Skip to content
This repository was archived by the owner on Apr 9, 2024. It is now read-only.

GoKart panics in the TaintAnalyzer #83

Open
#84
Open
GoKart panics in the TaintAnalyzer#83
#84
@smoyer64

Description

@smoyer64
smoyer64
opened on Dec 31, 2022

When scanning a project, GoKart panics with the following trace when running the TaintAnalyzer:

gokart scan
Using config found at /home/smoyer1/.gokart/analyzers.yml

Revving engines VRMMM VRMMM
3...2...1...Go!
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x9ebf55]

goroutine 1 [running]:
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc00235c210, 0x3?, 0xa, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:175 +0x3f5
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc00646a2e0, 0x0?, 0x9, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:200 +0x267b
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc00235cc10, 0x0?, 0x8, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:171 +0x1105
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc003cd81d0, 0xb70b90?, 0x7, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:163 +0x1816
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc006396d10, 0x0?, 0x6, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:141 +0x1fb2
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc0063b0e58, 0x0?, 0x5, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:232 +0x8b3
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc00235e030, 0x0?, 0x4, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:270 +0x1de9
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc00235e580, 0x3?, 0x3, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:212 +0x4ec
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc00235ea90, 0x4?, 0x2, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:200 +0x267b
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc0063c0460, 0x0?, 0x1, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:200 +0x267b
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaintRecurse(0xc00235f3f8, 0xc0063c4140, 0xc0063c60b0, 0x15?, 0x0, {0xc00235f2d8?, 0x0, 0x0})
        /home/smoyer1/git/gokart/util/taint.go:171 +0x1105
github.com/praetorian-inc/gokart/util.(*TaintAnalyzer).ContainsTaint(...)
        /home/smoyer1/git/gokart/util/taint.go:62
github.com/praetorian-inc/gokart/analyzers.ssrfRun(0xc0066043c0)
        /home/smoyer1/git/gokart/analyzers/ssrf.go:157 +0x6d5
github.com/praetorian-inc/gokart/run.RunAnalyzers({0x1088f00, 0x5, 0xb70eab?}, 0xc000b95c80)
        /home/smoyer1/git/gokart/run/run.go:173 +0x502
github.com/praetorian-inc/gokart/run.Run({0x1088f00, 0x5, 0x5}, {0xc00019b9c0?, 0x0?, 0x0?})
        /home/smoyer1/git/gokart/run/run.go:42 +0x11e
github.com/praetorian-inc/gokart/analyzers.Scan({0xc00019b9c0?, 0x1, 0x1})
        /home/smoyer1/git/gokart/analyzers/scan.go:163 +0x5d8
github.com/praetorian-inc/gokart/cmd.glob..func1(0x1090500?, {0x10c87a8, 0x0, 0x0})
        /home/smoyer1/git/gokart/cmd/scan.go:91 +0x42d
github.com/spf13/cobra.(*Command).execute(0x1090500, {0x10c87a8, 0x0, 0x0})
        /home/smoyer1/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:860 +0x663
github.com/spf13/cobra.(*Command).ExecuteC(0x1090280)
        /home/smoyer1/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:974 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
        /home/smoyer1/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:902
github.com/praetorian-inc/gokart/cmd.Execute(...)
        /home/smoyer1/git/gokart/cmd/root.go:61
main.main()
        /home/smoyer1/git/gokart/main.go:38 +0x25

This occurs because the Pkg field of a function might be nil according to the code's comments, but no nil check is included:

https://github.com/golang/tools/blob/b01e7a4e75d3f07db097384f829839c6628a46c8/go/ssa/ssa.go#L306-L317

As an aside, the project producing this panic includes generics which might be related or at least sympathetic. If so, it's related to #72. Feel free to assign this to me as I've got both this issue and #72 fixed and running as expected against a project that contains generics.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions