makes icon indicating copy to clipboard operation
makes copied to clipboard
verified publisher icon fluidattacks

Problem - Key: namespace is required

Open BlackRoosie opened this issue 3 years ago • 10 comments

I got a problem during executing command: m gitlab:fluidattacks/universe@trunk /skims scan ~/.makes/cache/sources/gitlab-fluidattacks-universe-trunk/integrates/secrets/lint/config.yaml

`[WARNING] Function: main.cli_scan_wrapped, type: Key: namespace is required Traceback (most recent call last): File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/config/init.py", line 141, in load namespace=config.pop("namespace"), KeyError: 'namespace'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/utils/function.py", line 220, in wrapper return function(*args, **kwargs) File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/cli/init.py", line 121, in cli_scan_wrapped success: bool = run( File "/nix/store/33z2zxmvnq9k4fmbqim6ffzhlgiwmxb6-skims-runtime/lib/python3.8/site-packages/aioextensions/init.py", line 292, in run return asyncio.run(coroutine, debug=debug) File "/nix/store/mbsng5p51yxdpkf53v91i6ck8fdg4w9b-python3-3.8.13/lib/python3.8/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "/nix/store/mbsng5p51yxdpkf53v91i6ck8fdg4w9b-python3-3.8.13/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/core/scan.py", line 233, in main load(group, config) # NOSONAR File "/nix/store/ns80wma6fhz5cdsd1zz1sz9xyv4kx670-skims/config/init.py", line 161, in load raise confuse.ConfigError(f"Key: {exc.args[0]} is required") confuse.exceptions.ConfigError: Key: namespace is required

[INFO] Success: False`

Can you help me to solve it?

BlackRoosie avatar Dec 05 '22 16:12 BlackRoosie

You must specify a namespace with any name

language: EN
namespace: namespace
output:
  file_path: skims/test/outputs/lib_path.csv
  format: CSV
path:
  exclude:
    - glob(integrates/**/*)
  include:
    - skims/test/data/lib_path
  lib_path: true
  lib_root: false

https://gitlab.com/fluidattacks/universe/-/blob/6f37e27fa19521f993e4c18af330cfdb4e90b18e/skims/test/data/config/lib_path.yaml#L3

drestrepom avatar Dec 05 '22 17:12 drestrepom

Where should I put this file?

BlackRoosie avatar Dec 05 '22 19:12 BlackRoosie

If you are trying to execute skims, yo must create a file named settings.yaml and put the previous content, an execute the following command m gitlab:fluidattacks/universe@trunk /skims scan settings.yaml

drestrepom avatar Dec 06 '22 00:12 drestrepom

thanks for help!

I got another question now, could you tell me what is the problem here?:

/nix/store/23lng6qisjckqkaxk7pwqi3pv1lsxq5q-make-template-for-skims-config-runtime/template: line 10: 12317 Killed python '/nix/store/l5njw5h0afshm7h13didf90rc3xqcj4z-skims/cli/init.py' "$@"

───────────────────────────────────────────────────────── 🤦 Failed with exit code 137 ─

BlackRoosie avatar Dec 14 '22 23:12 BlackRoosie

On macOS I get the same error

/nix/store/1gv67p7sg3lkmwlx07l4i7f8y1yzcvy8-make-template-for-skims-config-runtime/template: line 10: 2929 Killed python '/nix/store/k7hxzzfrihasdyb0pqsw5h4c1f980fvx-skims/cli/__init__.py' "$@"

On Ubuntu I get

A child process terminated abruptly, the process pool is not usable anymore

I have a quite big repo and on both systems it fails at different percentages during SAST test. I would assume it is related to this issue: https://gitlab.com/fluidattacks/universe/-/issues/5976 Even though the issue was closed about a year ago it seems this reappeared.

ndreisg avatar Jan 23 '24 14:01 ndreisg

I was able to workaround my issue (at least on macOS, didn't try on Ubuntu yet) by splitting my .yaml file into two files (one only containing SAST, the other containing SCA and APK) and running them separately.

ndreisg avatar Jan 23 '24 15:01 ndreisg

Hi, could you answer some questions to narrow the cause of the error. How many vulnerabilities did the scanner report after splitting the config? How many files does the repo have? What is the configuration being used in both cases (before splitting it and after)

jgomezb11 avatar Jan 23 '24 17:01 jgomezb11

Sure,

the original config before splitting was the one from this link: https://docs.fluidattacks.com/tech/scanner/standalone/casa/

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results.csv
  format: CSV
working_dir: .
language: EN
sast:
  include:
    - .
sca:
  include:
    - .
apk:
  include:
    - glob(**/*.apk)

These are the two config files after splitting:

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results-SAST.csv
  format: CSV
working_dir: .
language: EN
sast:
  include:
    - .

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results-SCA-APK.csv
  format: CSV
working_dir: .
language: EN
sca:
  include:
    - .
apk:
  include:
    - glob(**/*.apk)

The SAST scan reported 65 vulnerabilities. The SCA and APK scans reported 4 vulnerabilities.

The repo is an Android project containing 5008 files (310 MB) in total.

ndreisg avatar Jan 24 '24 14:01 ndreisg

@jgomezb11 it seems this can be easily reproduced by adding more APK files In my project I have 4 APK files (3 with ~20MB each and one with ~40MB) If I run the SCA and APK test (last config file above) with all 4 APKs it already fails with the error above If I only test 1 APK at a time it works fine

ndreisg avatar Feb 08 '24 14:02 ndreisg

@jgomezb11 it seems this can be easily reproduced by adding more APK files In my project I have 4 APK files (3 with ~20MB each and one with ~40MB) If I run the SCA and APK test (last config file above) with all 4 APKs it already fails with the error above If I only test 1 APK at a time it works fine

Try again, probably the problem is generated by multiprocessing, make a change to mitigate this possible situation

https://gitlab.com/fluidattacks/universe/-/merge_requests/55882

drestrepom avatar Feb 08 '24 23:02 drestrepom