Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues running terrascan in azure pipelines #835

Closed
BHeilemann opened this issue Jun 4, 2021 · 3 comments · Fixed by #906
Closed

Issues running terrascan in azure pipelines #835

BHeilemann opened this issue Jun 4, 2021 · 3 comments · Fixed by #906
Assignees
@kanchwala-yusuf

Comments

@BHeilemann
Copy link

  • terrascan version: v1.6.0
  • Operating System: ubuntu 20.04 => azure pipelines vmImage: ubuntu-latest

Description

Goal is to scan our terraform files for issues in azure pipelines (yaml pipeline).
We can run terrascan --help
We can't run terrascan init
We can't run terrescan scan
The logout put hints that there is a filesystem issue with getting terrascan policies.

What I Did

curl --location https://github.com/accurics/terrascan/releases/download/v1.6.0/terrascan_1.6.0_Linux_x86_64.tar.gz --output terrascan.tar.gz
tar -xvf terrascan.tar.gz
sudo install terrascan /usr/local/bin
terrascan scan -t azure -i terraform -d /home/vsts/work/1/s/infrastructure/development -o xml

Output of terrascan

terra init -l debug

	debug	cli/register.go:50	TERRASCAN_CONFIG:
	debug	config/config-reader.go:48	no config file specified
	debug	utils/policy.go:27	absolute rego_subdir path, `/home/vsts/work/1/s/pkg/policies/opa/rego`, does not fall under base repo path's `/home/vsts/.terrascan` directory structure
	debug	utils/policy.go:28	appending rego_subdir path: `pkg/policies/opa/rego` to the policy base path: `/home/vsts/.terrascan`. checking ...
	debug	config/global.go:116	global config loaded
	debug	initialize/run.go:39	initializing terrascan
	debug	initialize/run.go:68	downloading policies
	debug	initialize/run.go:70	base directory path : /home/vsts/.terrascan
	debug	initialize/run.go:71	policy directory path : /home/vsts/.terrascan/pkg/policies/opa/rego
	debug	initialize/run.go:72	policy repo url : https://github.com/accurics/terrascan.git
	debug	initialize/run.go:73	policy repo git branch : master
	debug	initialize/run.go:77	cloning terrascan repo at /home/vsts/.terrascan
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x63 pc=0x7fbeb430e5ca]

runtime stack:
runtime.throw(0x25cb3a3, 0x2a)
	/usr/lib/go-1.15/src/runtime/panic.go:1116 +0x72
runtime.sigpanic()
	/usr/lib/go-1.15/src/runtime/signal_unix.go:726 +0x4ac

terra scan


 fatal error: unexpected signal during runtime execution
 [signal SIGSEGV: segmentation violation code=0x1 addr=0x63 pc=0x7f716813c5ca]
 
 runtime stack:
 runtime.throw(0x25cb3a3, 0x2a)
 	/usr/lib/go-1.15/src/runtime/panic.go:1116 +0x72
 runtime.sigpanic()
 	/usr/lib/go-1.15/src/runtime/signal_unix.go:726 +0x4ac
 
 goroutine 11 [syscall]:
 runtime.cgocall(0x1efb9a0, 0xc000b5cdc0, 0xc0002421f8)
 	/usr/lib/go-1.15/src/runtime/cgocall.go:133 +0x5b fp=0xc000b5cd90 sp=0xc000b5cd58 pc=0x40b0db
 net._C2func_getaddrinfo(0xc000bc6e90, 0x0, 0xc000bc93b0, 0xc0002421f8, 0x0, 0x0, 0x0)
 	_cgo_gotypes.go:94 +0x55 fp=0xc000b5cdc0 sp=0xc000b5cd90 pc=0x607475
 net.cgoLookupIPCNAME.func1(0xc000bc6e90, 0xb, 0xb, 0xc000bc93b0, 0xc0002421f8, 0x0, 0xc000b5cea0, 0x60a992)
 	/usr/lib/go-1.15/src/net/cgo_unix.go:161 +0xc5 fp=0xc000b5ce08 sp=0xc000b5cdc0 pc=0x60d1e5
 net.cgoLookupIPCNAME(0x25777cc, 0x3, 0xc000bc6e70, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/cgo_unix.go:161 +0x16b fp=0xc000b5cf18 sp=0xc000b5ce08 pc=0x60898b
 net.cgoIPLookup(0xc000334600, 0x25777cc, 0x3, 0xc000bc6e70, 0xa)
 	/usr/lib/go-1.15/src/net/cgo_unix.go:218 +0x67 fp=0xc000b5cfb8 sp=0xc000b5cf18 pc=0x6090c7
 runtime.goexit()
 	/usr/lib/go-1.15/src/runtime/asm_amd64.s:1374 +0x1 fp=0xc000b5cfc0 sp=0xc000b5cfb8 pc=0x475ee1
 created by net.cgoLookupIP
 	/usr/lib/go-1.15/src/net/cgo_unix.go:228 +0xc7
 
 goroutine 1 [select]:
 net/http.(*Transport).getConn(0x397f1c0, 0xc000b84d80, 0x0, 0xc000b91180, 0x5, 0xc000bc6e70, 0xe, 0x0, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/http/transport.go:1347 +0x5ac
 net/http.(*Transport).roundTrip(0x397f1c0, 0xc00017ad00, 0x30, 0x7f71683121c8, 0x150)
 	/usr/lib/go-1.15/src/net/http/transport.go:569 +0x77c
 net/http.(*Transport).RoundTrip(0x397f1c0, 0xc00017ad00, 0x397f1c0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/net/http/roundtrip.go:17 +0x35
 net/http.send(0xc00017ad00, 0x28d1d80, 0x397f1c0, 0x0, 0x0, 0x0, 0xc0002421e0, 0x203000, 0x1, 0x0)
 	/usr/lib/go-1.15/src/net/http/client.go:252 +0x453
 net/http.(*Client).send(0x3a8b580, 0xc00017ad00, 0x0, 0x0, 0x0, 0xc0002421e0, 0x0, 0x1, 0x10)
 	/usr/lib/go-1.15/src/net/http/client.go:176 +0xff
 net/http.(*Client).do(0x3a8b580, 0xc00017ad00, 0x0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/net/http/client.go:718 +0x45f
 net/http.(*Client).Do(...)
 	/usr/lib/go-1.15/src/net/http/client.go:586
 gopkg.in/src-d/go-git.v4/plumbing/transport/http.advertisedReferences(0xc000bc9230, 0x258a1fb, 0xf, 0x0, 0x0, 0x0)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/plumbing/transport/http/common.go:48 +0x24a
 gopkg.in/src-d/go-git.v4/plumbing/transport/http.(*upSession).AdvertisedReferences(0xc0002421c0, 0x29173c0, 0xc0002421c0, 0x7f7160dc4478)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/plumbing/transport/http/upload_pack.go:28 +0x45
 gopkg.in/src-d/go-git%2ev4.(*Remote).fetch(0xc0007964e0, 0x292d280, 0xc000130010, 0xc0006918c8, 0x0, 0x0, 0x0, 0x0)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/remote.go:296 +0x1e5
 gopkg.in/src-d/go-git%2ev4.(*Repository).fetchAndUpdateReferences(0xc000bc8f90, 0x292d280, 0xc000130010, 0xc0006918c8, 0x2577c15, 0x4, 0xc000bc8f60, 0xc000691928, 0xa24b19)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/repository.go:877 +0xc5
 gopkg.in/src-d/go-git%2ev4.(*Repository).clone(0xc000bc8f90, 0x292d280, 0xc000130010, 0xc000691b80, 0x0, 0x0)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/repository.go:744 +0x291
 gopkg.in/src-d/go-git%2ev4.PlainCloneContext(0x292d280, 0xc000130010, 0xc000132660, 0x15, 0xc000691a00, 0xc000691b80, 0x1, 0x0, 0x0)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/repository.go:360 +0xcc
 gopkg.in/src-d/go-git%2ev4.PlainClone(...)
 	/go/pkg/mod/gopkg.in/src-d/[email protected]/repository.go:336
 github.com/accurics/terrascan/pkg/initialize.DownloadPolicies(0x26032c0, 0x45)
 	/go/src/github.com/accurics/terrascan/pkg/initialize/run.go:80 +0x4e5
 github.com/accurics/terrascan/pkg/initialize.Run(0x1, 0x0, 0xc0000cdc98)
 	/go/src/github.com/accurics/terrascan/pkg/initialize/run.go:53 +0xfd
 github.com/accurics/terrascan/pkg/cli.initial(0x3981480, 0xc000179880, 0x0, 0x8, 0x1, 0x1, 0xc000011170)
 	/go/src/github.com/accurics/terrascan/pkg/cli/init.go:41 +0x31
 github.com/accurics/terrascan/pkg/cli.glob..func2(0x3981480, 0xc000179880, 0x0, 0x8, 0x0, 0x0)
 	/go/src/github.com/accurics/terrascan/pkg/cli/scan.go:39 +0x4e
 github.com/spf13/cobra.(*Command).execute(0x3981480, 0xc000179800, 0x8, 0x8, 0x3981480, 0xc000179800)
 	/go/pkg/mod/github.com/spf13/[email protected]/command.go:839 +0x530
 github.com/spf13/cobra.(*Command).ExecuteC(0x39811e0, 0x3acee58, 0x0, 0x0)
 	/go/pkg/mod/github.com/spf13/[email protected]/command.go:958 +0x375
 github.com/spf13/cobra.(*Command).Execute(...)
 	/go/pkg/mod/github.com/spf13/[email protected]/command.go:895
 github.com/accurics/terrascan/pkg/cli.Execute()
 	/go/src/github.com/accurics/terrascan/pkg/cli/register.go:79 +0x3dd
 main.main()
 	/go/src/github.com/accurics/terrascan/cmd/terrascan/main.go:22 +0x25
 
