malice
malice copied to clipboard
maliceio
Segmentation Violation when updating pescan (similar to issue #59)
Describe the bug ...with malice plugin update -all [Updating Plugin] ===> pescan latest: Pulling from malice/pescan Digest: sha256:f99c8e823968e54c6470eaaff3bccdb1dcd9e520bcc034c693c742397c641b1d Status: Image is up to date for malice/pescan:latest
...plugin update when running the scan [Updating Plugin] ===> pescan panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1577f35]
goroutine 1 [running]: github.com/maliceio/malice/malice/docker/client/image.Pull(0xc0003d8a50, 0xc0003b2aa0, 0xd, 0x17306c3, 0x6) /Users/blacktop/go/src/github.com/maliceio/malice/malice/docker/client/image/image.go:40 +0x95 github.com/maliceio/malice/plugins.UpdateEnabledPlugins(0xc0003d8a50) /Users/blacktop/go/src/github.com/maliceio/malice/plugins/plugins.go:257 +0x2b0 github.com/maliceio/malice/commands.cmdUpdatePlugin(0x0, 0x0, 0x1, 0x0, 0xc000086b40) /Users/blacktop/go/src/github.com/maliceio/malice/commands/plugin.go:161 +0x20f github.com/maliceio/malice/commands.glob..func8(0xc00034e840, 0x0, 0xc00034e840) /Users/blacktop/go/src/github.com/maliceio/malice/commands/commands.go:138 +0xc1 github.com/maliceio/malice/vendor/github.com/urfave/cli.HandleAction(0x162b880, 0x1758ff8, 0xc00034e840, 0xc000086b00, 0x0) /Users/blacktop/go/src/github.com/maliceio/malice/vendor/github.com/urfave/cli/app.go:490 +0xc8 github.com/maliceio/malice/vendor/github.com/urfave/cli.Command.Run(0x173087f, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x173450f, 0xd, 0x0, ...) /Users/blacktop/go/src/github.com/maliceio/malice/vendor/github.com/urfave/cli/command.go:210 +0x990 github.com/maliceio/malice/vendor/github.com/urfave/cli.(*App).RunAsSubcommand(0xc000020d00, 0xc00034e580, 0x0, 0x0) /Users/blacktop/go/src/github.com/maliceio/malice/vendor/github.com/urfave/cli/app.go:379 +0x7ef github.com/maliceio/malice/vendor/github.com/urfave/cli.Command.startApp(0x1730735, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17400fb, 0x1f, 0x0, ...) /Users/blacktop/go/src/github.com/maliceio/malice/vendor/github.com/urfave/cli/command.go:298 +0x808 github.com/maliceio/malice/vendor/github.com/urfave/cli.Command.Run(0x1730735, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17400fb, 0x1f, 0x0, ...) /Users/blacktop/go/src/github.com/maliceio/malice/vendor/github.com/urfave/cli/command.go:98 +0x1237 github.com/maliceio/malice/vendor/github.com/urfave/cli.(*App).Run(0xc000020b60, 0xc0000ac0c0, 0x4, 0x4, 0x0, 0x0) /Users/blacktop/go/src/github.com/maliceio/malice/vendor/github.com/urfave/cli/app.go:255 +0x687 main.main() /Users/blacktop/go/src/github.com/maliceio/malice/main.go:88 +0x4b2
To Reproduce
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock
-v pwd:/malice/samples
--network="host"
-e MALICE_VT_API=$MALICE_VT_API
malice/engine scan malware.exe
or
malice scan malware.exe
Expected behavior
no segmentation violations
Environment (please complete the following information):
Output of docker version:
Client: Docker Engine - Community Version: 19.03.12 API version: 1.40 Go version: go1.13.10 Git commit: 48a66213fe Built: Mon Jun 22 15:41:33 2020 OS/Arch: darwin/amd64 Experimental: false
Server: Docker Engine - Community Engine: Version: 19.03.12 API version: 1.40 (minimum version 1.12) Go version: go1.13.10 Git commit: 48a66213fe Built: Mon Jun 22 15:49:27 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.2.13 GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc: Version: 1.0.0-rc10 GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd docker-init: Version: 0.18.0 GitCommit: fec3683
Output of docker info:
Client: Debug Mode: false
Server: Containers: 28 Running: 11 Paused: 0 Stopped: 17 Images: 93 Server Version: 19.03.12 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.19.76-linuxkit Operating System: Docker Desktop OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.848GiB Name: docker-desktop ID: 7LG6:7FY2:6EEC:M43Z:YNEI:6ANZ:3UHD:56JL:RJYT:NXTJ:FWAX:2Q75 Docker Root Dir: /var/lib/docker Debug Mode: true File Descriptors: 107 Goroutines: 111 System Time: 2020-08-27T02:28:05.0689518Z EventsListeners: 3 HTTP Proxy: gateway.docker.internal:3128 HTTPS Proxy: gateway.docker.internal:3129 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false Product License: Community Engine
Additional environment details (AWS, VirtualBox, physical, Docker For Mac, Docker Toolbox, docker-machine, etc.): Docker For Mac
Additional context config: [[plugin]] name = "pescan" enabled = true category = "test" description = "This is a test plugin" image = "blacktop/test" repository = "" build = false apikey = "" mime = "image/png" cmd = "" Installed = false
updated the config and enabled/disabled other plugins including javascript and archive. Received the same error at same address whenever it reaches the last plugin:
[Updating Plugin] ===> javascript panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1577f35]
[Updating Plugin] ===> archive panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1577f35]