13:42:52 traverseArrayWithIndices
2024/02/28 13:42:52 splatting
2024/02/28 13:42:52 traverseArrayWithIndices
2024/02/28 13:42:52 splatting
2024/02/28 13:42:52 Multiplying LHS: !!map
2024/02/28 13:42:52 -          RHS: !!map
2024/02/28 13:42:52 merge - preferences.DeepMergeArrays false
2024/02/28 13:42:52 merge - preferences.AppendArrays false
2024/02/28 13:42:52 Recursive Decent, added D0, P[], (!!map)::type: '!!str'
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 Recursive Decent, added D0, P[type], (!!str)::type
2024/02/28 13:42:52 Recursive Decent, added D0, P[type], (!!str)::'!!str'
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: 0 - []
2024/02/28 13:42:52 merge - lhsPath []
2024/02/28 13:42:52 merge - assignmentOp := &Operation{OperationType: assignAttributesOpType}
2024/02/28 13:42:52 Processing Op: ASSIGN_ATTRIBUTES
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 getting lhs matching nodes for update
2024/02/28 13:42:52 Processing Op: SELF
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value =
2024/02/28 13:42:52 UpdateAttributesFrom: n: 0 - [] other: 0 - []
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: key-0 - [type]
2024/02/28 13:42:52 merge - lhsPath [type]
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.SequenceNode: false
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.ScalarNode: true
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.AliasNode: false
2024/02/28 13:42:52 merge - assignmentOp.OperationType = assignOpType, no updateassign
2024/02/28 13:42:52 Processing Op: ASSIGN
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: type
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
2024/02/28 13:42:52 its a map with 1 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 assignUpdateOperator prefs: {false false false}
2024/02/28 13:42:52 crossFunction evaluate apart!
2024/02/28 13:42:52 Processing Op: type
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 its a map with 2 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 crossFunction LHS len: 1
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value = type
2024/02/28 13:42:52 UpdateAttributesFrom: n: key-0 - [type] other: key-0 - [type]
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: 0 - [type]
2024/02/28 13:42:52 merge - lhsPath [type]
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.SequenceNode: false
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.ScalarNode: true
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.AliasNode: false
2024/02/28 13:42:52 merge - assignmentOp.OperationType = assignOpType, no updateassign
2024/02/28 13:42:52 Processing Op: ASSIGN
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: type
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 its a map with 2 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 assignUpdateOperator prefs: {false false false}
2024/02/28 13:42:52 crossFunction evaluate apart!
2024/02/28 13:42:52 Processing Op: type
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 its a map with 2 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: type
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 crossFunction LHS len: 1
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value = !!str
2024/02/28 13:42:52 UpdateAttributesFrom: n: 0 - [type] other: 0 - [type]
2024/02/28 13:42:52 traverseArrayWithIndices
2024/02/28 13:42:52 splatting
2024/02/28 13:42:52 Multiplying LHS: !!map
2024/02/28 13:42:52 -          RHS: !!map
2024/02/28 13:42:52 merge - preferences.DeepMergeArrays false
2024/02/28 13:42:52 merge - preferences.AppendArrays false
2024/02/28 13:42:52 Recursive Decent, added D0, P[], (!!map)::value: storage #This is the 21 line
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 Recursive Decent, added D0, P[value], (!!str)::value
2024/02/28 13:42:52 Recursive Decent, added D0, P[value], (!!str)::storage #This is the 21 line
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: 0 - []
2024/02/28 13:42:52 merge - lhsPath []
2024/02/28 13:42:52 merge - assignmentOp := &Operation{OperationType: assignAttributesOpType}
2024/02/28 13:42:52 Processing Op: ASSIGN_ATTRIBUTES
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 getting lhs matching nodes for update
2024/02/28 13:42:52 Processing Op: SELF
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value =
2024/02/28 13:42:52 UpdateAttributesFrom: n: 0 - [] other: 0 - []
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: key-0 - [value]
2024/02/28 13:42:52 merge - lhsPath [value]
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.SequenceNode: false
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.ScalarNode: true
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.AliasNode: false
2024/02/28 13:42:52 merge - assignmentOp.OperationType = assignOpType, no updateassign
2024/02/28 13:42:52 Processing Op: ASSIGN
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: value
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
2024/02/28 13:42:52 its a map with 2 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 assignUpdateOperator prefs: {false false false}
2024/02/28 13:42:52 crossFunction evaluate apart!
2024/02/28 13:42:52 Processing Op: value
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 its a map with 3 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including key
2024/02/28 13:42:52 crossFunction LHS len: 1
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value = value
2024/02/28 13:42:52 UpdateAttributesFrom: n: key-0 - [value] other: key-0 - [value]
2024/02/28 13:42:52 merge - applyAssignment lhs 0 - [], rhs: 0 - [value]
2024/02/28 13:42:52 merge - lhsPath [value]
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.SequenceNode: false
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.ScalarNode: true
2024/02/28 13:42:52 merge - rhs.Node.Kind == yaml.AliasNode: false
2024/02/28 13:42:52 merge - assignmentOp.OperationType = assignOpType, no updateassign
2024/02/28 13:42:52 Processing Op: ASSIGN
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 Processing Op: value
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 its a map with 3 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 assignUpdateOperator prefs: {false false false}
2024/02/28 13:42:52 crossFunction evaluate apart!
2024/02/28 13:42:52 Processing Op: value
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 -- traversePathOperator
2024/02/28 13:42:52 Traversing D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 its a map with 3 entries
2024/02/28 13:42:52 checking destpath (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking type (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 checking value (!!str)
2024/02/28 13:42:52 pattern: value
2024/02/28 13:42:52 MATCHED
2024/02/28 13:42:52 including value
2024/02/28 13:42:52 crossFunction LHS len: 1
2024/02/28 13:42:52 Processing Op: <nil> (<nil>)
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
value: null
2024/02/28 13:42:52 >>
2024/02/28 13:42:52 value = storage
2024/02/28 13:42:52 UpdateAttributesFrom: n: 0 - [value] other: 0 - [value]
2024/02/28 13:42:52 PrintResults for 2 matches
2024/02/28 13:42:52 -- print sep logic: p.firstTimePrinting: false, previousDocIndex: 0, mappedDoc.Document: 0
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata
type: '!!map'
value:
    name: storage #This is the 21 line
2024/02/28 13:42:52 done printing results
2024/02/28 13:42:52 -- print sep logic: p.firstTimePrinting: false, previousDocIndex: 0, mappedDoc.Document: 0
2024/02/28 13:42:52 D0, P[], (!!map)::destpath: metadata.name
type: '!!str'
  1. I scanned the kubescape chart and I panicked:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x18 pc=0x103530a44]

