Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

panic: query compiler should return error if input query is empty #3625

Closed
tsandall opened this issue Jul 8, 2021 · 0 comments · Fixed by #3630
Closed

panic: query compiler should return error if input query is empty #3625

tsandall opened this issue Jul 8, 2021 · 0 comments · Fixed by #3630
Labels

Comments

@tsandall
Copy link
Member

tsandall commented Jul 8, 2021

Currently, the query compiler assumes the ast.Body provided as input is non-empty. This makes sense in most cases, however, if users accidentally supply a comment, the parsed body ends up being empty and this triggers a panic during compilation:

$ opa eval '# foo'
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/open-policy-agent/opa/ast.rewriteDeclaredVarsInBody(0xc000516840, 0xc000516860, 0x0, 0x2720228, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0002be601, ...)
        /home/torin/go/src/github.com/open-policy-agent/opa/ast/compile.go:3528 +0x6c5
github.com/open-policy-agent/opa/ast.rewriteLocalVars(0xc000516840, 0xc000516860, 0x0, 0x2720228, 0x0, 0x0, 0x1bbd260, 0xc00050ef78, 0x0, 0xc00050ef78, ...)
        /home/torin/go/src/github.com/open-policy-agent/opa/ast/compile.go:3499 +0x85
github.com/open-policy-agent/opa/ast.(*queryCompiler).rewriteLocalVars(0xc00014e4c0, 0xc000516820, 0x2720228, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0002be878)
        /home/torin/go/src/github.com/open-policy-agent/opa/ast/compile.go:1629 +0x1de
github.com/open-policy-agent/opa/ast.(*queryCompiler).runStage(0xc00014e4c0, 0x1c40647, 0x26, 0xc000516820, 0x2720228, 0x0, 0x0, 0xc000512b70, 0x0, 0x0, ...)
        /home/torin/go/src/github.com/open-policy-agent/opa/ast/compile.go:1512 +0xaa
github.com/open-policy-agent/opa/ast.(*queryCompiler).Compile(0xc00014e4c0, 0x2720228, 0x0, 0x0, 0x15, 0x1c45f1d, 0x2c, 0xc00011ed50, 0x1d703b8)
        /home/torin/go/src/github.com/open-policy-agent/opa/ast/compile.go:1549 +0x457
github.com/open-policy-agent/opa/rego.(*Rego).compileQuery(0xc000502000, 0x2720228, 0x0, 0x0, 0x1d704a8, 0xc000120800, 0xc0002bf130, 0x1, 0x1, 0xa04ccb, ...)
        /home/torin/go/src/github.com/open-policy-agent/opa/rego/rego.go:1856 +0x287
github.com/open-policy-agent/opa/rego.(*Rego).compileAndCacheQuery(0xc000502000, 0x0, 0x2720228, 0x0, 0x0, 0x1d704a8, 0xc000120800, 0xc0002bf130, 0x1, 0x1, ...)
        /home/torin/go/src/github.com/open-policy-agent/opa/rego/rego.go:1804 +0x226
github.com/open-policy-agent/opa/rego.(*Rego).prepare(0xc000502000, 0x1d69af0, 0xc0000360a8, 0x0, 0xc0002bf130, 0x1, 0x1, 0x0, 0xc0001194b8)
        /home/torin/go/src/github.com/open-policy-agent/opa/rego/rego.go:1596 +0x319
github.com/open-policy-agent/opa/rego.(*Rego).PrepareForEval(0xc000502000, 0x1d69af0, 0xc0000360a8, 0x0, 0x0, 0x0, 0x1, 0x2720228, 0x0, 0x0)
        /home/torin/go/src/github.com/open-policy-agent/opa/rego/rego.go:1454 +0x5b8
github.com/open-policy-agent/opa/cmd.eval(0xc00011e700, 0x1, 0x1, 0x0, 0xc00011e4a0, 0x1, 0x1, 0x2720228, 0x0, 0x0, ...)
        /home/torin/go/src/github.com/open-policy-agent/opa/cmd/eval.go:285 +0x9f5
github.com/open-policy-agent/opa/cmd.init.4.func2(0xc000146780, 0xc00011e700, 0x1, 0x1)
        /home/torin/go/src/github.com/open-policy-agent/opa/cmd/eval.go:221 +0xcf
github.com/spf13/cobra.(*Command).execute(0xc000146780, 0xc00011e6d0, 0x1, 0x1, 0xc000146780, 0xc00011e6d0)
        /home/torin/go/src/github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra/command.go:856 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x26625e0, 0xc000000180, 0xc0002bff78, 0x5f44c5)
        /home/torin/go/src/github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
        /home/torin/go/src/github.com/open-policy-agent/opa/vendor/github.com/spf13/cobra/command.go:897
main.main()
        /home/torin/go/src/github.com/open-policy-agent/opa/main.go:15 +0x31

We should fix the query compiler to return a CompileErr in case the supplied body is empty.

@tsandall tsandall added the bug label Jul 8, 2021
tsandall added a commit to tsandall/opa that referenced this issue Jul 9, 2021
The compiler assumes that queries are non-empty, however, if the
parser is fed only whitespace and comments then the parsed query will
be empty. Since the compiler makes this assumption and many callers
will make a similar assumption, just reject empty queries at the
beginning.

This issue is unlikely to affect most users unless they send arbitrary
text selections into OPA (e.g., like `opa eval` does...)

Fixes open-policy-agent#3625

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
tsandall added a commit that referenced this issue Jul 9, 2021
The compiler assumes that queries are non-empty, however, if the
parser is fed only whitespace and comments then the parsed query will
be empty. Since the compiler makes this assumption and many callers
will make a similar assumption, just reject empty queries at the
beginning.

This issue is unlikely to affect most users unless they send arbitrary
text selections into OPA (e.g., like `opa eval` does...)

Fixes #3625

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
dolevf pushed a commit to dolevf/opa that referenced this issue Nov 4, 2021
The compiler assumes that queries are non-empty, however, if the
parser is fed only whitespace and comments then the parsed query will
be empty. Since the compiler makes this assumption and many callers
will make a similar assumption, just reject empty queries at the
beginning.

This issue is unlikely to affect most users unless they send arbitrary
text selections into OPA (e.g., like `opa eval` does...)

Fixes open-policy-agent#3625

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Signed-off-by: Dolev Farhi <farhi.dolev@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

1 participant