OPA 0.29.1 panics when assigning non-existent input to variable inside function #3501
Assignees
Comments
|
🤦 I should have guessed... 251dcc5#r51373293 I'm on it. You're correct with the fix, but I'll add a test somewhere, too. |
srenatus
added a commit
to srenatus/opa
that referenced
this issue
May 28, 2021
...to avoid a panic at run time. Fixes open-policy-agent#3501. Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
|
@andrehaland would you mind reviewing that? we'll cut a release when it's in. |
Done |
|
Thank you 😃 |
srenatus
added a commit
that referenced
this issue
May 28, 2021
...to avoid a panic at run time. Fixes #3501. Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
|
✔️ 0.29.2 is here, fixing this. |
rogeriopeixotocx
added a commit
to Checkmarx/kics
that referenced
this issue
Jun 18, 2021
Reverting PR #3503 These are the two queries failing: https://github.com/Checkmarx/kics/blob/master/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/query.rego https://github.com/Checkmarx/kics/blob/master/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/query.rego We should check if this has anything to do with either: open-policy-agent/opa#3501 open-policy-agent/opa#3505 *UPDATE* This new query #3651 is failing after the update. This might be related to this issue open-policy-agent/opa#3546
rogeriopeixotocx
added a commit
to Checkmarx/kics
that referenced
this issue
Jun 18, 2021
Reverting PR #3503 These are the two queries failing: https://github.com/Checkmarx/kics/blob/master/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/query.rego https://github.com/Checkmarx/kics/blob/master/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/query.rego We should check if this has anything to do with either: open-policy-agent/opa#3501 open-policy-agent/opa#3505 *UPDATE* This new query #3651 is failing after the update. This might be related to this issue open-policy-agent/opa#3546 Signed-off-by: Rogério Peixoto <rogerio.peixoto@checkmarx.com>
rogeriopeixotocx
added a commit
to Checkmarx/kics
that referenced
this issue
Jun 18, 2021
Reverting PR #3503 These are the two queries failing: https://github.com/Checkmarx/kics/blob/master/assets/queries/k8s/volume_mount_with_os_directory_write_permissions/query.rego https://github.com/Checkmarx/kics/blob/master/assets/queries/terraform/kubernetes/volume_mount_with_os_directory_write_permissions/query.rego We should check if this has anything to do with either: open-policy-agent/opa#3501 open-policy-agent/opa#3505 *UPDATE* This new query #3651 is failing after the update. This might be related to this issue open-policy-agent/opa#3546 Signed-off-by: Rogério Peixoto <rogerio.peixoto@checkmarx.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
OPA to not panic
Actual Behavior
OPA panics when trying to assign non existent input data to a variable inside a function
Steps to Reproduce the Problem
With the following package
OPA panics with v0.29.1 and not in v0.28.0:
Additional Info
Looking at the source code where Go panics
github.com/open-policy-agent/opa/topdown.evalFunc.eval(0xc000184000, 0xc0001a78c0, 0x3, 0x4, 0xc0001a7940, 0x3, 0x4, 0xc0001d8a80, 0x5619580, 0xc00000f601) /Users/runner/work/opa/opa/topdown/eval.go:1509 +0x5acI see that the memoize feature added a direct lookup on index 0 before check if
ir.Empty()opa/topdown/eval.go
Lines 1509 to 1513 in a57fc72
I would guess that moving this assignment to after the empty check solves the issue, but I have not tested this yet. I will test this locally and raise a PR if it fixes the issue
The text was updated successfully, but these errors were encountered: