Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cnspec panics when getting GitHub repo protection rules #289

Closed
czunker opened this issue Jan 16, 2023 · 12 comments · Fixed by mondoohq/cnquery#845
Closed

cnspec panics when getting GitHub repo protection rules #289

czunker opened this issue Jan 16, 2023 · 12 comments · Fixed by mondoohq/cnquery#845
Assignees
@czunker

Comments

@czunker
Copy link
Contributor

czunker commented Jan 16, 2023

Describe the bug

Similar segv found when testing a new https://github.com/mondoohq/cnspec-policies/pull/108, diffrent part of code but likely correlated. Found on cnspec 7.12.1:

$ cnspec scan github repo mondoohq/installer -f Downloads/mondoo-github-security.mql.yaml --incognito
→ no Mondoo configuration file provided. using defaults
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ connecting to asset mondoohq/installer (api)

█████████████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  29% mondoohq/installer
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x686751e]

goroutine 139 [running]:
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).GetProtectionRules(0xc0007300f0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.go:1060 +0x21e
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).ComputeProtectionRules(0xc0007300f0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.lr.go:6300 +0x55
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).MqlCompute(0xc00136e340?, {0xc000d06150, 0xf})
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.lr.go:6280 +0x1d4
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0xc00136e380, {0x9991220, 0xc0007300f0}, {0xc000d06150, 0xf}, {0xc001b2eb00, 0x32}, 0xc001bec600)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:345 +0x39b
go.mondoo.com/cnquery/llx.runResourceFunction(0xc000a1f730, 0xc001bec390, 0xc001457db0, 0x300000002)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x23e
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0xc000a1f730, 0xc001bec390, 0xc001457db0, 0xc001bccb40?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf2
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0xc000a1f730, 0xc001457db0, 0x30?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xde
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0xc000a1f730, 0xc001bec4b0?, 0x300000002?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x25e
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0xc001bea660?, 0xc?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0xef
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0xc000a1f730, 0x8808ee6?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0xa6
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0xc000a1f730)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x2d7
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlock(0xc000a2b5e0, {0xc001be21a0, 0x1, 0xc00065b280?}, 0x300000000, 0x0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:582 +0x12f
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks(0xc000a2b5e0, {0xc0006bdda0, 0x1, 0x0?}, 0x5?, 0xc0013cc3c0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:553 +0x11b
go.mondoo.com/cnquery/llx._arrayWhereV2(0xc000a2b5e0, 0xc001bec2d0, 0xc0014f2050, 0x100000004, 0x1)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:275 +0x4d7
go.mondoo.com/cnquery/llx.arrayWhereNotV2(0xc000d1d9e0?, 0xf?, 0x880f75d?, 0x9?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:307 +0x1e
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0xc000a2b5e0, 0xc001bec2d0, 0xc0014f2050, 0xc0013cc594?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:782 +0x119
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0xc000a2b5e0, 0xc0014f2050, 0x5a1ed45?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xde
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0xc000a2b5e0, 0xc001a6aab0?, 0x100000004?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x25e
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0xc001a65570?, 0x5a10dce?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0xef
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0xc000a2b5e0, 0xc001a6aa80?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0xa6
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0xc000a2b5e0, 0x1?, 0xc001bec2d0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x399
go.mondoo.com/cnquery/llx._arrayWhereV2.func1({0xc001be0000?, 0x13?, 0xc001459a40?}, {0x58?, 0xc000654c80?, 0xd6f5440?})
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:292 +0x19f
go.mondoo.com/cnquery/llx.(*arrayBlockCallResults).update(0xc000a2b650, 0x12, 0xc000654c80)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:488 +0x41a
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks.func1(0xc000654c80?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:554 +0x27
go.mondoo.com/cnquery/llx.reportSync.func1(0x794bae0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:370 +0xa2
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0xc000a1e9a0, 0xc001be5fb0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:852 +0x39f
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0xc000a1e9a0, 0xc001be5fb0?, 0xc001bec210)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x399
go.mondoo.com/cnquery/llx.runResourceFunction.func1({0x759a180?, 0xd474720}, {0x0?, 0x0})
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:731 +0x245
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0xc00136e380, {0x9991220, 0xc0001a2248}, {0xc000d060f0, 0x9}, {0xc001b2ea80, 0x31}, 0xc001bec150)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:360 +0x449
go.mondoo.com/cnquery/llx.runResourceFunction(0xc000a1e9a0, 0xc001bde1e0, 0xc001457bd0, 0x200000002)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x23e
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0xc000a1e9a0, 0xc001bde1e0, 0xc001457bd0, 0xc0013ccea8?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf2
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0xc000a1e9a0, 0xc001457bd0, 0x30?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xde
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0xc000a1e9a0, 0xc001bec000?, 0x200000002?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x25e
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0xc001bea4c0?, 0xa?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0xef
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0xc000a1e9a0, 0x8808ee6?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0xa6
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0xc000a1e9a0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x2d7
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlock(0xc000a2b5e0, {0xc000575ef8, 0x1, 0xc00065ad40?}, 0x200000000, 0x0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:582 +0x12f
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks(0xc000a2b5e0, {0xc00165e780, 0x13, 0x0?}, 0x0?, 0xc0013cd218?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:553 +0x11b
go.mondoo.com/cnquery/llx._arrayWhereV2(0xc000a2b5e0, 0xc001bc7da0, 0xc001457c70, 0x100000003, 0x0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:275 +0x4d7
go.mondoo.com/cnquery/llx.arrayWhereV2(0xc000d1d9e0?, 0xf?, 0xc000d060b8?, 0x5?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:303 +0x1b
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0xc000a2b5e0, 0xc001bc7da0, 0xc001457c70, 0x40d6bf?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:782 +0x119
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0xc000a2b5e0, 0xc001457c70, 0xd6f5440?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xde
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0xc000a2b5e0, 0xc001a6aab0?, 0x100000003?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x25e
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0xc001a65570?, 0x0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0xef
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0xc000a2b5e0, 0xc001a6aa80?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0xa6
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0xc000a2b5e0, 0xc001a6aa80?, 0xc001bc7da0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x399
go.mondoo.com/cnquery/llx.runResourceFunction.func1({0x75318e0?, 0xc000729e48}, {0x0?, 0x0})
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:731 +0x245
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0xc00136e380, {0x9991360, 0xc000aca0f0}, {0xc000d060b0, 0x8}, {0xc001271d80, 0x31}, 0xc001bc7ce0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:360 +0x449
go.mondoo.com/cnquery/llx.runResourceFunction(0xc000a2b5e0, 0xc001bc7c50, 0xc001457a90, 0x100000002)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x23e
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0xc000a2b5e0, 0xc001bc7c50, 0xc001457a90, 0xa?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf2
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0xc000a2b5e0, 0xc001457a90, 0x0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xde
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0xc000a2b5e0, 0xc001a6aab0?, 0x100000002?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x25e
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0xc001a65570?, 0xc001a6aa80?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0xef
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0xc000a2b5e0, 0x8808ee6?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0xa6
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0xc000a2b5e0)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x2d7
go.mondoo.com/cnquery/llx.(*MQLExecutorV2).Run(0xc0012fb9e0?)
        /home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:283 +0x59
go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).executeCodeBundle(0xc0016ac050, 0xc0013ae960, 0x0?, {0x0, 0x0})
        /home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:164 +0x357
go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).Start.func1()
        /home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:85 +0x1cb
created by go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).Start
        /home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:54 +0x6a

To Reproduce
Run command above?

Expected behavior
Should error, but not panic.

Screenshots or CLI Output

Desktop (please complete the following information):

Additional context
@czunker
Copy link
Contributor Author

czunker commented Jan 16, 2023

Originially reported #287 (comment) and #287 (comment) by @benr and @scottford-io

@czunker czunker mentioned this issue Jan 16, 2023
Closed
@czunker
Copy link
Contributor Author

czunker commented Jan 16, 2023

I cannot reproduce:

cnspec scan github repo mondoohq/installer -f ../cnspec-policies/core/mondoo-github-security.mql.yaml --incognito                                                                                                                            INT ✘ │ 14:41:45 
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ connecting to asset mondoohq/installer (api)

███████████████████████████████████████████████████████████████████████████ 100% mondoohq/installer


Asset: mondoohq/installer
=========================
Controls:
✓ Pass:  Ensure GitHub repository release branches are protected
✓ Pass:  Ensure repository does not generate binary artifacts
✓ Pass:  Ensure repository does not allow force pushes to any release branches
✓ Pass:  Ensure status checks are passing before merging PRs on the default branch
✓ Pass:  Ensure repository branch protection requires signed commits
✓ Pass:  Ensure repository does not allow bypassing of branch protections rules
✓ Pass:  Ensure repository does not allow force pushes to the default branch
✓ Pass:  Ensure GitHub repository default branch is protected
✓ Pass:  Ensure branch protection requires conversation resolution before merging


Scanned 1 assets

GitHub Repository
    A mondoohq/installer

For detailed output, run this scan with "-o full".

I build cnspec from latest main.

@czunker czunker mentioned this issue Jan 16, 2023
Merged
@scottford-io
Copy link
Contributor

@czunker can you try cnspec scan github repo lunalectric/compliant-repository?

@czunker
Copy link
Contributor Author

czunker commented Jan 16, 2023

@czunker can you try cnspec scan github repo lunalectric/compliant-repository?

Also works:

cnspec scan github repo lunalectric/compliant-repository -f ../cnspec-policies/core/mondoo-github-security.mql.yaml --incognito                                                               ✔ │ 18:01:58 
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ connecting to asset Lunalectric/compliant-repository (api)

███████████████████████████████████████████████████████████████████████████ 100% Lunalectric/compliant-repository


Asset: Lunalectric/compliant-repository
=======================================
Controls:
✓ Pass:  Ensure repository does not allow force pushes to the default branch
✓ Pass:  Ensure GitHub repository default branch is protected
✓ Pass:  Ensure repository branch protection requires signed commits
✓ Pass:  Ensure repository does not generate binary artifacts
✓ Pass:  Ensure branch protection requires conversation resolution before merging
✓ Pass:  Ensure repository does not allow bypassing of branch protections rules
✓ Pass:  Ensure status checks are passing before merging PRs on the default branch
✓ Pass:  Ensure GitHub repository release branches are protected
✓ Pass:  Ensure repository does not allow force pushes to any release branches


Scanned 1 assets

GitHub Repository
    A Lunalectric/compliant-repository

For detailed output, run this scan with "-o full".

@chris-rock
Copy link
Member

I am not able to reproduce this @scottford-io @benr Can you retry with the latest cnspec to see if the issue is still there?

@arlimus arlimus closed this as completed Jan 23, 2023
@scottford-io scottford-io reopened this Jan 23, 2023
@scottford-io
Copy link
Contributor

@arlimus @chris-rock I just reproduced it on cnspec 7.13.0 (6ea2f69, 2023-01-17T14:35:12Z)

To reproduce, try scanning Lunalectric/compliant-repository

@czunker
Copy link
Contributor Author

czunker commented Jan 24, 2023

I tried it with

~/Downloads/cnspec version                                                                                                                                                          
cnspec 7.13.2 (a87d287, 2023-01-18T07:31:47Z)

and it does not panic:

~/Downloads/cnspec scan github repo lunalectric/compliant-repository -f core/mondoo-github-security.mql.yaml                                                                            
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ connecting to asset Lunalectric/compliant-repository (api)

███████████████████████████████████████████████████████████████████████████ 100% Lunalectric/compliant-repository


Asset: Lunalectric/compliant-repository
=======================================
Controls:
✕ Fail:  C  30  Ensure repository does not allow bypassing of branch protections rules
✓ Pass:  Ensure status checks are passing before merging PRs on the default branch
✓ Pass:  Ensure branch protection requires conversation resolution before merging
✓ Pass:  Ensure GitHub repository default branch is protected
✓ Pass:  Ensure GitHub repository release branches are protected
✓ Pass:  Ensure repository does not allow force pushes to the default branch
✓ Pass:  Ensure repository branch protection requires signed commits
✓ Pass:  Ensure repository does not allow force pushes to any release branches
✓ Pass:  Ensure repository does not generate binary artifacts


Scanned 1 assets

GitHub Repository
    C Lunalectric/compliant-repository

For detailed output, run this scan with "-o full".

