fix: Crash occurs when doing scan against a directory that is denied [#125]#129
Open
JicLotus wants to merge 2 commits intoVirusTotal:masterfrom
Open
fix: Crash occurs when doing scan against a directory that is denied [#125]#129JicLotus wants to merge 2 commits intoVirusTotal:masterfrom
JicLotus wants to merge 2 commits intoVirusTotal:masterfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
#125
TL;DR: Re expected behavior, as discussed in the issue here: even if we encounter errors while reading files or directories, we continue processing what can be read for scanning.
There is an existing bug that crashes the application at
utils/string_reader.go:46when a *StringArrayReader object is received. The issue arises because implementations were receiving errors as expected and sometimes a nil StringArrayReader. However, code that follows this utility, such as file/directory reading logic, does not properly verify errors before using the*StringArrayReader.In my fix, I ensure that the function always returns a non-empty StringArrayReader containing file strings. Any errors encountered during processing are collected and returned separately, while invalid or problematic files/directories are ignored. This guarantees that downstream code always has a valid StringArrayReader, even if it does not perform thorough error checking.
Note: A more comprehensive refactor is recommended in the future, including improving error handling and adding unit tests across the repository, but this will require additional effort.
Testing
Unit testing: Unit tests covering reading
Manual Build Testing (macOS): Verified the new behavior when building multiple subdirectories and files with restricted permissions. For example, at the root, there are files a, b, c, d, z and subdirectories sub and sub_2. When running scan -r, the file c is permission-denied, and the directory sub_2 is skipped, while all other accessible files and directories are processed correctly.
make all