pipecd icon indicating copy to clipboard operation
pipecd copied to clipboard
verified publisher icon pipe-cd

Unintended requests cause panic.

Open Hosshii opened this issue 3 years ago • 0 comments

What happened: A grpc request that omits all or part of the request body may cause panic. This is because for some types of values the default value is nil, but no check is made for this. https://github.com/pipe-cd/pipecd/blob/71d2ff470bbe8bdbbf972ec1f6a533dcd6598257/pkg/app/server/grpcapi/web_api.go#L842 For example, following grpc request

grpcurl -plaintext -d '{}' -rpc-header '<token>' <endpoint addr> grpc.service.webservice.WebService.ListDeployments

cause panic like following.

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x98 pc=0xbe305e]

goroutine 105 [running]:
github.com/pipe-cd/pipecd/pkg/app/server/grpcapi.(*WebAPI).ListDeployments(0xc000577cc0, {0x15203f0, 0xc000817590}, 0xc0005f80a0)
	pkg/app/server/grpcapi/web_api.go:843 +0xd9e
github.com/pipe-cd/pipecd/pkg/app/server/service/webservice._WebService_ListDeployments_Handler.func1({0x15203f0, 0xc000817590}, {0x12ba180, 0xc0005f80a0})
	pkg/app/server/service/webservice/service_grpc.pb.go:1008 +0x7b
github.com/grpc-ecosystem/go-grpc-prometheus.(*ServerMetrics).UnaryServerInterceptor.func1({0x15203f0, 0xc000817590}, {0x12ba180, 0xc0005f80a0}, 0x7f1ddeb4af01, 0xc000180600)
	external/com_github_grpc_ecosystem_go_grpc_prometheus/server_metrics.go:107 +0x87
github.com/pipe-cd/pipecd/pkg/rpc.ChainUnaryServerInterceptors.func1.1.1({0x15203f0, 0xc000817590}, {0x12ba180, 0xc0005f80a0})
	pkg/rpc/chain_interceptor.go:30 +0x3a
github.com/pipe-cd/pipecd/pkg/rpc.RequestValidationUnaryServerInterceptor.func1({0x15203f0, 0xc000817590}, {0x12ba180, 0xc0005f80a0}, 0x1176c00, 0xc000cb2140)
	pkg/rpc/request_validation_interceptor.go:41 +0x195
github.com/pipe-cd/pipecd/pkg/rpc.ChainUnaryServerInterceptors.func1.1.1({0x15203f0, 0xc000817590}, {0x12ba180, 0xc0005f80a0})
	pkg/rpc/chain_interceptor.go:30 +0x3a
github.com/pipe-cd/pipecd/pkg/rpc/rpcauth.JWTUnaryServerInterceptor.func1({0x15203f0, 0xc000816570}, {0x12ba180, 0xc0005f80a0}, 0xc000cb2100, 0xc000cb2160)
	pkg/rpc/rpcauth/interceptor.go:211 +0x645
github.com/pipe-cd/pipecd/pkg/rpc.ChainUnaryServerInterceptors.func1.1.1({0x15203f0, 0xc000816570}, {0x12ba180, 0xc0005f80a0})
	pkg/rpc/chain_interceptor.go:30 +0x3a
github.com/pipe-cd/pipecd/pkg/rpc.LogUnaryServerInterceptor.func1({0x15203f0, 0xc000816570}, {0x12ba180, 0xc0005f80a0}, 0xc000cb2100, 0xc000cb2220)
	pkg/rpc/log_interceptor.go:32 +0xa6
github.com/pipe-cd/pipecd/pkg/rpc.ChainUnaryServerInterceptors.func1.1.1({0x15203f0, 0xc000816570}, {0x12ba180, 0xc0005f80a0})
	pkg/rpc/chain_interceptor.go:30 +0x3a
github.com/pipe-cd/pipecd/pkg/rpc.ChainUnaryServerInterceptors.func1({0x15203f0, 0xc000816570}, {0x12ba180, 0xc0005f80a0}, 0xc000012bb8, 0x11778c0)
	pkg/rpc/chain_interceptor.go:37 +0xa2
github.com/pipe-cd/pipecd/pkg/app/server/service/webservice._WebService_ListDeployments_Handler({0x132d780, 0xc000577cc0}, {0x15203f0, 0xc000816570}, 0xc000820060, 0xc0001ebe20)
	pkg/app/server/service/webservice/service_grpc.pb.go:1010 +0x138
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00047b6c0, {0x1533f78, 0xc0004d7ba0}, 0xc0001a0240, 0xc000331c80, 0x1e94148, 0x0)
	external/org_golang_google_grpc/server.go:1282 +0xccf
google.golang.org/grpc.(*Server).handleStream(0xc00047b6c0, {0x1533f78, 0xc0004d7ba0}, 0xc0001a0240, 0x0)
	external/org_golang_google_grpc/server.go:1616 +0xa2a
google.golang.org/grpc.(*Server).serveStreams.func1.2()
	external/org_golang_google_grpc/server.go:921 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
	external/org_golang_google_grpc/server.go:919 +0x294

What you expected to happen: Returns an error like INVALID_ARGUMENT without panicking.

How to reproduce it:

Environment:

  • piped version:
  • control-plane version: 0.27
  • Others:

Hosshii avatar Mar 25 '22 04:03 Hosshii