Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UpdateOccurrence should check that the field mask is set #98

Open
alexashley opened this issue Oct 13, 2021 · 0 comments
Open

UpdateOccurrence should check that the field mask is set #98

alexashley opened this issue Oct 13, 2021 · 0 comments

Comments

@alexashley
Copy link
Contributor

alexashley commented Oct 13, 2021
edited
Loading

In Grafeas, the mask is plucked off the request and passed to the storage layer without validation, so it can be nil. That causes this panic when the mask is updated:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0xfa4252]
grafeas_1        |
goroutine 32145 [running]:
github.com/rode/grafeas-elasticsearch/go/v1beta1/storage.(*ElasticsearchStorage).UpdateOccurrence(0xc0005a3840, 0x13b6280, 0xc0007ab0e0, 0xc000536409, 0x4, 0xc00053641a, 0x24, 0xc000117000, 0x0, 0x4, ...)
	/workspace/go/v1beta1/storage/elasticsearch.go:397 +0x952
github.com/grafeas/grafeas/go/v1beta1/api.(*API).UpdateOccurrence(0xc0000c60a0, 0x13b6280, 0xc0007ab0e0, 0xc000432a00, 0xc0000c60a0, 0xc0007ab0e0, 0xc00028cba0)
	/go/pkg/mod/github.com/grafeas/[email protected]/go/v1beta1/api/occurrence.go:220 +0x2a4
github.com/grafeas/grafeas/proto/v1beta1/grafeas_go_proto._GrafeasV1Beta1_UpdateOccurrence_Handler(0x11de320, 0xc0000c60a0, 0x13b6280, 0xc0007ab0e0, 0xc000155080, 0x0, 0x13b6280, 0xc0007ab0e0, 0xc00047c480, 0x21e)
	/go/pkg/mod/github.com/grafeas/[email protected]/proto/v1beta1/grafeas_go_proto/grafeas.pb.go:2267 +0x217
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00036d880, 0x13c67b8, 0xc000244d80, 0xc000111100, 0xc0002f6e10, 0x1c18378, 0x0, 0x0, 0x0)
	/go/pkg/mod/google.golang.org/[email protected]/server.go:1210 +0x52b
google.golang.org/grpc.(*Server).handleStream(0xc00036d880, 0x13c67b8, 0xc000244d80, 0xc000111100, 0x0)
	/go/pkg/mod/google.golang.org/[email protected]/server.go:1533 +0xd0c
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0000b8d10, 0xc00036d880, 0x13c67b8, 0xc000244d80, 0xc000111100)
	/go/pkg/mod/google.golang.org/[email protected]/server.go:871 +0xab
created by google.golang.org/grpc.(*Server).serveStreams.func1
	/go/pkg/mod/google.golang.org/[email protected]/server.go:869 +0x1fd

Either this function could return with an error or initialize an empty mask if it's not set. Either way, malformed requests shouldn't crash the entire server, see #99
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexashley