Skip to content

Goroutine data race #195

New issue
New issue
Closed
#198
Closed
Goroutine data race#195
#198
@rgmz

Description

@rgmz
rgmz
opened on Aug 18, 2024

Describe the bug
A data race exists in the analyze_org sub-command, specifically in `Inventory.AddPackage1.

poutine/scanner/inventory.go

Line 43 in e259b09

i.Packages = append(i.Packages, s.Package) 

$ ./poutine analyze_org $ORG --token="..."
WARNING: DATA RACE
Write at 0x00c00007c0f0 by goroutine 629:
  github.com/boostsecurityio/poutine/scanner.(*Inventory).AddPackage()
      /tmp/poutine/scanner/inventory.go:43 +0x2a4
  github.com/boostsecurityio/poutine/analyze.(*Analyzer).AnalyzeOrg.func1()
      /tmp/poutine/analyze/analyze.go:138 +0x45c
  github.com/boostsecurityio/poutine/analyze.(*Analyzer).AnalyzeOrg.gowrap1()
      /tmp/poutine/analyze/analyze.go:144 +0x4f

Previous read at 0x00c00007c0f0 by goroutine 640:
  github.com/boostsecurityio/poutine/scanner.(*Inventory).AddPackage()
      /tmp/poutine/scanner/inventory.go:43 +0x1f6
  github.com/boostsecurityio/poutine/analyze.(*Analyzer).AnalyzeOrg.func1()
      /tmp/poutine/analyze/analyze.go:138 +0x45c
  github.com/boostsecurityio/poutine/analyze.(*Analyzer).AnalyzeOrg.gowrap1()
      /tmp/poutine/analyze/analyze.go:144 +0x4f

Goroutine 629 (running) created at:
  github.com/boostsecurityio/poutine/analyze.(*Analyzer).AnalyzeOrg()
      /tmp/poutine/analyze/analyze.go:121 +0xec4
  github.com/boostsecurityio/poutine/cmd.init.func2()
      /tmp/poutine/cmd/analyzeOrg.go:34 +0x164
  github.com/spf13/cobra.(*Command).execute()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:985 +0x10f3
  github.com/spf13/cobra.(*Command).ExecuteC()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1117 +0x657
  github.com/spf13/cobra.(*Command).Execute()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1041 +0x319
  github.com/spf13/cobra.(*Command).ExecuteContext()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1034 +0x314
  github.com/boostsecurityio/poutine/cmd.Execute()
      /tmp/poutine/cmd/root.go:89 +0x2a5
  main.main()
      /tmp/poutine/poutine.go:17 +0x165

Goroutine 640 (running) created at:
  github.com/boostsecurityio/poutine/analyze.(*Analyzer).AnalyzeOrg()
      /tmp/poutine/analyze/analyze.go:121 +0xec4
  github.com/boostsecurityio/poutine/cmd.init.func2()
      /tmp/poutine/cmd/analyzeOrg.go:34 +0x164
  github.com/spf13/cobra.(*Command).execute()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:985 +0x10f3
  github.com/spf13/cobra.(*Command).ExecuteC()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1117 +0x657
  github.com/spf13/cobra.(*Command).Execute()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1041 +0x319
  github.com/spf13/cobra.(*Command).ExecuteContext()
      /home/user/go/pkg/mod/github.com/spf13/[email protected]/command.go:1034 +0x314
  github.com/boostsecurityio/poutine/cmd.Execute()
      /tmp/poutine/cmd/root.go:89 +0x2a5
  main.main()
      /tmp/poutine/poutine.go:17 +0x165

Found 1 data race(s)

To Reproduce

  1. Build poutine using the -race flag: go build -race
  2. Run poutine with analyze_org against an org with a few repositories and findings.
  3. Observe a race.

Expected Behaviour

The call should be protected by a mutex

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions