Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: panic: runtime error: index out of range [4] with length 4 #2549

Closed
ianlewis opened this issue Dec 17, 2022 · 2 comments
Closed

BUG: panic: runtime error: index out of range [4] with length 4 #2549

ianlewis opened this issue Dec 17, 2022 · 2 comments
Assignees
@naveensrinivasan
Labels
kind/bug Something isn't working

Comments

@ianlewis
Copy link

ianlewis commented Dec 17, 2022
edited
Loading

We are seeing panic in the scorecard-action v2.1.0 for our scheduled runs.

See this scheduled run:
https://github.com/slsa-framework/slsa-github-generator/actions/runs/3719005620/jobs/6307584758

panic: runtime error: index out of range [4] with length 4

goroutine 9 [running]:
github.com/ossf/scorecard/v4/checks/raw.isGoUnpinnedDownload({0xc000d04540, 0x4, 0x2565ec0?})
	github.com/ossf/scorecard/[email protected]/checks/raw/shell_download_validate.go:460 +0x5a7
github.com/ossf/scorecard/v4/checks/raw.collectUnpinnedPakageManagerDownload(0xc0008cbc80?, 0xc000db8a80?, {0x2565ec0?, 0xc000db8a80}, {0xc000a00840, 0xc}, {0xc0003b7494, 0x2a}, 0xc0008cbc80)
	github.com/ossf/scorecard/[email protected]/checks/raw/shell_download_validate.go:647 +0xf9
github.com/ossf/scorecard/v4/checks/raw.validateShellFileAndRecord.func1({0x2565ec0, 0xc000db8a80})
	github.com/ossf/scorecard/[email protected]/checks/raw/shell_download_validate.go:932 +0x31f
mvdan.cc/sh/v3/syntax.Walk({0x2565ec0?, 0xc000db8a80?}, 0xc000e88640)
	mvdan.cc/sh/[email protected]/syntax/walk.go:32 +0x56
mvdan.cc/sh/v3/syntax.Walk({0x2566208?, 0xc0011de000?}, 0xc000e88640)
	mvdan.cc/sh/[email protected]/syntax/walk.go:49 +0x1605
mvdan.cc/sh/v3/syntax.walkStmts({0xc0010c9000, 0x1, 0x203000?}, {0x0, 0x0, 0xc000db8000?}, 0xc000db8608?)
	mvdan.cc/sh/[email protected]/syntax/walk.go:14 +0x4d
mvdan.cc/sh/v3/syntax.Walk({0x2566028?, 0xc000d043c0?}, 0xc000e88640)
	mvdan.cc/sh/[email protected]/syntax/walk.go:38 +0x536
github.com/ossf/scorecard/v4/checks/raw.validateShellFileAndRecord({0xc0003b7494, 0x2a}, 0x13, 0x13, {0xc000a007d0?, 0x3eb?, 0x3ec?}, 0xc000e87800, 0xc0008cbc80)
	github.com/ossf/scorecard/[email protected]/checks/raw/shell_download_validate.go:898 +0x24a
github.com/ossf/scorecard/v4/checks/raw.validateShellFile(...)
	github.com/ossf/scorecard/[email protected]/checks/raw/shell_download_validate.go:1029
github.com/ossf/scorecard/v4/checks/raw.glob..func8({0xc0003b7494, 0x2a}, {0xc00061dc00, 0x3eb, 0x3ec}, {0xc000b5c670?, 0x7f6ae76d55b8?, 0x10?})
	github.com/ossf/scorecard/[email protected]/checks/raw/pinned_dependencies.go:164 +0x457
github.com/ossf/scorecard/v4/checks/fileparser.OnMatchingFileContentDo({0x258a7b0, 0xc00057cb40}, {{0x221194c?, 0x1ea21c0?}, 0x20?}, 0x[233](https://github.com/slsa-framework/slsa-github-generator/actions/runs/3719005620/jobs/6307584758#step:4:234)7298, {0xc000b5c670, 0x1, 0x1})
	github.com/ossf/scorecard/[email protected]/checks/fileparser/listing.go:100 +0x1c3
github.com/ossf/scorecard/v4/checks/raw.collectDockerfileInsecureDownloads(...)
	github.com/ossf/scorecard/[email protected]/checks/raw/pinned_dependencies.go:105
github.com/ossf/scorecard/v4/checks/raw.PinningDependencies(0xc000184c60)
	github.com/ossf/scorecard/[email protected]/checks/raw/pinned_dependencies.go:46 +0x19c
github.com/ossf/scorecard/v4/checks.PinningDependencies(0xc000184c60)
	github.com/ossf/scorecard/[email protected]/checks/pinned_dependencies.go:41 +0x5e
github.com/ossf/scorecard/v4/checker.(*Runner).Run(0xc000aaff18, {0x[257](https://github.com/slsa-framework/slsa-github-generator/actions/runs/3719005620/jobs/6307584758#step:4:258)5a00, 0xc0001[260](https://github.com/slsa-framework/slsa-github-generator/actions/runs/3719005620/jobs/6307584758#step:4:261)00}, {0x23371d8?, {0xc000560500?, 0x0?, 0x0?}})
	github.com/ossf/scorecard/[email protected]/checker/check_runner.go:111 +0x574
github.com/ossf/scorecard/v4/pkg.runEnabledChecks.func1()
	github.com/ossf/scorecard/[email protected]/pkg/scorecard.go:60 +0x1d0
created by github.com/ossf/scorecard/v4/pkg.runEnabledChecks
	github.com/ossf/scorecard/[email protected]/pkg/scorecard.go:52 +0x216
@ianlewis ianlewis added the kind/bug Something isn't working label Dec 17, 2022
@naveensrinivasan
Copy link
Member

