brakeman-sast

Passed Started 3 years ago by

1Running with gitlab-runner 14.3.0-rc1 (ed15bfbf)
2  on docker-auto-scale-com 8a6210b8
3  feature flags: FF_USE_FASTZIP:true
 4  Resolving secrets  
  00:00
 5  Preparing the "docker+machine" executor  
  00:06
6Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman:2 ...
7Authenticating with credentials from job payload (GitLab Registry)
8Pulling docker image registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman:2 ...
9Using docker image sha256:fad278b3722c0469c239779428e844980209c50f2b1bf29f8f6ae89c18c3bf2a for registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman:2 with digest registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman@sha256:c9b5a2bb09967ae2e4d9ac9135e22ebe82dda38fe35813bc779e4dba2d3ddc46 ...
 10  Preparing environment  
  00:02
11Running on runner-8a6210b8-project-278964-concurrent-0 via runner-8a6210b8-gsrm-1632813953-c7e59955...
 12  Getting source from Git repository  
  00:38
13$ eval "$CI_PRE_CLONE_SCRIPT"
14Downloading archived master...
15Connecting to storage.googleapis.com (172.217.193.128:443)
16saving to '/tmp/gitlab.tar.gz'
17gitlab.tar.gz         29% |*********                       |  103M  0:00:02 ETA
18gitlab.tar.gz         86% |***************************     |  299M  0:00:00 ETA
19gitlab.tar.gz        100% |********************************|  345M  0:00:00 ETA
20'/tmp/gitlab.tar.gz' saved
21Extracting tarball into /builds/gitlab-org/gitlab...
22Fetching changes with git depth set to 20...
23Reinitialized existing Git repository in /builds/gitlab-org/gitlab/.git/
24Created fresh repository.
25remote: Enumerating objects: 905, done.        
26remote: Counting objects: 100% (653/653), done.        
27remote: Compressing objects: 100% (149/149), done.        
28remote: Total 217 (delta 178), reused 96 (delta 63), pack-reused 0        
29Receiving objects: 100% (217/217), 36.51 KiB | 5.21 MiB/s, done.
30Resolving deltas: 100% (178/178), completed with 113 local objects.
31From https://gitlab.com/gitlab-org/gitlab
32 * [new ref]               8a18ae4220832329cf71f2ff9ebbc4ddf2d80a8e -> refs/pipelines/378450257
33Checking out 8a18ae42 as refs/merge-requests/71197/merge...
34Skipping Git submodules setup
 35  Executing "step_script" stage of the job script  
  05:49
36Using docker image sha256:fad278b3722c0469c239779428e844980209c50f2b1bf29f8f6ae89c18c3bf2a for registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman:2 with digest registry.gitlab.com/gitlab-org/security-products/analyzers/brakeman@sha256:c9b5a2bb09967ae2e4d9ac9135e22ebe82dda38fe35813bc779e4dba2d3ddc46 ...
37$ /analyzer run
38[INFO] [Brakeman] [2021-09-28T08:12:57Z] ▶ GitLab Brakeman analyzer v2.19.0
39[INFO] [Brakeman] [2021-09-28T08:12:57Z] ▶ Detecting project
40[INFO] [Brakeman] [2021-09-28T08:12:57Z] ▶ Found project in /builds/gitlab-org/gitlab
41[INFO] [Brakeman] [2021-09-28T08:12:57Z] ▶ Running analyzer
42[INFO] [Brakeman] [2021-09-28T08:18:02Z] ▶ Creating report
43[INFO] [2021-09-28T08:18:03Z] ▶ /builds/gitlab-org/gitlab/gl-sast-report-post.json written
44[INFO] [VET] [2021-09-28T08:18:03Z] ▶ GitLab VET analyzer vnot-configured
45████████████████████████████████████████████████
46███  ████  █████  ██  █    █      ██    ██    ██
47██    ██    ████  ██  █ ██████  ████ ████████ ██
48█            ███  ██  █    ███  ████ ███  ███ ██
49██          ████  ██  █ ██████  ████ ████████ ██
50████      ███████    ██    ███  ████    ██    ██
51██████  ████████████████████████████████████████
52████████████████████████████████████████████████
53[/vet import --src /builds/gitlab-org/gitlab --store /builds/gitlab-org/gitlab/vetstore]
54[INFO] [VET] [2021-09-28T08:18:03Z] ▶ Vet Database Creation Process Starting...
55[INFO] [VET] [2021-09-28T08:18:03Z] ▶ Vet Database Creation Process Complete...
56[INFO] [VET] [2021-09-28T08:18:03Z] ▶ Vet Import Process Starting...
57[INFO] [VET] [2021-09-28T08:18:03Z] ▶ Import Mode: type
58[INFO] [VET] [2021-09-28T08:18:03Z] ▶ Creating CAST
59panic: runtime error: index out of range [1] with length 1
60goroutine 34 [running]:
61gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterConditional(0xc0636a6ea0, 0xc0513c2090, 0xc0982a1e70)
62	/build/traversal/casttraversal/castvisitor/controlflow.go:165 +0x765
63gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterNode(0xc0636a6ea0, 0xc0513c2090, 0x1)
64	/build/traversal/casttraversal/castvisitor/controlflow.go:441 +0x105
65gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterAllChildren(0xc0636a6ea0, 0xc0513c2030)
66	/build/traversal/casttraversal/castvisitor/controlflow.go:117 +0xbc
67gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterBlock(...)
68	/build/traversal/casttraversal/castvisitor/controlflow.go:147
69gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterConditional(0xc0636a6ea0, 0xc0513bf530, 0xc0636a6200)
70	/build/traversal/casttraversal/castvisitor/controlflow.go:178 +0x34e
71gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterNode(0xc0636a6ea0, 0xc0513bf530, 0x0)
72	/build/traversal/casttraversal/castvisitor/controlflow.go:441 +0x105
73gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterAllChildren(0xc0636a6ea0, 0xc0513be000)
74	/build/traversal/casttraversal/castvisitor/controlflow.go:117 +0xbc
75gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterBlock(0xc0636a6ea0, 0xc0513be000, 0x0)
76	/build/traversal/casttraversal/castvisitor/controlflow.go:147 +0x35
77gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterNode(0xc0636a6ea0, 0xc0513be000, 0xc0632fcb00)
78	/build/traversal/casttraversal/castvisitor/controlflow.go:437 +0xc5
79gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterAndLeaveNode(0xc0636a6ea0, 0xc0513be000)
80	/build/traversal/casttraversal/castvisitor/controlflow.go:502 +0x35
81gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).visitAllChildren(0xc0636a6ea0, 0xc051397c20)
82	/build/traversal/casttraversal/castvisitor/controlflow.go:110 +0xbc
83gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).enterFunctionDecl(0xc0636a6ea0, 0xc051397c20, 0xc051397a70)
84	/build/traversal/casttraversal/castvisitor/controlflow.go:137 +0x188
85gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castvisitor.(*ControlFlowVisitor).EnterNode(0xc0636a6ea0, 0xc051397c20, 0xc0a6f0c500)
86	/build/traversal/casttraversal/castvisitor/controlflow.go:510 +0x3c
87gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051397c20)
88	/build/traversal/casttraversal/castwalker/castwalker.go:33 +0x67
89gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc0513978f0)
90	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
91gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051397860)
92	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
93gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051388900)
94	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
95gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051383f80)
96	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
97gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051383da0)
98	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
99gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051383c20)
100	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
101gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).walk(0xc05bf3bdd0, 0xc051383890)
102	/build/traversal/casttraversal/castwalker/castwalker.go:37 +0xfc
103gitlab.com/gitlab-org/security-products/vet/vet/traversal/casttraversal/castwalker.(*CastWalker).Walk(0xc05bf3bdd0)
104	/build/traversal/casttraversal/castwalker/castwalker.go:24 +0x4e
105gitlab.com/gitlab-org/security-products/vet/vet/pipeline.(*ControlFlowPass).Run(0x120ebb0, 0xc04e4b15e0, 0x4, 0x20, 0x8)
106	/build/pipeline/controlflow.go:18 +0x111
107gitlab.com/gitlab-org/security-products/vet/vet/pipeline.(*Pipeline).Run(0xc05bf3bf38, 0xc0636a6e80, 0x2, 0x2)
108	/build/pipeline/pipeline.go:25 +0x70
109gitlab.com/gitlab-org/security-products/vet/vet/store.(*CastImporter).parseAndImportAllFiles.func1(0xc05081c480, 0xc04cd5c700, 0x3b, 0x30e2, 0x0, 0x0)
110	/build/store/importer.go:96 +0x5a7
111gitlab.com/gitlab-org/security-products/vet/vet/pool.(*ParseWorker).PrePipelineStart.func1(0xc00000e150)
112	/build/pool/worker.go:72 +0x8e
113created by gitlab.com/gitlab-org/security-products/vet/vet/pool.(*ParseWorker).PrePipelineStart
114	/build/pool/worker.go:66 +0x3f
 115  Uploading artifacts for successful job  
  00:03
116Uploading artifacts...
117gl-sast-report.json: found 1 matching files and directories 
118Uploading artifacts as "archive" to coordinator... ok  id=1628712683 responseStatus=201 Created token=U7zvaZ8e
119Uploading artifacts...
120gl-sast-report.json: found 1 matching files and directories 
121Uploading artifacts as "sast" to coordinator... ok  id=1628712683 responseStatus=201 Created token=U7zvaZ8e
 122  Cleaning up project directory and file based variables  
  00:01
123Job succeeded