goroutine 1 [running]:
github.com/kubescape/kubescape/v3/core/cautils.writeNoteToMapping({0x140020c97c4?, 0x3d?}, 0x30?, {0x14002ff67b0, 0x8}, {0x14001dd7200?, 0x14001348428?}, 0x14001348578, 0x30?, 0x1, ...)
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/parseFile.go:128 +0x164
github.com/kubescape/kubescape/v3/core/cautils.writeNodes({0x14002754f10?, 0x2, 0x1040fa324?}, 0x4?, {0x14001dd7200, 0x3c}, 0x14002237f30?, 0x24?, 0x14002d7ae70?)
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/parseFile.go:105 +0xe8
github.com/kubescape/kubescape/v3/core/cautils.GetMapping({0x14001dd7200, 0x3c}, {0x14002237c00, 0x4c5})
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/parseFile.go:85 +0x330
github.com/kubescape/kubescape/v3/core/cautils.GetTemplateMapping(0x140017c45d0?, 0x0?)
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/helmchart.go:142 +0x84
github.com/kubescape/kubescape/v3/core/cautils.(*HelmChart).GetWorkloads(0x140017c45d0, 0x47?)
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/helmchart.go:71 +0x16c
github.com/kubescape/kubescape/v3/core/cautils.(*HelmChart).GetWorkloadsWithDefaultValues(...)
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/helmchart.go:51
github.com/kubescape/kubescape/v3/core/cautils.LoadResourcesFromHelmCharts({0x105dd96c0, 0x14002506b70}, {0x16f373768?, 0x44?})
	/Users/davidwertenteil/armo/repos/kubescape/core/cautils/fileutils.go:56 +0x1bc
github.com/kubescape/kubescape/v3/core/pkg/resourcehandler.getResourcesFromPath({0x105dd96c0, 0x14002506b70}, {0x16f373768, 0x2d})
	/Users/davidwertenteil/armo/repos/kubescape/core/pkg/resourcehandler/filesloader.go:282 +0x6fc
github.com/kubescape/kubescape/v3/core/pkg/resourcehandler.(*FileResourceHandler).GetResources(0x140012067d0?, {0x105dd96c0, 0x14002506b70}, 0x1400023f600, {0x0?, 0x0?}, 0x140013ee000)
	/Users/davidwertenteil/armo/repos/kubescape/core/pkg/resourcehandler/filesloader.go:53 +0x1a0
github.com/kubescape/kubescape/v3/core/pkg/resourcehandler.CollectResources({0x105dd96c0, 0x14002506b40}, {0x105dc20f8, 0x108806be0}, {0x1?, 0x0?, 0x140013ee000?}, 0x1400023f600, {0x105dc21b8, 0x14002213c08}, ...)
	/Users/davidwertenteil/armo/repos/kubescape/core/pkg/resourcehandler/handlerpullresources.go:29 +0x168
github.com/kubescape/kubescape/v3/core/core.(*Kubescape).Scan(0x0?, {0x105dd97a0?, 0x108806be0}, 0x140013ee000)
	/Users/davidwertenteil/armo/repos/kubescape/core/core/scan.go:166 +0x6c4
github.com/kubescape/kubescape/v3/cmd/scan.getFrameworkCmd.func2(0x140015c4700?, {0x14001274ae0, 0x2, 0x6})
	/Users/davidwertenteil/armo/repos/kubescape/cmd/scan/framework.go:120 +0x5f8
github.com/spf13/cobra.(*Command).execute(0x1400112c900, {0x14001274a80, 0x6, 0x6})
	/Users/davidwertenteil/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x1400112c000)
	/Users/davidwertenteil/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(...)
	/Users/davidwertenteil/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039
github.com/kubescape/kubescape/v3/cmd.Execute()
	/Users/davidwertenteil/armo/repos/kubescape/cmd/root.go:117 +0x38
main.main()
	/Users/davidwertenteil/armo/repos/kubescape/main.go:27 +0xbc

