Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

vulncheck: panic with 'unsatisfied import' from ssa when running against package in module cache #2214

Closed
hyangah opened this issue Apr 25, 2022 · 1 comment
Closed

vulncheck: panic with 'unsatisfied import' from ssa when running against package in module cache #2214

hyangah opened this issue Apr 25, 2022 · 1 comment
Assignees
@hyangah
Labels
FrozenDueToAge vulncheck or vulndb Issues for vulncheck functionality
Milestone
v0.34.0

Comments

@hyangah
Copy link
Contributor

hyangah commented Apr 25, 2022

Running vulncheck on a package outside the workspace (e.g. package in module cache) crashes gopls.

[Trace - 13:28:13.858 PM] Sending request 'workspace/executeCommand - (15)'.
Params: {"command":"gopls.run_vulncheck_exp","arguments":[{"Dir":"file:///Users/hakim/go/pkg/mod/k8s.io/client-go@v0.15.7/tools/cache","Pattern":"."}]}


[Trace - 13:28:13.860 PM] Received request 'window/workDoneProgress/create - (5)'.
Params: {"token":"8674665223082153551"}


[Trace - 13:28:13.861 PM] Sending response 'window/workDoneProgress/create - (5)' in 1ms.
Result: 


[Trace - 13:28:13.861 PM] Received notification '$/progress'.
Params: {"token":"8674665223082153551","value":{"kind":"begin","title":"Running vulncheck","cancellable":true,"message":"Running..."}}


panic: Package("k8s.io/client-go/pkg/version").Build(): unsatisfied import: Program.CreatePackage("k8s.io/apimachinery/pkg/version") was not called

goroutine 14956 [running]:
golang.org/x/tools/go/ssa.(*Package).build(0xc00eb65c00)
	/Users/hakim/projects/google/tools/go/ssa/builder.go:2469 +0x1125
sync.(*Once).doSlow(0xc01946dfb8?, 0x13c8b1e?)
	/usr/local/go/src/sync/once.go:68 +0xc2
sync.(*Once).Do(...)
	/usr/local/go/src/sync/once.go:59
golang.org/x/tools/go/ssa.(*Package).Build(...)
	/Users/hakim/projects/google/tools/go/ssa/builder.go:2429
golang.org/x/tools/go/ssa.(*Program).Build.func1(0x0?)
	/Users/hakim/projects/google/tools/go/ssa/builder.go:2414 +0x4c
created by golang.org/x/tools/go/ssa.(*Program).Build
	/Users/hakim/projects/google/tools/go/ssa/builder.go:2413 +0x19c
[Info  - 1:28:15 PM] Connection to server got closed. Server will restart.

The use of a separate goroutine makes it hard for us to control handling of panic.
We should either do a thorough job of input validation and prescreening before calling ssa APIs or,
need to find a way of cleanly isolating it (e.g. separate process #2149 (comment))

@golang/tools-team @zpavlinovic
@gopherbot gopherbot added this to the Untriaged milestone Apr 25, 2022
@hyangah hyangah changed the title vulncheck: vulncheck: panic with 'unsatisfied import' from ssa when running against package in module cache Apr 25, 2022
@hyangah hyangah added the vulncheck or vulndb Issues for vulncheck functionality label Apr 25, 2022
@hyangah hyangah modified the milestones: Untriaged, On Deck Apr 28, 2022
@hyangah hyangah self-assigned this Apr 28, 2022
@gopherbot
Copy link
Collaborator

Change https://go.dev/cl/404576 mentions this issue: src/goVulncheck: replace gopls custom command with gopls vulncheck``

@hyangah hyangah modified the milestones: vscode-go/later, v0.34.0 May 23, 2022
@golang golang locked and limited conversation to collaborators May 23, 2023
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees

@hyangah hyangah

Labels
FrozenDueToAge vulncheck or vulndb Issues for vulncheck functionality
Projects
None yet
Milestone
v0.34.0
Development

No branches or pull requests
2 participants
@hyangah @gopherbot