Tags: gitlab-org

Job artifacts

The artifacts were removed 3 years ago

Commit 8a18ae42 in !71197

Merge branch 'update-agent-token-table-heading' into 'master'

Related jobs

brakeman-sast

bundle-size-review

code_quality

compile-storybook

danger-review

db:check-schema

eslint-as-if-foss

gitlab_git_test

gosec-sast

graphql-verify

jest 1/5

jest 2/5

jest 3/5

jest 4/5

jest 5/5

jest-integration

license_scanning

memory-on-boot

memory-static

nodejs-scan-sast

qa:internal

qa:selectors

rspec fail-fast

rspec foss-impact

rspec system pg12 1/24

rspec system pg12 10/24

rspec system pg12 11/24

rspec system pg12 12/24

rspec system pg12 13/24

rspec system pg12 14/24

rspec system pg12 15/24

rspec system pg12 16/24

rspec system pg12 17/24

rspec system pg12 18/24

rspec system pg12 19/24

rspec system pg12 2/24

rspec system pg12 20/24

rspec system pg12 21/24

rspec system pg12 22/24

rspec system pg12 23/24

rspec system pg12 24/24

rspec system pg12 3/24

rspec system pg12 4/24

rspec system pg12 5/24

rspec system pg12 6/24

rspec system pg12 7/24

rspec system pg12 8/24

rspec system pg12 9/24

rspec-ee system pg12 1/6

rspec-ee system pg12 2/6

rspec-ee system pg12 3/6

rspec-ee system pg12 4/6

rspec-ee system pg12 5/6

rspec-ee system pg12 6/6

rspec-ee system pg12 geo

run-dev-fixtures

run-dev-fixtures-ee

secret_detection

semgrep-sast

startup-css-check

static-analysis 1/4

static-analysis 2/4

static-analysis 3/4

static-analysis 4/4

verify-tests-yml

webpack-dev-server