SAST Brakeman analyzer: invalid memory address or nil pointer dereference in pipeline.summarizeFunction
Summary
The Brakeman-based analyzer in GitLab SAST can hang for a time and then panic:
[INFO] [VET] [2022-08-23T22:02:46Z] ▶ Vet Import Process Starting...
panic: runtime error: invalid memory address or nil pointer dereference
Steps to reproduce
The exact trigger is unknown.
Example Project
A GitLab-internal project displays this bug and is referenced in https://gitlab.com/gitlab-org/security-products/vet/vet/-/issues/75.
What is the current bug behavior?
Job hangs and panics.
What is the expected correct behavior?
Job quickly runs to completion.
Relevant logs and/or screenshots
See https://gitlab.com/gitlab-org/security-products/vet/vet/-/issues/75
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)