Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

invalid memory address or nil pointer dereference #7

Open
mpaine-act opened this issue Jan 24, 2022 · 3 comments
Open

invalid memory address or nil pointer dereference #7

mpaine-act opened this issue Jan 24, 2022 · 3 comments

Comments

@mpaine-act
Copy link

Latest windows version of cdefense.exe throws error.

P:\github\CloudDefenseAI\cdefense : time="2022-01-24T15:52:20-08:00" level=info msg="Scan logs can be found at:
C:\temp\2\cdefense_a19965bc-b827-45a8-8783-ad3f77b5ad80.log"
At line:1 char:1

  • P:\github\CloudDefenseAI\cdefense scan --lang=dotnet --api-key=bff2c4 ...
  •   + CategoryInfo          : NotSpecified: (time="2022-01-2...3f77b5ad80.log":String) [], RemoteException
  + FullyQualifiedErrorId : NativeCommandError

Can not pull image. Latest local image will be used
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x10 pc=0x8bbf71]
goroutine 1 [running]:
io.copyBuffer(0x651c344, 0x18cb2d98, 0x0, 0x0, 0x18cc0000, 0x8000, 0x8000, 0x8586ce, 0x68cd79c, 0x0, ...)
/usr/local/Cellar/[email protected]/1.16.9/libexec/src/io/io.go:423 +0xc1
io.Copy(...)
/usr/local/Cellar/[email protected]/1.16.9/libexec/src/io/io.go:382
os.genericReadFrom(0x18006178, 0x0, 0x0, 0xe79600, 0xefd3c0, 0x68a6901, 0x39d65ac8)
/usr/local/Cellar/[email protected]/1.16.9/libexec/src/os/file.go:160 +0x8d
os.(*File).ReadFrom(0x18006178, 0x0, 0x0, 0x39d65ac8, 0x18006178, 0x1805a201, 0x18116300)
/usr/local/Cellar/[email protected]/1.16.9/libexec/src/os/file.go:154 +0x59
io.copyBuffer(0x651b944, 0x18006178, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, 0x0, ...)
/usr/local/Cellar/[email protected]/1.16.9/libexec/src/io/io.go:409 +0x2c2
io.Copy(...)
/usr/local/Cellar/[email protected]/1.16.9/libexec/src/io/io.go:382
main.(*SASTScan).RunDocker(0x18c95540, 0x1817ff60, 0x4, 0x0, 0x0)
/Users/abhi/work/cdefense/src/sast.go:124 +0x489
main.initalizeCommands.func3(0x1817ff60, 0x180847e0, 0xf)
/Users/abhi/work/cdefense/src/main.go:222 +0x2be
github.com/urfave/cli.(*Command).Run(0x1805abd0, 0x1817fb60, 0x0, 0x0)
/Users/abhi/go/src/github.com/urfave/cli/command.go:163 +0x3c4
github.com/urfave/cli.(*App).RunContext(0x18102000, 0x65208ec, 0x18010108, 0x18024160, 0x4, 0x4, 0x0, 0x0)
/Users/abhi/go/src/github.com/urfave/cli/app.go:313 +0x651
github.com/urfave/cli.(*App).Run(...)
/Users/abhi/go/src/github.com/urfave/cli/app.go:224
main.main()
/Users/abhi/work/cdefense/src/main.go:935 +0x80
@abhiv
Copy link
Contributor

abhiv commented Jan 25, 2022

Thank you for the issue. Ah I see you're using the "scan" keyword. Sorry for the inconvenience, we made a backwards incompatible change a few versions ago. Below is the output of the cdefense command. We weren't aware that customers are using the "scan" keyword. Please change it to "sca" or "oss".

The "scan" keyword is being used to revamp the cdefense 2.0 to run both SCA and SAST in parallel, but it is still experimental as SAST uses docker and SCA does not. Can you please change your script from:
cdefense scan => cdefense oss and let me know what you experience.

NAME:
Cloud Defense CLI Scanner - CLI for scanning and detecting vulnerabilities in any language. Scan results sent to https://console.clouddefenseai.com

USAGE:
cdefense [global options] command [command options] [arguments...]

VERSION:
1.29.3

COMMANDS:
oss, sca, s SCA scan of a given project
code, sast, t SAST scan of a given project
scan, security SCA & SAST scan of a given project
website, dast, d DAST scan of a given URL endpoint
container, c Container scan of a given docker image
api, a, apiscan API scan of a given API URL endpoint
iast, i IAST scan of a given project
kubernetes, k Static code analysis of Kubernetes object definitions
serverless, l Serverless scan for provided function
terraform, t Static code analysis of Terraform
update, u Update cdefense
login, auth Authenticate the cdefense binary so you don't need to pass in API Keys.
credentials, cred, credential Display the credentials
help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
--help, -h show help (default: false)
--version, -v print the version (default: false)

@abhiv
Copy link
Contributor

abhiv commented Jan 25, 2022

@mpaine-act Also can you confirm that you're on release version 1.29.3? We also have a new feature on that where you can run:

cdefense sast --api-key ..... --lang=dotnet --no-docker (--no-docker is only available for dotnet sast right now, it's significantly faster but still experimental).

@mpaine-act
Copy link
Author

Thank you. I downloaded the 1.29.1 version and got the parameter from the COMMAND section of the executable.

I changed to oss and that fixed it for me. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abhiv @mpaine-act