Secrets scanner failing with panic: runtime error: index out of range
Summary
A customer is using GitLab secrets analyzer v3.15.2 to scan golang codebase.
30 seconds after the analyzer begins running, a fatal error causes the job to fail panic: runtime error: index out of range [65533] with length 56841
Steps to reproduce
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Secrets scanner analyzes the files in the repository, CI job succeeds, and gl-sast-report.json is generated.
Relevant logs and/or screenshots
Expand for complete CI job trace
[INFO] [secrets] [2021-03-04T19:06:12Z] ▶ GitLab secrets analyzer v3.15.2
[INFO] [secrets] [2021-03-04T19:06:12Z] ▶ Detecting project
[INFO] [secrets] [2021-03-04T19:06:12Z] ▶ Found project in /builds/namespace/projectname
[INFO] [secrets] [2021-03-04T19:06:12Z] ▶ Running analyzer
[DEBU] [secrets] [2021-03-04T19:06:12Z] ▶ /builds/namespace/projectname/.gitlab/secret-detection-ruleset.toml not found, ruleset support will be disabled.
[ERRO] [secrets] [2021-03-04T19:06:42Z] ▶ /usr/local/bin/gitleaks --report /tmp/gitleaks-846833147.json --path /builds/namespace/projectname --config-path /gitleaks.toml --leaks-exit-code 0 --commit-from 48f38b6fa6b9987686b0b2811098debae0ba34e9 --commit-to 0f7e787a7bda85fb478384e587836f5b324dba0b
time="2021-03-04T19:06:12Z" level=info msg="opening /builds/namespace/projectname\n"
panic: runtime error: index out of range [65533] with length 56841
goroutine 440 [running]:
github.com/sergi/go-diff/diffmatchpatch.(*DiffMatchPatch).DiffCharsToLines(0xc007c43ec0, 0xc005145f20, 0x1, 0x2, 0xc00ba76000, 0xde09, 0xec00, 0xf000, 0xc005145f20, 0x1)
/Users/zacharyrice/Go/pkg/mod/github.com/sergi/go-diff@v1.1.0/diffmatchpatch/diff.go:452 +0x328
github.com/go-git/go-git/v5/utils/diff.DoWithTimeout(0xc012bc0000, 0x2f70f3, 0x0, 0x0, 0x34630b8a000, 0x0, 0x0, 0x1)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/utils/diff/diff.go:37 +0x1b8
github.com/go-git/go-git/v5/utils/diff.Do(...)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/utils/diff/diff.go:22
github.com/go-git/go-git/v5/plumbing/object.filePatchWithContext(0x98f320, 0xc00012c010, 0xc007d29a80, 0x98d720, 0xc0080e6aa0, 0x0, 0x0)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/plumbing/object/patch.go:68 +0x23e
github.com/go-git/go-git/v5/plumbing/object.getPatchContext(0x98f320, 0xc00012c010, 0x0, 0x0, 0xc00f17d000, 0x17e, 0x17e, 0x17e, 0x0, 0x0)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/plumbing/object/patch.go:38 +0xce
github.com/go-git/go-git/v5/plumbing/object.Changes.PatchContext(...)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/plumbing/object/change.go:158
github.com/go-git/go-git/v5/plumbing/object.(*Tree).PatchContext(0xc008e04b40, 0x98f320, 0xc00012c010, 0xc008e04c30, 0xc0ededa37b, 0xc008e04c30, 0x0)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/plumbing/object/tree.go:339 +0xcc
github.com/go-git/go-git/v5/plumbing/object.(*Commit).PatchContext(0xc0041f4c30, 0x98f320, 0xc00012c010, 0xc0041f42d0, 0x0, 0x3562346561373238, 0x6636616566643232)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/plumbing/object/commit.go:98 +0xc5
github.com/go-git/go-git/v5/plumbing/object.(*Commit).Patch(...)
/Users/zacharyrice/Go/pkg/mod/github.com/zricethezav/go-git/v5@v5.2.2/plumbing/object/commit.go:106
github.com/zricethezav/gitleaks/v7/scan.(*CommitScanner).Scan(0xc007c45d30, 0x0, 0x0, 0x7ffe5987dec2, 0x1a, 0x7ffe5987deeb, 0xe)
/Users/zacharyrice/code/gitleaks/scan/commit.go:64 +0x14e
github.com/zricethezav/gitleaks/v7/scan.(*RepoScanner).Scan.func2(0x0, 0x0)
/Users/zacharyrice/code/gitleaks/scan/repo.go:88 +0x21a
golang.org/x/sync/errgroup.(*Group).Go.func1(0xc00033ccf0, 0xc002f3a560)
/Users/zacharyrice/Go/pkg/mod/golang.org/x/sync@v0.0.0-20201020160332-67f06af15bc9/errgroup/errgroup.go:57 +0x59
created by golang.org/x/sync/errgroup.(*Group).Go
/Users/zacharyrice/Go/pkg/mod/golang.org/x/sync@v0.0.0-20201020160332-67f06af15bc9/errgroup/errgroup.go:54 +0x66
exit status 2
section_end:1614884803:build_script
section_start:1614884803:after_script
section_end:1614884804:after_script
section_start:1614884804:upload_artifacts_on_failure
Uploading artifacts...[0;m
WARNING: gl-secret-detection-report.json: no matching files
ERROR: No files to upload [0;m
section_end:1614884806:upload_artifacts_on_failure
ERROR: Job failed: exit code 2
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)