wraith
wraith copied to clipboard
N0MoreSecr3ts
[BUG][SIGSEGV] Segmentation fault when user doesn't exist
Issue:
____ __ ____ .______ ___ __ .___________. __ __
\ \ / \ / / | _ \ / \ | | | || | | |
\ \/ \/ / | |_) | / ^ \ | | `---| |----`| |__| |
\ / | / / /_\ \ | | | | | __ |
\ /\ / | |\ \----./ _____ \ | | | | | | | |
\__/ \__/ | _| `._____/__/ \__\ |__| |__| |__| |__|
wraith v0.0.6 started at 2021-03-08T16:01:08Z
Loaded 0 signatures.
Web interface available at http://127.0.0.1:9393 Gathering users...
Unable to collect user <nil>: GET https://api.github.com/users/USER1234567777: 404 Not Found []
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xcf3ac3]
goroutine 1 [running]:
wraith/core.(*Session).addUser(0xc00017c580, 0x0)
/root/tools/git/wraith/core/github.go:66 +0xe3
wraith/core.GatherUsers(0xc00017c580)
/root/tools/git/wraith/core/github.go:100 +0x1d9
wraith/cmd.glob..func1(0x1654840, 0xc000128480, 0x0, 0x8)
/root/tools/git/wraith/cmd/scanGithub.go:52 +0x8e6
github.com/spf13/cobra.(*Command).execute(0x1654840, 0xc000128400, 0x8, 0x8, 0x1654840, 0xc000128400)
/root/tools/go/pkg/mod/github.com/spf13/[email protected]/command.go:854 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x16545a0, 0x44736a, 0x15b16c0, 0xc000000180)
/root/tools/go/pkg/mod/github.com/spf13/[email protected]/command.go:958 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
/root/tools/go/pkg/mod/github.com/spf13/[email protected]/command.go:895
wraith/cmd.Execute()
/root/tools/git/wraith/cmd/root.go:22 +0x31
main.main()
/root/tools/git/wraith/main.go:29 +0x25
Steps to reproduce:
I go this problem by running this command:
wraith scanGithub --num-threads 4 --github-api-token $GITHUB_ACCESS_TOKEN --github-users user1,user2,user3,...
Note: the list of users was large (~100), and the bug was due to the fact that one of the users in the list did not exist anymore.
I will look into this, looking at the above is, it looks like the user was not found, not an issue with wraith. I can look to add some defensive coding around this. There is already a branch looking at adding significant defensive code for exceptions and missing configs. Always happy to take pull requests off the develop branch.
@nil0x42
The execution needs to continue onto next iteration if user is not found. Otherwise, execution goes to sess.addUser(u) where the segmentation fault is thrown.
https://github.com/N0MoreSecr3ts/wraith/blob/5efcf84863d94b5ae9cdfe7a93478df46e211245/core/github.go#L95-L102
