Skip to content

fix panic haskell cataloger#2419

Merged
willmurphyscode merged 1 commit intoanchore:pr-2419from
scribe-security:bug/haskell_panic_no_digest
Dec 20, 2023
Merged

fix panic haskell cataloger#2419
willmurphyscode merged 1 commit intoanchore:pr-2419from
scribe-security:bug/haskell_panic_no_digest

Conversation

@houdini91
Copy link
Copy Markdown
Contributor

@houdini91 houdini91 commented Dec 12, 2023
edited
Loading

Small fix panic (out of bound) for haskell cataloger,

The issue raises when stack.yaml.lock uses parseStackPackageEncoding when empty string.

For example:
https://github.com/EdsonACortese/postgrest/blob/aaa4fbc3703642cea2300715c5b2c7cb8266134a/stack.yaml.lock#L4..

Notice the first does not include a hackage field (causing a panic)

- completed:
    commit: a5847301404583e16d55cd4d051b8e605d704fbc
    git: https://github.com/runtimeverification/haskell-backend.git
    name: kore
    pantry-tree:
      sha256: 30a502eda589be5af735b1b59760ce3e0235c0cae8961978a46b3564dd8db32b
      size: 44685
    subdir: kore
    version: 0.60.0.0
  original:
    commit: a5847301404583e16d55cd4d051b8e605d704fbc
    git: https://github.com/runtimeverification/haskell-backend.git
    subdir: kore
  1. Another use case when stack.yaml parses extra-deps with packages that do not include a digest.

For example https://github.com/EdsonACortese/postgrest/blob/aaa4fbc3703642cea2300715c5b2c7cb8266134a/stack.yaml

Hope this helps.

@willmurphyscode willmurphyscode self-assigned this Dec 12, 2023
@willmurphyscode
Copy link
Copy Markdown
Contributor

willmurphyscode commented Dec 12, 2023

Thanks so much for the contribution @houdini91 !

I'm going to make an issue to track some notes, and add a unit test or two, but we should be able to get this in the next syft release.

@willmurphyscode willmurphyscode mentioned this pull request Dec 12, 2023
Closed
@willmurphyscode
Copy link
Copy Markdown
Contributor

willmurphyscode commented Dec 15, 2023

@houdini91 would you mind allowing maintainers to edit the PR? I was going to add a unit test and fix the linting error. (If you prefer to add the unit test and fix the linting error yourself, that's fine too :) ) I've attached a patch file of the changes I was about to push.

0001-add-unit-test-for-Haskell-cataloger-panic-fix.patch

@houdini91
Copy link
Copy Markdown
Contributor Author

houdini91 commented Dec 16, 2023

I don't mind at all.

@willmurphyscode
Copy link
Copy Markdown
Contributor

willmurphyscode commented Dec 18, 2023

Thanks @houdini91! I was asking for you to enable contributors to push to the PR, in GitHub settings, not just asking permission generally. https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork - would you mind either doing that, or pushing the patch file I attached to my last comment to this branch? Thanks!

@houdini91
patch unitest
c92cd82 
Provided by willmurphyscode

Signed-off-by: houdini91 <mdstrauss91@gmail.com>
@houdini91
Copy link
Copy Markdown
Contributor Author

houdini91 commented Dec 19, 2023

Sorry for the confusion,
I Can't seem to find how to enable the commits to PR (maybe i don't have permissions) , i just applied in the patch as you requested.

@willmurphyscode willmurphyscode changed the title fix panic haskill cataloger fix panic haskell cataloger Dec 20, 2023
@willmurphyscode willmurphyscode changed the base branch from main to pr-2419 December 20, 2023 14:42
@willmurphyscode willmurphyscode added the bug Something isn't working label Dec 20, 2023
@willmurphyscode willmurphyscode merged commit 1db4f15 into anchore:pr-2419 Dec 20, 2023
@willmurphyscode willmurphyscode mentioned this pull request Dec 20, 2023
Merged
@willmurphyscode willmurphyscode linked an issue Dec 21, 2023 that may be closed by this pull request
stop panic when parsing Haskell stack.yaml.lock with missing hackage field #2421
Closed
@Porkepix Porkepix mentioned this pull request Dec 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@willmurphyscode willmurphyscode

Labels

bug Something isn't working

Projects

OSS
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

stop panic when parsing Haskell stack.yaml.lock with missing hackage field

2 participants

@houdini91 @willmurphyscode