Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Got crash in the harbor core on scan CVE and Generate SBOM #20337

Open
wy65701436 opened this issue Apr 23, 2024 · 2 comments · May be fixed by #20415
Open

Got crash in the harbor core on scan CVE and Generate SBOM #20337

wy65701436 opened this issue Apr 23, 2024 · 2 comments · May be fixed by #20415
Assignees
@stonezdj
Labels
area/vulnerability-scan target/2.11.0

Comments

@wy65701436
Copy link
Contributor

wy65701436 commented Apr 23, 2024
edited 

Apr 23 09:12:34 yminer core[71669]: 2024-04-23T09:12:34Z [INFO] [/server/middleware/security/robot.go:71][requestID="d43d4e35-5164-4700-89bf-e5ab6cd70123"]: a robot security context generated for request GET /service/token
Apr 23 09:12:35 yminer core[71669]: 2024-04-23T09:12:35Z [INFO] [/server/middleware/security/robot.go:71][requestID="df833b9f-08b6-4809-bb47-a5f3799dfb41"]: a robot security context generated for request GET /service/token
Apr 23 09:12:35 yminer core[71669]: 2024-04-23T09:12:35Z [INFO] [/server/middleware/security/robot.go:71][requestID="91923797-932d-4beb-a227-2c45b31dfc53"]: a robot security context generated for request GET /service/token
Apr 23 09:12:36 yminer core[71669]: 2024-04-23T09:12:36Z [INFO] [/server/middleware/security/robot.go:71][requestID="072c8ebf-b00e-4dde-bc36-3a1a2b1a62cb"]: a robot security context generated for request GET /service/token
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.764 #033[1;35m[C]#033[0m [config.go:500]  the request url is  /v2/redis/haproxy/blobs/sha256:d657b2c45a2a18e994720e27b522a3a0e41d225ebc3c7e1c12e6cd06b3d60679
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.764 #033[1;35m[C]#033[0m [config.go:501]  Handler crashed with error net/http: abort Handler
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.764 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/runtime/panic.go:770
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.764 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/httputil/reverseproxy.go:516
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/repoproxy/proxy.go:79
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/repoproxy/proxy.go:55
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/metric/metric.go:91
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/v2auth/auth.go:170
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.765 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/router/router.go:92
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /go/pkg/mod/github.com/beego/beego/v2@v2.0.6/server/web/router.go:1149
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /go/pkg/mod/github.com/beego/beego/v2@v2.0.6/server/web/filter.go:83
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /go/pkg/mod/github.com/beego/beego/v2@v2.0.6/server/web/router.go:1002
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:52
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/security/security.go:75
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.766 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.767 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.767 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/security/security.go:62
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.767 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.767 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.767 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/artifactinfo/artifact_info.go:97
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.767 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:52
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/notification/notification.go:31
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/orm/orm.go:54
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.768 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.769 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:52
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.769 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.769 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/session/session.go:35
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.769 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.769 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/log/log.go:43
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.769 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.770 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.770 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/requestid/requestid.go:46
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.770 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.770 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.770 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/metric/metric.go:74
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.770 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/trace/trace.go:28
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/mergeslash/mergeslash.go:31
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/url/parse.go:36
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.771 #033[1;35m[C]#033[0m [config.go:507]  /harbor/src/server/middleware/middleware.go:57
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.772 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2166
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.772 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:3137
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.772 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/net/http/server.go:2039
Apr 23 09:12:36 yminer core[71669]: 2024/04/23 09:12:36.772 #033[1;35m[C]#033[0m [config.go:507]  /usr/local/go/src/runtime/asm_amd64.s:1695
@wy65701436 wy65701436 changed the title Got crash on scan all Got crash in the harbor core on scanning Apr 23, 2024
@wy65701436 wy65701436 changed the title Got crash in the harbor core on scanning Got crash in the harbor core on scan CVE and Generate SBOM Apr 23, 2024
@stonezdj
Copy link
Contributor

stonezdj commented Apr 28, 2024
edited

The pannic happen when scanning an sbom artifact replicate from dockerhub, because in harbor its type is IMAGE and there is no difference with the normal image. and the scanner will consider it is an image and trying to treat its layer with tar, but actually it is a sbom json file. that is why it fails and causes the harbor core pannic.

@reasonerjt
Copy link
Contributor

If the error is inevitable, can we handle such "exception" more gracefully?

@stonezdj stonezdj linked a pull request May 10, 2024 that will close this issue
Open
5 tasks
stonezdj added a commit to stonezdj/harbor that referenced this issue May 11, 2024
@stonezdj
Skip scan in-toto sbom artifact
651e632 
  fixes goharbor#20337

Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stonezdj stonezdj

Labels
area/vulnerability-scan target/2.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip scan in-toto sbom artifact stonezdj/harbor
3 participants
@reasonerjt @stonezdj @wy65701436