Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS will be completely phased out by mid-2025. To see alternatives please check here

Skip to content
Snippets Groups Projects

semgrep-sast

Passed Started by
Joze RIHTARSIC
@rihtajo
1Running with gitlab-runner 15.6.1 (133d7e76)
2 on edelquality docker runner without Docker in docker mode ZcvQMEgp
3 Resolving secrets 00:00
4 Preparing the "docker" executor 00:05
5Using Docker executor with image registry.gitlab.com/security-products/semgrep:4 ...
6Pulling docker image registry.gitlab.com/security-products/semgrep:4 ...
7Using docker image sha256:6ea544a4f84ba5abd50d60daa46406d2f62d13244b73768056cec2d3ff018e39 for registry.gitlab.com/security-products/semgrep:4 with digest registry.gitlab.com/security-products/semgrep@sha256:e20648e809c5a28b331591c045cb186e65eefa2c6d4c06dcd2fec31ae9a2fcc3 ...
8 Preparing environment 00:02
9Running on runner-zcvqmegp-project-162-concurrent-1 via edelquality...
10 Getting source from Git repository 01:09
11Fetching changes with git depth set to 20...
12Reinitialized existing Git repository in /tmp/builds/ZcvQMEgp/1/edelivery/smp/.git/
13Checking out d2e8550e as development...
14Removing smp-angular/node/
15Removing smp-angular/node_modules/
16Removing smp-angular/src/main/resources/META-INF/resources/
17Removing smp-angular/target/
18Removing smp-resource-extensions/oasis-cppa3-spi/target/
19Removing smp-resource-extensions/oasis-smp-spi/target/
20Removing smp-server-library/target/
21Removing smp-soapui-tests/target/
22Removing smp-spi/target/
23Removing smp-springboot/src/main/resources/
24Removing smp-springboot/target/
25Removing smp-webapp/target/
26Skipping Git submodules setup
27 Downloading artifacts 00:04
28Downloading artifacts for build-maven-job (225354)...
29Downloading artifacts from coordinator... ok id=225354 responseStatus=200 OK token=64_w_pEC
30 Executing "step_script" stage of the job script 00:39
31Using docker image sha256:6ea544a4f84ba5abd50d60daa46406d2f62d13244b73768056cec2d3ff018e39 for registry.gitlab.com/security-products/semgrep:4 with digest registry.gitlab.com/security-products/semgrep@sha256:e20648e809c5a28b331591c045cb186e65eefa2c6d4c06dcd2fec31ae9a2fcc3 ...
32$ /analyzer run
33[INFO] [Semgrep] [2023-08-04T04:47:40Z] ▶ GitLab Semgrep analyzer v4.4.4
34[INFO] [Semgrep] [2023-08-04T04:47:40Z] ▶ Detecting project
35[INFO] [Semgrep] [2023-08-04T04:47:40Z] ▶ Analyzer will attempt to analyze all projects in the repository
36[INFO] [Semgrep] [2023-08-04T04:47:40Z] ▶ Running analyzer
37[INFO] [Semgrep] [2023-08-04T04:48:02Z] ▶ Creating report
38panic: runtime error: invalid memory address or nil pointer dereference
39[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8d52b8]
40goroutine 1 [running]:
41gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.hasValidChild({{0xdd00001df4?, 0x17?, 0x7f094d49b870?}}, 0xc000144c90)
42 /build/taggr/node_resolver/node_resolver.go:104 +0x238
43gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc0001448a0?, 0xc000478000?}}, 0xc0001448a0, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
44 /build/taggr/node_resolver/node_resolver.go:69 +0xada
45gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00031ff20?, 0xc000478000?}}, 0xc00031ff20, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
46 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
47gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00031fd40?, 0xc000478000?}}, 0xc00031fd40, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
48 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
49gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00031fcb0?, 0xc000478000?}}, 0xc00031fcb0, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
50 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
51gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00031f5f0?, 0xc000478000?}}, 0xc00031f5f0, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
52 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
53gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00031f530?, 0xc000478000?}}, 0xc00031f530, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
54 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
55gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00045afc0?, 0x1e?}}, 0xc00040ed80, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
56 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
57gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc00040e900?, 0xc000478000?}}, 0xc00040e900, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
58 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
59gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0xc000654510?, 0xa?}}, 0xc00040e750, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
60 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
61gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr/node_resolver.Resolver.TagNodeChildren({{0x14ad780?, 0x40f7e7?, 0x30?}}, 0xc0004725d0, {0xc000038180, 0x76}, {0xc000478000, 0x3980, 0x3981}, {0x0, ...}, ...)
62 /build/taggr/node_resolver/node_resolver.go:88 +0xf48
63gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr.TagFile({{0xabee91?, 0x80?}, 0xc0000c0e80?, 0xaf4f00?}, {0xc000038180, 0x76})
64 /build/taggr/taggr.go:116 +0x18c
65gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/taggr.GenerateOptimalScopes({0xc000038180, 0x76}, {0xc0000c0f30, 0x2, 0xc000255090?}, {0xc00045faf0, 0x1, 0xc0000e9a58?})
66 /build/taggr/taggr.go:80 +0xdc
67gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/clicmds.PostProcess(0xc0001cc2c0?)
68 /build/clicmds/query.go:277 +0x83c
69github.com/urfave/cli/v2.(*Command).Run(0xc0001cc2c0, 0xc000047fc0, {0xc0001ec3f0, 0x7, 0x7})
70 /root/go/pkg/mod/github.com/urfave/cli/v2@v2.24.4/command.go:273 +0x9eb
71github.com/urfave/cli/v2.(*Command).Run(0xc0001cc580, 0xc000047e80, {0xc000024080, 0x8, 0x8})
72 /root/go/pkg/mod/github.com/urfave/cli/v2@v2.24.4/command.go:266 +0xc4d
73github.com/urfave/cli/v2.(*App).RunContext(0xc0001f0000, {0xb7faf8?, 0xc0000300a8}, {0xc000024080, 0x8, 0x8})
74 /root/go/pkg/mod/github.com/urfave/cli/v2@v2.24.4/app.go:332 +0x616
75github.com/urfave/cli/v2.(*App).Run(...)
76 /root/go/pkg/mod/github.com/urfave/cli/v2@v2.24.4/app.go:309
77main.main()
78 /build/main.go:30 +0x5e5
79████████████████████████████████████████████████
80███ ████ █████ ██ █ █ ██ ██ ██
81██ ██ ████ ██ █ ██████ ████ ████████ ██
82█ ███ ██ █ ███ ████ ███ ███ ██
83██ ████ ██ █ ██████ ████ ████████ ██
84████ ███████ ██ ███ ████ ██ ██
85██████ ████████████████████████████████████████
86████████████████████████████████████████████████
87[//vet import --src /tmp/builds/ZcvQMEgp/1/edelivery/smp --store /tmp/builds/ZcvQMEgp/1/edelivery/smp/vetstore --file-ext .go]
88[INFO] [VET] [2023-08-04T04:48:03Z] ▶ GitLab VET analyzer v0.18.3
89[INFO] [VET] [2023-08-04T04:48:03Z] ▶ Vet Import Process Starting...
90[INFO] [VET] [2023-08-04T04:48:03Z] ▶
91Import time 0.160210 seconds
92[INFO] [VET] [2023-08-04T04:48:03Z] ▶ VET import complete
93[INFO] [VET] [2023-08-04T04:48:03Z] ▶ GitLab VET analyzer v0.18.3
94████████████████████████████████████████████████
95███ ████ █████ ██ █ █ ██ ██ ██
96██ ██ ████ ██ █ ██████ ████ ████████ ██
97█ ███ ██ █ ███ ████ ███ ███ ██
98██ ████ ██ █ ██████ ████ ████████ ██
99████ ███████ ██ ███ ████ ██ ██
100██████ ████████████████████████████████████████
101████████████████████████████████████████████████
102[//vet verify --reportIn /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report.json --reportOut /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json --store /tmp/builds/ZcvQMEgp/1/edelivery/smp/vetstore --config /verify/semgrep.toml]
103[INFO] [VET] [2023-08-04T04:48:03Z] ▶ Augment report
104[INFO] [VET] [2023-08-04T04:48:03Z] ▶ Report augmented within 0.009328 seconds
105[INFO] [VET] [2023-08-04T04:48:03Z] ▶ /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json written
106 Uploading artifacts for successful job 00:02
107Uploading artifacts...
108gl-sast-report.json: found 1 matching files and directories
109Uploading artifacts as "sast" to coordinator... 201 Created id=225356 responseStatus=201 Created token=64_w_pEC
110 Cleaning up project directory and file based variables 00:02
111Job succeeded

For further information about the platform and support, please see https://code.europa.eu/info/about