Comments (6)
Seems to be fixed!
$ gokart scan
Using config found at /Users/azdagron/.gokart/analyzers.yml
Revving engines VRMMM VRMMM
3...2...1...Go!
Race Complete! Analysis took 9.036793335s and 2961 Go files were scanned (including imported packages)
GoKart found 0 potentially vulnerable functions
from gokart.
Thanks @azdagron - I reproduced the bug here and it should be a small fix.
Can you verify that it works as expected if you run without the path '.' argument?
gokart scan
Or from outside the current directory?
gokart scan spire/
from gokart.
Panic exists in both of those situations.
$ gokart scan spire
Using default analyzers config found at "~/.gokart/analyzers.yml".
Revving engines VRMMM VRMMM
3...2...1...Go!
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/praetorian-inc/gokart/util.OutputFinding(0xc000a2ab70, 0x2f, 0xc0040ea900, 0x7a, 0xc0022c5680, 0x4a, 0x48, 0xc000a2aba0, 0x28, 0x0, ...)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/util/finding.go:54 +0x116f
github.com/praetorian-inc/gokart/analyzers.Scan(0xc000119f80, 0x1, 0x1)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/analyzers/scan.go:128 +0x5bd
github.com/praetorian-inc/gokart/cmd.glob..func1(0x16dcd00, 0xc000119f80, 0x1, 0x1)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/cmd/scan.go:53 +0x1ca
github.com/spf13/cobra.(*Command).execute(0x16dcd00, 0xc000119f50, 0x1, 0x1, 0x16dcd00, 0xc000119f50)
/redacted/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x16dca80, 0xc000000180, 0xc00016df78, 0x1006a25)
/redacted/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
/redacted/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
github.com/praetorian-inc/gokart/cmd.Execute(...)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/cmd/root.go:61
main.main()
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/main.go:38 +0x32
$ cd spire
$ gokart scan
Using default analyzers config found at "~/.gokart/analyzers.yml".
Revving engines VRMMM VRMMM
3...2...1...Go!
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/praetorian-inc/gokart/util.OutputFinding(0xc002195350, 0x2f, 0xc001363700, 0x7a, 0xc00239d680, 0x4a, 0x48, 0xc002195380, 0x28, 0x0, ...)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/util/finding.go:54 +0x116f
github.com/praetorian-inc/gokart/analyzers.Scan(0xc0001122c0, 0x1, 0x1)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/analyzers/scan.go:128 +0x5bd
github.com/praetorian-inc/gokart/cmd.glob..func1(0x16dcd00, 0xc0001122c0, 0x1, 0x1)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/cmd/scan.go:53 +0x1ca
github.com/spf13/cobra.(*Command).execute(0x16dcd00, 0x170f698, 0x0, 0x0, 0x16dcd00, 0x170f698)
/redacted/go/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x16dca80, 0xc000000180, 0xc0001e5f78, 0x1006a25)
/redacted/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
/redacted/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
github.com/praetorian-inc/gokart/cmd.Execute(...)
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/cmd/root.go:61
main.main()
/redacted/go/pkg/mod/github.com/praetorian-inc/[email protected]/main.go:38 +0x32
from gokart.
This should now be fixed in main
via #5 - can you confirm this works?
from gokart.
Happy to!
from gokart.
Excellent! Closing out this issue, we'll cut a bugfix release for this as well.
Cheers!
Mike
from gokart.
Related Issues (20)
- Error message for unloadable packages is inactionable
- Error messages are printed to stdout HOT 1
- multi analyzers in analyzers.yml cause error HOT 3
- Use to ko build containers HOT 1
- Add version command to gokart HOT 2
- Support Generic Issue Format
- I dont know how to get rid of CWE-22: Path Traversal
- custom Taint tracking/data flow rule
- How to scan directory recursively HOT 1
- Outputting results to SARIF file also records stdout messages HOT 1
- Generics support
- Homebrew support
- Analyzers do not set ResultType HOT 1
- you forgot to update the version to 0.5.0 HOT 1
- GoKart panics in the `TaintAnalyzer`
- RSA warnings are suppressed in output
- Scan reports scanning varying number of files
- gokart fails after update to Go 1.20 HOT 3
- panic: no concrete method, gokart 0.5.1, go 1.21 HOT 4
- Is GoKart deprecated in April 2024?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gokart.