Thanks!

@laurentsimon, Would you be able to look into this?

@naveensrinivasan naveensrinivasan self-assigned this Dec 18, 2022
naveensrinivasan added a commit that referenced this issue Dec 18, 2022
@naveensrinivasan
🐛 Fix broken go mod download check
9bb8143 
- Fixed the #2549

Signed-off-by: naveensrinivasan <[email protected]>
@naveensrinivasan naveensrinivasan mentioned this issue Dec 18, 2022
Merged
naveensrinivasan added a commit that referenced this issue Dec 18, 2022
@naveensrinivasan
🐛 Fix broken go mod download check (#2550)
6c5d964 
- Fixed the #2549

Signed-off-by: naveensrinivasan <[email protected]>

Signed-off-by: naveensrinivasan <[email protected]>
naveensrinivasan added a commit to ossf/scorecard-action that referenced this issue Dec 18, 2022
@naveensrinivasan
🌱 Update scorecard for the panic
61f62ea 
- Update scorecard for ossf/scorecard#2549

Signed-off-by: naveensrinivasan <[email protected]>
@naveensrinivasan naveensrinivasan mentioned this issue Dec 18, 2022
Merged
naveensrinivasan added a commit to ossf/scorecard-action that referenced this issue Dec 19, 2022
@naveensrinivasan
🌱 Update scorecard for the panic
bc58bd6 
- Update scorecard for ossf/scorecard#2549

Signed-off-by: naveensrinivasan <[email protected]>
naveensrinivasan added a commit to ossf/scorecard-action that referenced this issue Dec 19, 2022
@naveensrinivasan
🌱 Update scorecard for the panic (#1045)
f96da1a 
- Update scorecard for ossf/scorecard#2549

Signed-off-by: naveensrinivasan <[email protected]>

Signed-off-by: naveensrinivasan <[email protected]>
@laurentsimon
Copy link
Contributor

Fixed in ossf/scorecard-action#1045

raghavkaul pushed a commit to raghavkaul/scorecard that referenced this issue Feb 9, 2023
@naveensrinivasan @raghavkaul
🐛 Fix broken go mod download check (ossf#2550)
c858e40 
- Fixed the ossf#2549

Signed-off-by: naveensrinivasan <[email protected]>

Signed-off-by: naveensrinivasan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@naveensrinivasan naveensrinivasan

Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ianlewis @naveensrinivasan @laurentsimon