 goroutine 19 [select]:
 go.opencensus.io/stats/view.(*worker).start(0xc000178480)
 	/go/pkg/mod/[email protected]/stats/view/worker.go:276 +0x105
 created by go.opencensus.io/stats/view.init.0
 	/go/pkg/mod/[email protected]/stats/view/worker.go:34 +0x68
 
 goroutine 21 [chan receive]:
 k8s.io/klog/v2.(*loggingT).flushDaemon(0x3a8c2c0)
 	/go/pkg/mod/k8s.io/klog/[email protected]/klog.go:1131 +0x8b
 created by k8s.io/klog/v2.init.0
 	/go/pkg/mod/k8s.io/klog/[email protected]/klog.go:416 +0xd8
 
 goroutine 26 [IO wait]:
 internal/poll.runtime_pollWait(0x7f71684c9298, 0x72, 0x28d5240)
 	/usr/lib/go-1.15/src/runtime/netpoll.go:222 +0x55
 internal/poll.(*pollDesc).wait(0xc000179a18, 0x72, 0x28d5200, 0x398f738, 0x0)
 	/usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:87 +0x45
 internal/poll.(*pollDesc).waitRead(...)
 	/usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:92
 internal/poll.(*FD).Read(0xc000179a00, 0xc0000f8000, 0x12a3, 0x12a3, 0x0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/internal/poll/fd_unix.go:159 +0x1a5
 net.(*netFD).Read(0xc000179a00, 0xc0000f8000, 0x12a3, 0x12a3, 0x203000, 0xc, 0xc0000f8af5)
 	/usr/lib/go-1.15/src/net/fd_posix.go:55 +0x4f
 net.(*conn).Read(0xc000242010, 0xc0000f8000, 0x12a3, 0x12a3, 0x0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/net/net.go:182 +0x8e
 crypto/tls.(*atLeastReader).Read(0xc000bc3f80, 0xc0000f8000, 0x12a3, 0x12a3, 0x7ae, 0xc0000f8af0, 0xc000353730)
 	/usr/lib/go-1.15/src/crypto/tls/conn.go:779 +0x62
 bytes.(*Buffer).ReadFrom(0xc0000e4280, 0x28ce360, 0xc000bc3f80, 0x412ca5, 0x22bd500, 0x24eb9c0)
 	/usr/lib/go-1.15/src/bytes/buffer.go:204 +0xb1
 crypto/tls.(*Conn).readFromUntil(0xc0000e4000, 0x28d1cc0, 0xc000242010, 0x5, 0xc000242010, 0xc0000f8af5)
 	/usr/lib/go-1.15/src/crypto/tls/conn.go:801 +0xf3
 crypto/tls.(*Conn).readRecordOrCCS(0xc0000e4000, 0x0, 0x0, 0xc000353d38)
 	/usr/lib/go-1.15/src/crypto/tls/conn.go:608 +0x115
 crypto/tls.(*Conn).readRecord(...)
 	/usr/lib/go-1.15/src/crypto/tls/conn.go:576
 crypto/tls.(*Conn).Read(0xc0000e4000, 0xc0004ff000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/crypto/tls/conn.go:1252 +0x15f
 bufio.(*Reader).Read(0xc000039ec0, 0xc000b86f18, 0x9, 0x9, 0xc000353d38, 0x267c000, 0x710eeb)
 	/usr/lib/go-1.15/src/bufio/bufio.go:227 +0x222
 io.ReadAtLeast(0x28ce0e0, 0xc000039ec0, 0xc000b86f18, 0x9, 0x9, 0x9, 0xc000112050, 0x0, 0x28ce600)