Also tried it with upstream, also does not panic:

~/Downloads/cnspec scan github repo lunalectric/compliant-repository                                                                                                                    
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ connecting to asset Lunalectric/compliant-repository (api)

███████████████████████████████████████████████████████████████████████████ 100% Lunalectric/compliant-repository


Asset: Lunalectric/compliant-repository
=======================================
Data queries:
mondoo.jobEnvironment: {
  id: "client.mondoo.com"
  name: "Mondoo Client"
}
mondoo.version: "7.13.2"
platform.title: "GitHub Repository"
platform.release: ""
platform.arch: ""

Controls:
✓ Pass:  Ensure repository does not generate binary artifacts
✓ Pass:  Ensure the README.md includes getting started guide
✕ Fail:  B  70  Ensure repository has a support policy
✓ Pass:  Ensure a pull request template for your repository exists
✕ Fail:  C  30  Ensure repository does not allow bypass branch protections rules
✕ Fail:  D  20  Ensure status checks are passing before merging PRs on the default and release branches
✓ Pass:  Ensure repository declares a license
✕ Fail:  B  70  Ensure repository defines a security policy
✕ Fail:  D  20  Ensure repository requires signed commits
✕ Fail:  D  20  Ensure repository does not allow force pushes to the default and release branches
✓ Pass:  Ensure the README.md includes authors
✕ Fail:  B  70  Ensure repository has a code of conduct policy


Scanned 1 assets

GitHub Repository
    D Lunalectric/compliant-repository

For detailed output, run this scan with "-o full".

See more scan results and asset relationships on the Mondoo Console: https://console.mondoo.com/space/fleet/2Km203ERQMG9a25jfjohSshxFMj?spaceId=dazzling-golick-767384

@scottford-io Please give it a try with version 7.13.2. When it fails, please provide the command you used.

@scottford-io
Copy link
Contributor

@czunker it failed for me on cnspec 7.14.0 (33fab62, 2023-01-24T17:29:59Z). I am simply running cnspec scan github repo lunalectric/compliant-repository -f core/mondoo-github-security.mql.yaml from the cnspec-policies repo.

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x8 pc=0x109e3fe30]

goroutine 37 [running]:
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).GetProtectionRules(0x140019353c0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github_repo.go:451 +0x1a0
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).ComputeProtectionRules(0x140019353c0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.lr.go:7292 +0x4c
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).MqlCompute(0x140019361c0?, {0x14001e00ec0, 0xf})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.lr.go:7274 +0x250
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0x14001936200, {0x10d0a57a0, 0x140019353c0}, {0x14001e00ec0, 0xf}, {0x14001c54740, 0x32}, 0x14001c7af90)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:345 +0x2dc
go.mondoo.com/cnquery/llx.runResourceFunction(0x140002e3650, 0x14001c7ad20, 0x14001e78af0, 0x300000002)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x1d8
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002e3650, 0x14001c7ad20, 0x14001e78af0, 0x1046127c4?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002e3650, 0x14001e78af0, 0x14001c4af30?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002e3650, 0x14001c7ae40?, 0x300000002?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x113300a68?, 0x30?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002e3650, 0x10a4d73e3?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0x140002e3650)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x290
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlock(0x140002e3490, {0x14001935438, 0x1, 0x14001c58240?}, 0x300000000, 0x108e8e6e8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:582 +0x144
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks(0x140002e3490, {0x140007b68b8, 0x1, 0x14001c7ac90?}, 0x8d00000000000000?, 0x108e8c628?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:553 +0x110
go.mondoo.com/cnquery/llx._arrayWhereV2(0x140002e3490, 0x14001c7ac60, 0x14001e78d70, 0x100000004, 0x1)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:275 +0x454
go.mondoo.com/cnquery/llx.arrayWhereNotV2(0x14000bd8e10?, 0xf?, 0x10a4ddeb7?, 0x9?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:307 +0x20
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002e3490, 0x14001c7ac60, 0x14001e78d70, 0x108eda534?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:782 +0x120
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002e3490, 0x14001e78d70, 0x14001f463e8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002e3490, 0x14001c49380?, 0x100000004?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x14001f46438?, 0x1045cc29c?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002e3490, 0x14001c49350?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0x140002e3490, 0x1?, 0x14001c7ac60)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x324
go.mondoo.com/cnquery/llx._arrayWhereV2.func1({0x14001c4f570?, 0x1?, 0x14001e76a20?}, {0x58?, 0x140002e3570?, 0x14001e78960?})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:292 +0x170
go.mondoo.com/cnquery/llx.(*arrayBlockCallResults).update(0x140002e3500, 0x0, 0x140005ac5a0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:488 +0x3b8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks.func1(0x0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:554 +0x2c
go.mondoo.com/cnquery/llx.reportSync.func1(0x10c08e900?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:370 +0xcc
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002e3570, 0x14001c7a930?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:852 +0x320
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0x140002e3570, 0x14001c7a930?, 0x14001c7aba0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x324
go.mondoo.com/cnquery/llx.runResourceFunction.func1({0x10bcc5cc0?, 0x110caa408}, {0x0?, 0x0})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:731 +0x230
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate.func1()
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:315 +0x1f8
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0x14001936200, {0x10d0a57a0, 0x140019353c0}, {0x14001e00ea0, 0x9}, {0x14001c54640, 0x31}, 0x14001c7aab0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:354 +0x340
go.mondoo.com/cnquery/llx.runResourceFunction(0x140002e3570, 0x14001c7a840, 0x14001e78910, 0x200000002)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x1d8
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002e3570, 0x14001c7a840, 0x14001e78910, 0x1046127c4?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002e3570, 0x14001e78910, 0x14001c4ad80?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002e3570, 0x14001c7a960?, 0x200000002?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x113300a68?, 0x30?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002e3570, 0x10a4d73e3?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0x140002e3570)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x290
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlock(0x140002e3490, {0x14001935408, 0x1, 0x14001c581c0?}, 0x200000000, 0x108e8e6e8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:582 +0x144
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks(0x140002e3490, {0x140007b6840, 0x1, 0x14001c7a7b0?}, 0xf500000000000000?, 0x108e8c628?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:553 +0x110
go.mondoo.com/cnquery/llx._arrayWhereV2(0x140002e3490, 0x14001c7a780, 0x14001e789b0, 0x100000003, 0x0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:275 +0x454
go.mondoo.com/cnquery/llx.arrayWhereV2(0x14000bd8e10?, 0xf?, 0x14001e00e98?, 0x5?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:303 +0x20
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002e3490, 0x14001c7a780, 0x14001e789b0, 0x1045cbb18?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:782 +0x120
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002e3490, 0x14001e789b0, 0x14001c43d40?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002e3490, 0x14001c49380?, 0x100000003?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x14001f47408?, 0x1045cc29c?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002e3490, 0x14001c49350?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0x140002e3490, 0x14001c49350?, 0x14001c7a780)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x324
go.mondoo.com/cnquery/llx.runResourceFunction.func1({0x10bc5a1a0?, 0x140007b6828}, {0x0?, 0x0})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:731 +0x230
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate.func1()
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:315 +0x1f8
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0x14001936200, {0x10d0a5920, 0x140019351d8}, {0x14001e00e90, 0x8}, {0x140008ccfc0, 0x31}, 0x14001cb6240)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:354 +0x340
go.mondoo.com/cnquery/llx.runResourceFunction(0x140002e3490, 0x14001cb61b0, 0x14001e787d0, 0x100000002)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x1d8
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002e3490, 0x14001cb61b0, 0x14001e787d0, 0x104612278?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002e3490, 0x14001e787d0, 0x14001c4a7e0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002e3490, 0x14001c49380?, 0x100000002?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x14001c4e5f0?, 0x14001c49350?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002e3490, 0x10a4d73e3?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0x140002e3490)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x290
go.mondoo.com/cnquery/llx.(*MQLExecutorV2).Run(0x14001dc7a40?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:283 +0x64
go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).executeCodeBundle(0x14001ee7400, 0x1400189f540, 0x1400194757e?, {0x0, 0x0})
	/home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:164 +0x288
go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).Start.func1()
	/home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:85 +0x15c
created by go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).Start
	/home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:54 +0x74

@scottford-io
Copy link
Contributor

@czunker are you using an admin Personal Access Token with both read:write permissions? 🤔 My token only contains read permissions. I am using a legacy token.

@czunker
Copy link
Contributor Author

czunker commented Jan 26, 2023

Still no luck to reproduce this. I tried different scopes with classic tokens:

Screenshot from 2023-01-26 09-29-18

Screenshot from 2023-01-26 09-38-21

Screenshot from 2023-01-26 09-57-47

All work for me.

But I think you are on the right track with permissions. From the panic, something breaks while accessing the branch protection rules.
According to ossf/scorecard#138 (comment) it seems, you need admin privileges to access these. Linked issues also mention something about being an owner.

As I'm not a member of the repo/org, I do not see any protection rules at all:

cnquery> github.repository.branches[0].protectionRules{ * }
github.repository.branches[0].protectionRules: null

Perhaps, this looks different to you. @scottford-io Please double-check.

But that was only the explanation for why I might not be able to reproduce this issue.
Still, we need to fix the panic when permissions are insufficient.

Would it be possible to add me to the repo so that I can reproduce this?

@czunker czunker self-assigned this Jan 26, 2023
@vjeffrey
Copy link
Contributor

looking at the code it seems like maybe branchProtection.RequiredPullRequestReviews is nil, we can probably fix a lot of this by checking that value

@scottford-io
Copy link
Contributor

@czunker I just tested now with 7.14.1 and reproduced the panic ...

cnspec version
cnspec 7.14.1 (cc7779a, 2023-01-26T20:09:21Z)
➜  cnspec-policies git:(main) ✗ cnspec scan github repo lunalectric/compliant-repository -f core/mondoo-github-security.mql.yaml
→ no Mondoo configuration file provided. using defaults
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1

━━━━━━━━━━━────────────────────────────────────────────────────────────────  14% Lunalectric/compliant-repository

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x8 pc=0x1079c3e00]

goroutine 68 [running]:
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).GetProtectionRules(0x14001f22950)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github_repo.go:451 +0x1a0
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).ComputeProtectionRules(0x14001f22950)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.lr.go:7292 +0x4c
go.mondoo.com/cnquery/resources/packs/github.(*mqlGithubBranch).MqlCompute(0x14000f833c0?, {0x14001b450d0, 0xf})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/packs/github/github.lr.go:7274 +0x250
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0x14000f83400, {0x10ac29fe0, 0x14001f22950}, {0x14001b450d0, 0xf}, {0x140001b6d80, 0x32}, 0x1400108a090)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:345 +0x2dc
go.mondoo.com/cnquery/llx.runResourceFunction(0x140002dbf80, 0x14001027d40, 0x14001edf0e0, 0x300000002)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x1d8
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002dbf80, 0x14001027d40, 0x14001edf0e0, 0x102159ac8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002dbf80, 0x14001edf0e0, 0x14001a4d4d0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002dbf80, 0x14001027e90?, 0x300000002?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x110e88108?, 0x30?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002dbf80, 0x10805be63?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0x140002dbf80)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x290
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlock(0x140002dbdc0, {0x14001f22c40, 0x1, 0x14001d70900?}, 0x300000000, 0x106a126b8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:582 +0x144
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks(0x140002dbdc0, {0x14000894870, 0x1, 0x14001027c50?}, 0x9000000000000000?, 0x106a105f8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:553 +0x110
go.mondoo.com/cnquery/llx._arrayWhereV2(0x140002dbdc0, 0x14001027c20, 0x14001edf360, 0x100000004, 0x1)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:275 +0x454
go.mondoo.com/cnquery/llx.arrayWhereNotV2(0x14000bc8e70?, 0xf?, 0x108062937?, 0x9?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:307 +0x20
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002dbdc0, 0x14001027c20, 0x14001edf360, 0x106a5e504?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:782 +0x120
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002dbdc0, 0x14001edf360, 0x140005705c8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002dbdc0, 0x1400152d8f0?, 0x100000004?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x14000570618?, 0x10215029c?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002dbdc0, 0x1400152d8c0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0x140002dbdc0, 0x1?, 0x14001027c20)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x324
go.mondoo.com/cnquery/llx._arrayWhereV2.func1({0x14000bddb40?, 0x1?, 0x14001ee1140?}, {0x58?, 0x140002dbea0?, 0x14001edef50?})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:292 +0x170
go.mondoo.com/cnquery/llx.(*arrayBlockCallResults).update(0x140002dbe30, 0x0, 0x14001784ee0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:488 +0x3b8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks.func1(0x0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:554 +0x2c
go.mondoo.com/cnquery/llx.reportSync.func1(0x109c12b20?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:370 +0xcc
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002dbea0, 0x14001027800?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:852 +0x320
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0x140002dbea0, 0x14001027800?, 0x14001027b30)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x324
go.mondoo.com/cnquery/llx.runResourceFunction.func1({0x109849e20?, 0x10e832408}, {0x0?, 0x0})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:731 +0x230
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0x14000f83400, {0x10ac29fe0, 0x14001f22950}, {0x14001b450b0, 0x9}, {0x140001b6c80, 0x31}, 0x14001027a10)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:360 +0x38c
