Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(misconf): Stack overflow from using input.aws.iam.groups[_] in Rego #5866

Closed
2 tasks done
simar7 opened this issue Jan 3, 2024 Discussed in #5865 · 4 comments · Fixed by #6862
Closed
2 tasks done

bug(misconf): Stack overflow from using input.aws.iam.groups[_] in Rego #5866

simar7 opened this issue Jan 3, 2024 Discussed in #5865 · 4 comments · Fixed by #6862
Assignees
@simar7 @nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.53.0

Comments

@simar7
Copy link
Member

simar7 commented Jan 3, 2024

Discussed in #5865

Originally posted by brsolomon-deloitte January 3, 2024

Description

Passing Trivy a custom Rego policy that uses input.aws.iam.groups[_] for Terraform code will cause a fatal error: stack overflow error.

Desired Behavior

Should be able to run trivy config successfully using custom Rego policy.

Actual Behavior

$ trivy config --config-policy=policy.rego --severity=CRITICAL --namespaces=user --trace .
2024-01-03T08:38:46.810-0500	INFO	Misconfiguration scanning is enabled
runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0x14024192390 stack=[0x14024192000, 0x14044192000]
fatal error: stack overflow

runtime stack:
runtime.throw({0x10ad9be1c?, 0x200000008?})
	runtime/panic.go:1077 +0x40 fp=0x16c52ed50 sp=0x16c52ed20 pc=0x10491b260
runtime.newstack()
	runtime/stack.go:1107 +0x458 fp=0x16c52ef00 sp=0x16c52ed50 pc=0x104936b28
traceback: unexpected SPWRITE function runtime.morestack
runtime.morestack()
	runtime/asm_arm64.s:316 +0x70 fp=0x16c52ef00 sp=0x16c52ef00 pc=0x10494f3f0

goroutine 1 [running]:
github.com/open-policy-agent/opa/types.Nil({0x10d924f10?, 0x111619f00?})
	github.com/open-policy-agent/[email protected]/types/types.go:1084 +0x29c fp=0x14024192390 sp=0x14024192390 pc=0x1053ee55c
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e0e0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241923e0 sp=0x14024192390 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e380?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192430 sp=0x140241923e0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0ff0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192480 sp=0x14024192430 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241924d0 sp=0x14024192480 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192520 sp=0x140241924d0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192570 sp=0x14024192520 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140241925c0 sp=0x14024192570 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192610 sp=0x140241925c0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192660 sp=0x14024192610 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241926b0 sp=0x14024192660 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192700 sp=0x140241926b0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192750 sp=0x14024192700 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140241927a0 sp=0x14024192750 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241927f0 sp=0x140241927a0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192840 sp=0x140241927f0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192890 sp=0x14024192840 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140241928e0 sp=0x14024192890 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192930 sp=0x140241928e0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192980 sp=0x14024192930 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241929d0 sp=0x14024192980 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192a20 sp=0x140241929d0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192a70 sp=0x14024192a20 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192ac0 sp=0x14024192a70 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192b10 sp=0x14024192ac0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192b60 sp=0x14024192b10 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192bb0 sp=0x14024192b60 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192c00 sp=0x14024192bb0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192c50 sp=0x14024192c00 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192ca0 sp=0x14024192c50 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192cf0 sp=0x14024192ca0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192d40 sp=0x14024192cf0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192d90 sp=0x14024192d40 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192de0 sp=0x14024192d90 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192e30 sp=0x14024192de0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192e80 sp=0x14024192e30 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192ed0 sp=0x14024192e80 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192f20 sp=0x14024192ed0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024192f70 sp=0x14024192f20 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024192fc0 sp=0x14024192f70 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024193010 sp=0x14024192fc0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024193060 sp=0x14024193010 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241930b0 sp=0x14024193060 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024193100 sp=0x140241930b0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024193150 sp=0x14024193100 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140241931a0 sp=0x14024193150 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140241931f0 sp=0x140241931a0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14024193240 sp=0x140241931f0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14024193290 sp=0x14024193240 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140241932e0 sp=0x14024193290 pc=0x1053ee4b8
...6710223 frames elided...
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140441863e0 sp=0x14044186390 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14044186430 sp=0x140441863e0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14044186480 sp=0x14044186430 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e460?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x140441864d0 sp=0x14044186480 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c1020?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x14044186520 sp=0x140441864d0 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038dfa0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14044186570 sp=0x14044186520 pc=0x1053ee3f0
github.com/open-policy-agent/opa/types.Nil({0x10d924f70?, 0x140029c0fc0?})
	github.com/open-policy-agent/[email protected]/types/types.go:1102 +0x1f8 fp=0x140441865c0 sp=0x14044186570 pc=0x1053ee4b8
github.com/open-policy-agent/opa/types.Nil({0x10d924fa0?, 0x1400038e720?})
	github.com/open-policy-agent/[email protected]/types/types.go:1106 +0x130 fp=0x14044186610 sp=0x140441865c0 pc=0x1053ee3f0
github.com/open-policy-agent/opa/ast.unify2(0x140029fe7f8?, 0x14002b73740, {0x0, 0x0}, 0x14002b73860, {0x10d924fa0, 0x1400038e720})
	github.com/open-policy-agent/[email protected]/ast/check.go:422 +0x50 fp=0x14044186660 sp=0x14044186610 pc=0x10543b0c0
github.com/open-policy-agent/opa/ast.(*typeChecker).checkExprEq(0x11ad004a0?, 0x10d6f5720?, 0x14001b9fc20)
	github.com/open-policy-agent/[email protected]/ast/check.go:386 +0x460 fp=0x140441867b0 sp=0x14044186660 pc=0x10543ab60
github.com/open-policy-agent/opa/ast.(*typeChecker).checkExprEq-fm(0x10cbe50e0?, 0x1400279f560?)
	<autogenerated>:1 +0x34 fp=0x140441867e0 sp=0x140441867b0 pc=0x1054e3124
github.com/open-policy-agent/opa/ast.(*typeChecker).checkExpr(0x1400275b5c0, 0x10d6f5720?, 0x14001b9fc20)
	github.com/open-policy-agent/[email protected]/ast/check.go:304 +0xec fp=0x14044186820 sp=0x140441867e0 pc=0x105439c8c
github.com/open-policy-agent/opa/ast.(*typeChecker).CheckBody.func1(0x14003593ba8?)
	github.com/open-policy-agent/[email protected]/ast/check.go:119 +0x2f4 fp=0x140441868f0 sp=0x14044186820 pc=0x105438434
github.com/open-policy-agent/opa/ast.WalkExprs.func1({0x10d6f5720?, 0x14001b9fc20?})
	github.com/open-policy-agent/[email protected]/ast/visit.go:221 +0x40 fp=0x14044186910 sp=0x140441868f0 pc=0x1054b9970
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0x1400157fc40, {0x10d6f5720?, 0x14001b9fc20?})
	github.com/open-policy-agent/[email protected]/ast/visit.go:286 +0x48 fp=0x14044186a90 sp=0x14044186910 pc=0x1054b9e28
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0x1400157fc40, {0x10d541f60?, 0x140029fe810?})
	github.com/open-policy-agent/[email protected]/ast/visit.go:327 +0xc98 fp=0x14044186c10 sp=0x14044186a90 pc=0x1054baa78
github.com/open-policy-agent/opa/ast.WalkExprs({0x10d541f60, 0x140029fe810}, 0x1400047fd00)
	github.com/open-policy-agent/[email protected]/ast/visit.go:225 +0x98 fp=0x14044186c40 sp=0x14044186c10 pc=0x1054b98f8
github.com/open-policy-agent/opa/ast.(*typeChecker).CheckBody(0x1400275b5c0, 0x1400217d618?, {0x14001da9830, 0x2, 0x2})
	github.com/open-policy-agent/[email protected]/ast/check.go:102 +0xdc fp=0x14044186cc0 sp=0x14044186c40 pc=0x10543801c
github.com/open-policy-agent/opa/ast.(*typeChecker).checkRule(0x1400275b5c0, 0x14003593ba8, 0x1400373aee8?, 0x14001cf4050)
	github.com/open-policy-agent/[email protected]/ast/check.go:203 +0x420 fp=0x14044186e60 sp=0x14044186cc0 pc=0x105439310
github.com/open-policy-agent/opa/ast.(*typeChecker).CheckTypes(0x1400275b5c0, 0x1400279f560?, {0x140001d7000, 0x2b7, 0x10cbe5440?}, 0x14001e61950?)
	github.com/open-policy-agent/[email protected]/ast/check.go:142 +0x68 fp=0x14044186ef0 sp=0x14044186e60 pc=0x1054385a8
github.com/open-policy-agent/opa/ast.(*Compiler).checkTypes(0x1400235a9a0)
	github.com/open-policy-agent/[email protected]/ast/compile.go:1441 +0x264 fp=0x14044186fb0 sp=0x14044186ef0 pc=0x10544da04
github.com/open-policy-agent/opa/ast.(*Compiler).checkTypes-fm()
	<autogenerated>:1 +0x28 fp=0x14044186fd0 sp=0x14044186fb0 pc=0x1054e2e08
github.com/open-policy-agent/opa/ast.(*Compiler).runStage(0x82?, {0x10ae196f9?, 0x10ad9cee6?}, 0xe?)
	github.com/open-policy-agent/[email protected]/ast/compile.go:1472 +0xbc fp=0x14044187030 sp=0x14044186fd0 pc=0x10544e32c
github.com/open-policy-agent/opa/ast.(*Compiler).compile(0x1400235a9a0)
	github.com/open-policy-agent/[email protected]/ast/compile.go:1498 +0x12c fp=0x14044187120 sp=0x14044187030 pc=0x10544e6ec
github.com/open-policy-agent/opa/ast.(*Compiler).Compile(0x1400235a9a0, 0x140015c31d0)
	github.com/open-policy-agent/[email protected]/ast/compile.go:499 +0x310 fp=0x14044187200 sp=0x14044187120 pc=0x105445280
github.com/aquasecurity/trivy-iac/pkg/rego.(*Scanner).compilePolicies(0x1400311c200, {0x10d874a00, 0x140028f2120}, {0x140037a5560, 0x1, 0x1})
	github.com/aquasecurity/[email protected]/pkg/rego/load.go:158 +0x10c fp=0x14044187280 sp=0x14044187200 pc=0x10582c91c
github.com/aquasecurity/trivy-iac/pkg/rego.(*Scanner).LoadPolicies(0x1400311c200, 0x0?, 0x0?, {0x10d874a00?, 0x14002ef1578?}, {0x140037a5560, 0x1, 0x1}, {0x0, 0x0, ...})
	github.com/aquasecurity/[email protected]/pkg/rego/load.go:127 +0x6a0 fp=0x14044187510 sp=0x14044187280 pc=0x10582c600
github.com/aquasecurity/trivy-iac/pkg/scanners/terraform.(*Scanner).initRegoScanner(0x14002685800, {0x10d874a00, 0x14002ef1578})
	github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:156 +0x150 fp=0x140441875b0 sp=0x14044187510 pc=0x10a5f9410
github.com/aquasecurity/trivy-iac/pkg/scanners/terraform.(*Scanner).ScanFSWithMetrics(0x14002685800, {0x10d938040, 0x14000f91960}, {0x10d874a00?, 0x14002ef1578}, {0x10c357898, 0x1})
	github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:203 +0x160 fp=0x14044188610 sp=0x140441875b0 pc=0x10a5f9b00
github.com/aquasecurity/trivy-iac/pkg/scanners/terraform.(*Scanner).ScanFS(0x1400368f040?, {0x10d938040?, 0x14000f91960?}, {0x10d874a00?, 0x14002ef1578?}, {0x10c357898?, 0x1?})
	github.com/aquasecurity/[email protected]/pkg/scanners/terraform/scanner.go:143 +0x38 fp=0x14044188760 sp=0x14044188610 pc=0x10a5f9248
github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan(0x14002200b70, {0x10d938040, 0x14000f91960}, {0x10d874a00?, 0x14002ef1548?})
	github.com/aquasecurity/trivy/pkg/misconf/scanner.go:147 +0x13c fp=0x14044188930 sp=0x14044188760 pc=0x10a603cfc
github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze(0x140001d1e80, {0x10d938040?, 0x14000f91960?}, {{0x10d874a00?, 0x14002ef1548?}, {0x9?, 0x0?}})
	github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/config.go:45 +0x38 fp=0x140441889b0 sp=0x14044188930 pc=0x10aa1b0f8
github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/terraform.(*terraformConfigAnalyzer).PostAnalyze(0x2?, {0x10d938040?, 0x14000f91960?}, {{0x10d874a00?, 0x14002ef1548?}, {0x0?, 0x18?}})
	<autogenerated>:1 +0x38 fp=0x140441889f0 sp=0x140441889b0 pc=0x10aa1ced8
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze({{0x140025d22c0, 0x3, 0x4}, {0x14002e71600, 0x7, 0x8}, 0x14002ebc6c0}, {0x10d938040, 0x14000f91960}, 0x140031246e0, ...)
	github.com/aquasecurity/trivy/pkg/fanal/analyzer/analyzer.go:491 +0x23c fp=0x14044188c90 sp=0x140441889f0 pc=0x10a60b90c
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect({{0x16b52323f, 0x1}, {0x11b31e188, 0x140034ac540}, {{{0x0, 0x0, 0x0}, {0x14003110f00, 0x3, 0x4}}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/fanal/artifact/local/fs.go:163 +0x384 fp=0x140441893f0 sp=0x14044188c90 pc=0x10a97f254
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.(*Artifact).Inspect(_, {_, _})
	<autogenerated>:1 +0xb0 fp=0x1404418a140 sp=0x140441893f0 pc=0x10a97fe20
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0x0, 0x0, 0x0}, {0x140034ac3f0, ...}, ...})
	github.com/aquasecurity/trivy/pkg/scanner/scan.go:146 +0xa4 fp=0x1404418aba0 sp=0x1404418a140 pc=0x10aadb9a4
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x10ad65e1a, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x1400153f2f0, ...}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:704 +0x308 fp=0x1404418c5b0 sp=0x1404418aba0 pc=0x10aae14e8
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x10ad65e1a, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:267 +0xa8 fp=0x1404418d240 sp=0x1404418c5b0 pc=0x10aadd528
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanFS(_, {_, _}, {{{0x10ad65e1a, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:215 +0xac fp=0x1404418dec0 sp=0x1404418d240 pc=0x10aadceec
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanFilesystem(_, {_, _}, {{{0x10ad65e1a, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:195 +0x1b8 fp=0x1404418eb50 sp=0x1404418dec0 pc=0x10aadcbd8
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x10ad65e1a, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0x1400153f2f0, ...}, ...}, ...}, ...)
	github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:428 +0x3e0 fp=0x140441907b0 sp=0x1404418eb50 pc=0x10aade840
github.com/aquasecurity/trivy/pkg/commands.NewConfigCommand.func2(0x14000ea0600, {0x140023bfa40, 0x1, 0x5})
	github.com/aquasecurity/trivy/pkg/commands/app.go:683 +0x290 fp=0x14044191c50 sp=0x140441907b0 pc=0x10ab87980
github.com/spf13/cobra.(*Command).execute(0x14000ea0600, {0x140023bf9f0, 0x5, 0x5})
	github.com/spf13/[email protected]/command.go:940 +0x66c fp=0x14044191d90 sp=0x14044191c50 pc=0x104adfbbc
github.com/spf13/cobra.(*Command).ExecuteC(0x14001499800)
	github.com/spf13/[email protected]/command.go:1068 +0x320 fp=0x14044191e50 sp=0x14044191d90 pc=0x104ae0360
github.com/spf13/cobra.(*Command).Execute(0x10add2e25?)
	github.com/spf13/[email protected]/command.go:992 +0x1c fp=0x14044191e70 sp=0x14044191e50 pc=0x104adff8c
main.run()
	github.com/aquasecurity/trivy/cmd/trivy/main.go:35 +0x178 fp=0x14044191f10 sp=0x14044191e70 pc=0x10ad376e8
main.main()
	github.com/aquasecurity/trivy/cmd/trivy/main.go:17 +0x1c fp=0x14044191f30 sp=0x14044191f10 pc=0x10ad3754c
runtime.main()
	runtime/proc.go:267 +0x2bc fp=0x14044191fd0 sp=0x14044191f30 pc=0x10491e9cc
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x14044191fd0 sp=0x14044191fd0 pc=0x1049518e4

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000eef90 sp=0x140000eef70 pc=0x10491ee28
runtime.goparkunlock(...)
	runtime/proc.go:404
runtime.forcegchelper()
	runtime/proc.go:322 +0xb8 fp=0x140000eefd0 sp=0x140000eef90 pc=0x10491ec88
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000eefd0 sp=0x140000eefd0 pc=0x1049518e4
created by runtime.init.6 in goroutine 1
	runtime/proc.go:310 +0x24

goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000ef760 sp=0x140000ef740 pc=0x10491ee28
runtime.goparkunlock(...)
	runtime/proc.go:404
runtime.bgsweep(0x0?)
	runtime/mgcsweep.go:321 +0x108 fp=0x140000ef7b0 sp=0x140000ef760 pc=0x104907468
runtime.gcenable.func1()
	runtime/mgc.go:200 +0x28 fp=0x140000ef7d0 sp=0x140000ef7b0 pc=0x1048fbd58
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000ef7d0 sp=0x140000ef7d0 pc=0x1049518e4
created by runtime.gcenable in goroutine 1
	runtime/mgc.go:200 +0x6c

goroutine 4 [GC scavenge wait]:
runtime.gopark(0xf8dcd3?, 0x6553f100?, 0x0?, 0x0?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000eff50 sp=0x140000eff30 pc=0x10491ee28
runtime.goparkunlock(...)
	runtime/proc.go:404
runtime.(*scavengerState).park(0x1115c36a0)
	runtime/mgcscavenge.go:425 +0x5c fp=0x140000eff80 sp=0x140000eff50 pc=0x104904b3c
runtime.bgscavenge(0x0?)
	runtime/mgcscavenge.go:658 +0xac fp=0x140000effb0 sp=0x140000eff80 pc=0x10490511c
runtime.gcenable.func2()
	runtime/mgc.go:201 +0x28 fp=0x140000effd0 sp=0x140000effb0 pc=0x1048fbcf8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000effd0 sp=0x140000effd0 pc=0x1049518e4
created by runtime.gcenable in goroutine 1
	runtime/mgc.go:201 +0xac

goroutine 18 [finalizer wait]:
runtime.gopark(0x140000ee5b8?, 0x14000210090?, 0xe8?, 0xe5?, 0x10a48da4c?)
	runtime/proc.go:398 +0xc8 fp=0x140000ee580 sp=0x140000ee560 pc=0x10491ee28
runtime.runfinq()
	runtime/mfinal.go:193 +0x108 fp=0x140000ee7d0 sp=0x140000ee580 pc=0x1048fae08
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000ee7d0 sp=0x140000ee7d0 pc=0x1049518e4
created by runtime.createfing in goroutine 1
	runtime/mfinal.go:163 +0x80

goroutine 19 [GC worker (idle)]:
runtime.gopark(0x479bae9fbda?, 0x3?, 0xb?, 0x34?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000ea730 sp=0x140000ea710 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140000ea7d0 sp=0x140000ea730 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000ea7d0 sp=0x140000ea7d0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 34 [GC worker (idle)]:
runtime.gopark(0x479baea320d?, 0x3?, 0xc5?, 0xa6?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x14000192730 sp=0x14000192710 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140001927d0 sp=0x14000192730 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140001927d0 sp=0x140001927d0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 5 [GC worker (idle)]:
runtime.gopark(0x479bae9ffc2?, 0x1?, 0x57?, 0xc2?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000f0730 sp=0x140000f0710 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140000f07d0 sp=0x140000f0730 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000f07d0 sp=0x140000f07d0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 35 [GC worker (idle)]:
runtime.gopark(0x479bae9ffc2?, 0x3?, 0x61?, 0x66?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x14000192f30 sp=0x14000192f10 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x14000192fd0 sp=0x14000192f30 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x14000192fd0 sp=0x14000192fd0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 6 [GC worker (idle)]:
runtime.gopark(0x479bae9fe21?, 0x1?, 0x3f?, 0x4c?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000f0f30 sp=0x140000f0f10 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140000f0fd0 sp=0x140000f0f30 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000f0fd0 sp=0x140000f0fd0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 7 [GC worker (idle)]:
runtime.gopark(0x479baea6046?, 0x1?, 0xe?, 0x59?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000f1730 sp=0x140000f1710 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140000f17d0 sp=0x140000f1730 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000f17d0 sp=0x140000f17d0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 36 [GC worker (idle)]:
runtime.gopark(0x11161e100?, 0x3?, 0x4e?, 0xab?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x14000193730 sp=0x14000193710 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140001937d0 sp=0x14000193730 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140001937d0 sp=0x140001937d0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 8 [GC worker (idle)]:
runtime.gopark(0x479baea320d?, 0x3?, 0x7f?, 0xc9?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x140000f1f30 sp=0x140000f1f10 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140000f1fd0 sp=0x140000f1f30 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140000f1fd0 sp=0x140000f1fd0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 37 [GC worker (idle)]:
runtime.gopark(0x479baea70b7?, 0x3?, 0xf2?, 0xa8?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x14000193f30 sp=0x14000193f10 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x14000193fd0 sp=0x14000193f30 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x14000193fd0 sp=0x14000193fd0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 38 [GC worker (idle)]:
runtime.gopark(0x479baea945c?, 0x3?, 0xc?, 0xf1?, 0x0?)
	runtime/proc.go:398 +0xc8 fp=0x14000194730 sp=0x14000194710 pc=0x10491ee28
runtime.gcBgMarkWorker()
	runtime/mgc.go:1295 +0xd8 fp=0x140001947d0 sp=0x14000194730 pc=0x1048fd9b8
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x140001947d0 sp=0x140001947d0 pc=0x1049518e4
created by runtime.gcBgMarkStartWorkers in goroutine 1
	runtime/mgc.go:1219 +0x28

