Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix(misconf): check if property is not nil before conversion #7578

Merged
merged 1 commit into from
Oct 17, 2024
Merged

fix(misconf): check if property is not nil before conversion #7578

merged 1 commit into from
Oct 17, 2024

Conversation

nikpivkin
Copy link
Contributor

@nikpivkin nikpivkin commented Sep 23, 2024
edited
Loading

Description

This PR fixes the panic of trying to convert a property that is missing from the template.

Template:

---
AWSTemplateFormatVersion: 2010-09-09
Description: Godd example of excessive ports
Resources: 
  NetworkACL:
    Type: AWS::EC2::NetworkAcl
  Rule:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId:
        Ref: NetworkACL

Output:

trivy conf main.yaml
2024-09-23T23:28:45+06:00       INFO    [misconfig] Misconfiguration scanning is enabled
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0xe0 pc=0x10363f0c4]

goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser.(*Property).Type(...)
        /home/runner/work/trivy/trivy/pkg/iac/scanners/cloudformation/parser/property.go:108
github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser.(*Property).ConvertTo(0x0, {0x1053ac0f7, 0x3})
        /home/runner/work/trivy/trivy/pkg/iac/scanners/cloudformation/parser/property_conversion.go:66 +0x24
github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/ec2.getRules({0x1400491f8e0, 0xa}, {{0x1400491f810, 0x9}, {0x140039bd080, 0xb, 0xb}, {0x1053addf7, 0x4}, {0x0, ...}, ...})
        /home/runner/work/trivy/trivy/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go:68 +0x1638

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@nikpivkin
fix(misconf): check if property is not nil before conversion
f97c5c4 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
@nikpivkin nikpivkin marked this pull request as ready for review September 23, 2024 17:30
@nikpivkin nikpivkin requested a review from simar7 as a code owner September 23, 2024 17:30
@nikpivkin nikpivkin mentioned this pull request Sep 23, 2024
Closed
@simar7 simar7 added this pull request to the merge queue Sep 24, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 24, 2024
@simar7 simar7 added this pull request to the merge queue Oct 17, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 17, 2024
@nikpivkin nikpivkin added this pull request to the merge queue Oct 17, 2024
Merged via the queue into aquasecurity:main with commit c8c14d3 Oct 17, 2024
14 checks passed
@nikpivkin nikpivkin deleted the cf-prop branch October 17, 2024 04:02
@aqua-bot aqua-bot mentioned this pull request Oct 17, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikpivkin @simar7