go.mondoo.com/cnquery/llx.runResourceFunction(0x140002dbea0, 0x14001027680, 0x14001edef00, 0x200000002)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x1d8
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002dbea0, 0x14001027680, 0x14001edef00, 0x102159ac8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002dbea0, 0x14001edef00, 0x14001a4d320?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002dbea0, 0x14001027830?, 0x200000002?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x110e88108?, 0x30?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002dbea0, 0x10805be63?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0x140002dbea0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x290
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlock(0x140002dbdc0, {0x14001f22c18, 0x1, 0x14001d70880?}, 0x200000000, 0x106a126b8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:582 +0x144
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunctionBlocks(0x140002dbdc0, {0x140008947f8, 0x1, 0x140010275f0?}, 0x4000000000000000?, 0x106a105f8?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:553 +0x110
go.mondoo.com/cnquery/llx._arrayWhereV2(0x140002dbdc0, 0x140010275c0, 0x14001edefa0, 0x100000003, 0x0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:275 +0x454
go.mondoo.com/cnquery/llx.arrayWhereV2(0x14000bc8e70?, 0xf?, 0x14001b450a8?, 0x5?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin_array.go:303 +0x20
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002dbdc0, 0x140010275c0, 0x14001edefa0, 0xd0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:782 +0x120
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002dbdc0, 0x14001edefa0, 0x14000108000?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002dbdc0, 0x1400152d8f0?, 0x100000003?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x140005714f8?, 0x10215029c?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002dbdc0, 0x1400152d8c0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).triggerChain(0x140002dbdc0, 0x1400152d8c0?, 0x140010275c0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:910 +0x324
go.mondoo.com/cnquery/llx.runResourceFunction.func1({0x1097de300?, 0x140008943a8}, {0x0?, 0x0})
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:731 +0x230
go.mondoo.com/cnquery/resources.(*Runtime).WatchAndUpdate(0x14000f83400, {0x10ac2a160, 0x14000692020}, {0x14001b450a0, 0x8}, {0x140001b6c00, 0x31}, 0x14001027470)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/resources/runtime.go:360 +0x38c
go.mondoo.com/cnquery/llx.runResourceFunction(0x140002dbdc0, 0x140010273e0, 0x14001ededc0, 0x100000002)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:712 +0x1d8
go.mondoo.com/cnquery/llx.(*blockExecutor).runBoundFunction(0x140002dbdc0, 0x140010273e0, 0x14001ededc0, 0x102196278?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/builtin.go:795 +0xf8
go.mondoo.com/cnquery/llx.(*blockExecutor).runFunction(0x140002dbdc0, 0x14001ededc0, 0x14001a4c870?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:764 +0xd4
go.mondoo.com/cnquery/llx.(*blockExecutor).runChunk(0x140002dbdc0, 0x1400152d8f0?, 0x100000002?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:781 +0x23c
go.mondoo.com/cnquery/llx.(*blockExecutor).runRef(0x1400089b550?, 0x1400152d8c0?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:806 +0x100
go.mondoo.com/cnquery/llx.(*blockExecutor).runChain(0x140002dbdc0, 0x10805be63?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:838 +0x8c
go.mondoo.com/cnquery/llx.(*blockExecutor).run(0x140002dbdc0)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:351 +0x290
go.mondoo.com/cnquery/llx.(*MQLExecutorV2).Run(0x14001a41f20?)
	/home/benr/go/pkg/mod/go.mondoo.com/[email protected]/llx/llx.go:283 +0x64
go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).executeCodeBundle(0x14001e25b80, 0x14001a34fa0, 0x0?, {0x0, 0x0})
	/home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:164 +0x288
go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).Start.func1()
	/home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:85 +0x15c
created by go.mondoo.com/cnspec/policy/executor/internal.(*executionManager).Start
	/home/benr/actions-runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:54 +0x74
	```

czunker added a commit to mondoohq/cnquery that referenced this issue Jan 27, 2023
@czunker
🐛 Check GitHub RequiredPullRequestReviews before access
bfff73f 
Fixes #mondoohq/cnspec#289

Signed-off-by: Christian Zunker <[email protected]>
@czunker czunker mentioned this issue Jan 27, 2023
Merged
czunker added a commit to mondoohq/cnquery that referenced this issue Jan 27, 2023
@czunker
🐛 Check GitHub RequiredPullRequestReviews before access (#845)
ae629f6 
Fixes mondoohq/cnspec#289

Signed-off-by: Christian Zunker <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@czunker czunker

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🐛 Check GitHub RequiredPullRequestReviews before access mondoohq/cnquery
5 participants
@czunker @chris-rock @arlimus @vjeffrey @scottford-io