@MMMMMMorty
Copy link
Member Author

@dwertent For the printing problem, I will fix it soon. For the panic problem, I guess it mainly because I haven't updated this feature for a long time, I will fix it, too.

@dwertent dwertent mentioned this pull request Feb 28, 2024
Closed
@dwertent
Copy link
Contributor

dwertent commented Feb 28, 2024
edited

Thank you! You can reproduce the panic by running

./kubescape scan framework allcontrols https://github.com/kubescape/helm-charts

@dwertent dwertent requested review from dwertent and removed request for amirmalka February 29, 2024 14:31
MMMMMMorty and others added 5 commits February 29, 2024 15:33
@MMMMMMorty
Fix issue 11552
e476cc5 
Signed-off-by: MMMMMMorty <465346562@qq.com>
@MMMMMMorty
Add helm chart mapping node for sarif printer
9b695f0 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
@MMMMMMorty
add MappingNodes to getWorkloadFromHelmChart
7cbd351 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
@MMMMMMorty
clear the code to mappingnode and parseFile
d820936 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
@MMMMMMorty
add input to fixPathsToString
ec89e95 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
@MMMMMMorty
add fixs for error message
14e328c 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
@MMMMMMorty
Add solution for multiple files in one yaml helm chart file
f472ee2 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
dwertent
dwertent previously approved these changes Mar 1, 2024
View reviewed changes
@MMMMMMorty
Add parseFile tests
1909030 
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
@matthyx matthyx dismissed stale reviews from HollowMan6 and amirmalka March 1, 2024 12:02

works now

@dwertent dwertent merged commit bc33f10 into kubescape:master Mar 1, 2024
4 checks passed
@chenrui333 chenrui333 mentioned this pull request Mar 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthyx matthyx matthyx approved these changes

@amirmalka amirmalka amirmalka left review comments

@HollowMan6 HollowMan6 HollowMan6 left review comments

@dwertent dwertent dwertent left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@MMMMMMorty @matthyx @dwertent @amirmalka @HollowMan6