 	/usr/lib/go-1.15/src/io/io.go:314 +0x87
 io.ReadFull(...)
 	/usr/lib/go-1.15/src/io/io.go:333
 net/http.http2readFrameHeader(0xc000b86f18, 0x9, 0x9, 0x28ce0e0, 0xc000039ec0, 0x0, 0x0, 0xc000bc8c60, 0x0)
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:1477 +0x89
 net/http.(*http2Framer).ReadFrame(0xc000b86ee0, 0xc000bc8c60, 0x0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:1735 +0xa5
 net/http.(*http2clientConnReadLoop).run(0xc000353fa8, 0x0, 0x0)
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:8251 +0x8d
 net/http.(*http2ClientConn).readLoop(0xc000001980)
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:8179 +0x6f
 created by net/http.(*http2Transport).newClientConn
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:7175 +0x685
 
 goroutine 8 [runnable]:
 net/http.(*http2clientStream).awaitRequestCancel(0xc00060e840, 0xc00017b200)
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:6812
 created by net/http.(*http2clientConnReadLoop).handleResponse
 	/usr/lib/go-1.15/src/net/http/h2_bundle.go:8483 +0x768
 
 goroutine 9 [select]:
 net.(*Resolver).lookupIPAddr(0x3a8a7e0, 0x292d2c0, 0xc000334540, 0x25777cc, 0x3, 0xc000bc6e70, 0xa, 0x1bb, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/lookup.go:299 +0x685
 net.(*Resolver).internetAddrList(0x3a8a7e0, 0x292d2c0, 0xc000334540, 0x25777cc, 0x3, 0xc000bc6e70, 0xe, 0x0, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/ipsock.go:280 +0x4d4
 net.(*Resolver).resolveAddrList(0x3a8a7e0, 0x292d2c0, 0xc000334540, 0x257804d, 0x4, 0x25777cc, 0x3, 0xc000bc6e70, 0xe, 0x0, ...)
 	/usr/lib/go-1.15/src/net/dial.go:221 +0x47d
 net.(*Dialer).DialContext(0xc0001361e0, 0x292d280, 0xc000130010, 0x25777cc, 0x3, 0xc000bc6e70, 0xe, 0x0, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/dial.go:403 +0x22b
 net/http.(*Transport).dial(0x397f1c0, 0x292d280, 0xc000130010, 0x25777cc, 0x3, 0xc000bc6e70, 0xe, 0x0, 0x2f736e6f6974696e, 0x736d6574496e696d, ...)
 	/usr/lib/go-1.15/src/net/http/transport.go:1141 +0x1fd
 net/http.(*Transport).dialConn(0x397f1c0, 0x292d280, 0xc000130010, 0x0, 0xc000b91180, 0x5, 0xc000bc6e70, 0xe, 0x0, 0xc00049ca20, ...)
 	/usr/lib/go-1.15/src/net/http/transport.go:1575 +0x1abb
 net/http.(*Transport).dialConnFor(0x397f1c0, 0xc000b3e210)
 	/usr/lib/go-1.15/src/net/http/transport.go:1421 +0xc6
 created by net/http.(*Transport).queueForDial
 	/usr/lib/go-1.15/src/net/http/transport.go:1390 +0x40f
 
 goroutine 10 [select]:
 net.cgoLookupIP(0x292d240, 0xc000b84dc0, 0x25777cc, 0x3, 0xc000bc6e70, 0xa, 0x0, 0x0, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/cgo_unix.go:229 +0x199
 net.(*Resolver).lookupIP(0x3a8a7e0, 0x292d240, 0xc000b84dc0, 0x25777cc, 0x3, 0xc000bc6e70, 0xa, 0x0, 0x0, 0x0, ...)
 	/usr/lib/go-1.15/src/net/lookup_unix.go:96 +0x187
 net.glob..func1(0x292d240, 0xc000b84dc0, 0xc000365d90, 0x25777cc, 0x3, 0xc000bc6e70, 0xa, 0xc000130010, 0x0, 0xc000b91180, ...)
 	/usr/lib/go-1.15/src/net/hook.go:23 +0x72
 net.(*Resolver).lookupIPAddr.func1(0x0, 0x0, 0x0, 0x0)
 	/usr/lib/go-1.15/src/net/lookup.go:293 +0xb9
 internal/singleflight.(*Group).doCall(0x3a8a7f0, 0xc000bc4dc0, 0xc000bc6e80, 0xe, 0xc000b84e00)
 	/usr/lib/go-1.15/src/internal/singleflight/singleflight.go:95 +0x2e
 created by internal/singleflight.(*Group).DoChan
 	/usr/lib/go-1.15/src/internal/singleflight/singleflight.go:88 +0x2cc
 ##[error]Bash exited with code '2'.
 ##[section]Finishing: Run terrascan
@russmckendrick
Copy link

If it helps, I had the same issue and settled on the following solution, it feels like a bit of a hack but does the job;

  - bash: |
      docker pull accurics/terrascan
      echo $(docker run --rm -t -v $(pwd):/iac -w /iac accurics/terrascan scan -o junit-xml) > Terrascan-Report.xml
    workingDirectory: $(System.DefaultWorkingDirectory)
    displayName: "Run > Terrascan"

  - task: PublishTestResults@2
    displayName: "Publish > Terrascan scan results"
    inputs:
      testRunTitle: "Terrascan Results"
      failTaskOnFailedTests: true
      testResultsFormat: "JUnit"
      testResultsFiles: "Terrascan-Report.xml"
      searchFolder: "$(System.DefaultWorkingDirectory)"

@kanchwala-yusuf kanchwala-yusuf mentioned this issue Jun 15, 2021
Closed
@kanchwala-yusuf
Copy link
Contributor

kanchwala-yusuf commented Jun 15, 2021
edited
Loading

Thanks @russmckendrick , for suggesting this work around.

@kanchwala-yusuf kanchwala-yusuf mentioned this issue Jul 1, 2021
Merged
@kanchwala-yusuf
Copy link
Contributor

On digging a bit into this issue, it seems like an issue because of CGO. We have enabled CGO in terrascan due to a certain package dependency, have raised a #906 for fixing this issue.

@kanchwala-yusuf kanchwala-yusuf self-assigned this Jul 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kanchwala-yusuf kanchwala-yusuf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use CGO independent package for sqlite kanchwala-yusuf/terrascan
3 participants
@russmckendrick @kanchwala-yusuf @BHeilemann