Secrets analyzer buffer overflow on large files
Summary
When running our new secrets SAST analyzer against the GitLab-EE repository, sast job will fail due to a buffer overflow. This should be investigated.
Steps to reproduce
- Execute
sastjob against https://gitlab.com/gitlab-org/gitlab-ee
Example Project
https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/173735273
What is the current bug behavior?
secrets analyzer fails on gitlab-ee project
What is the expected correct behavior?
secrets analyzer should execute correctly on gitlab-ee project
Relevant logs and/or screenshots
Found project in /tmp/app
2019/03/07 19:47:11 [tslint] Detect project using plugin
2019/03/07 19:47:11 [tslint] Project not compatible
2019/03/07 19:47:11 [secrets] Detect project using plugin
2019/03/07 19:47:11 [secrets] Project is compatible
2019/03/07 19:47:11 [secrets] Starting analyzer...
2: Pulling from gitlab-org/security-products/analyzers/secrets
6c40cc604d8e: Pulling fs layer
1a6c538d4ed9: Pulling fs layer
1b11cbdb9364: Pulling fs layer
6c40cc604d8e: Verifying Checksum
6c40cc604d8e: Download complete
1b11cbdb9364: Verifying Checksum
1b11cbdb9364: Download complete
1a6c538d4ed9: Verifying Checksum
1a6c538d4ed9: Download complete
6c40cc604d8e: Pull complete
1a6c538d4ed9: Pull complete
1b11cbdb9364: Pull complete
Digest: sha256:ddfa70b7fba6b6aaedbd73a34f92d01d72f5204dfedf4b330818a47c989c5f92
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/secrets:2
Problem while reading source file app/assets/images/file_icons.svg: bufio.Scanner: token too long
Gitleaks analysis failed: bufio.Scanner: token too long
2019/03/07 19:49:13 bufio.Scanner: token too long
2019/03/07 19:49:13 Container exited with non zero status code
Running after script...
$ date
Thu Mar 7 19:49:15 UTC 2019
Uploading artifacts...
WARNING: gl-sast-report.json: no matching files
ERROR: No files to upload
ERROR: Job failed: exit code 1Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)