goroutine 9 [select]:
runtime.gopark(0x14000195f78?, 0x3?, 0x40?, 0xb?, 0x14000195f62?)
	runtime/proc.go:398 +0xc8 fp=0x14000195e10 sp=0x14000195df0 pc=0x10491ee28
runtime.selectgo(0x14000195f78, 0x14000195f5c, 0x140004bd280?, 0x0, 0x0?, 0x1)
	runtime/select.go:327 +0x608 fp=0x14000195f20 sp=0x14000195e10 pc=0x10492fa08
go.opencensus.io/stats/view.(*worker).start(0x140004bd280)
	[email protected]/stats/view/worker.go:292 +0x88 fp=0x14000195fb0 sp=0x14000195f20 pc=0x108fc63e8
go.opencensus.io/stats/view.init.0.func1()
	[email protected]/stats/view/worker.go:34 +0x28 fp=0x14000195fd0 sp=0x14000195fb0 pc=0x108fc5638
runtime.goexit()
	runtime/asm_arm64.s:1197 +0x4 fp=0x14000195fd0 sp=0x14000195fd0 pc=0x1049518e4
created by go.opencensus.io/stats/view.init.0 in goroutine 1
	[email protected]/stats/view/worker.go:34 +0x98

Reproduction Steps

  1. Copy to main.tf the example shown at https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_group_membership
  2. Copy Rego below to policy.rego
  3. Run trivy config --config-policy=policy.rego --severity=CRITICAL --namespaces=user .
    ...
# METADATA
# title: test
# description: test
# scope: package
# schemas:
#   - input: schema["cloud"]
# custom:
#   id: test-123
#   severity: CRITICAL
#   short_code: test
#   recommended_action: "test"

package user.foo.TEST123

deny[cause] {
	abc := input.aws.iam.groups[_]
	cause := "foo"
}

Target

Filesystem

Scanner

Misconfiguration

Output Format

None

Mode

None

Debug Output

See above.

Operating System

macOS 14.2

Version

0.48.1

Checklist
@simar7 simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Jan 3, 2024
@nikpivkin
Copy link
Contributor

@simar7 Stack overflow is related to recursion in the schema. In this example, a user can belong to IAM user groups and a group can contain users. The problem can be tracked in the OPA repo.

@simar7 simar7 mentioned this issue Jan 10, 2024
Open
@simar7
Copy link
Member Author

simar7 commented Jan 10, 2024

@simar7 Stack overflow is related to recursion in the schema. In this example, a user can belong to IAM user groups and a group can contain users. The problem can be tracked in the OPA repo.

nice find!

@simar7
Copy link
Member Author

simar7 commented Jan 10, 2024

@nikpivkin I would propose closing this issue for now as we can't work on a fix for now due to OPA constraints. WDYT?

@nikpivkin
Copy link
Contributor

@simar7 How about leaving the issue open until a new version of OPA is released?

@nikpivkin nikpivkin mentioned this issue May 16, 2024
Closed
6 tasks
This was referenced Jun 3, 2024
Closed
Merged
@simar7 simar7 added this to the v0.53.0 milestone Jun 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.53.0
2 participants
@simar7 @nikpivkin