Rule with 'path' and without 'regex' section occur an error with SARIF output format #790
Description
Describe the bug
Using rule (see below) with path and without regex section as gitleaks config occur an error (with SARIF report format): panic: runtime error: invalid memory address or nil pointer dereference
Rule:
[[rules]]
id = "files-with-keys-and-credentials"
description = "Files with keys and credentials"
path = '''(.*?)(credentials|[._]history|id_rsa|id_dsa|id_ed25519|id_ecdsa|\.(pem|key))$'''
To Reproduce
Steps to reproduce the behavior:
- Use rule as config:
[[rules]]
id = "files-with-keys-and-credentials"
description = "Files with keys and credentials"
path = '''(.*?)(credentials|[._]history|id_rsa|id_dsa|id_ed25519|id_ecdsa|\.(pem|key))$'''
- Run
gitleaks . detect --source . --config="files-with-keys-and-credentials.toml" --report-path="report.sarif" --report-format="sarif" - Error occur:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x12a0ba6]
goroutine 1 [running]:
regexp.(*Regexp).String(...)
regexp/regexp.go:106
github.com/zricethezav/gitleaks/v8/report.getRules({{0x7ffeefbffc4c, 0x4e}, {0x0, 0x0}, {0xc00009c090, 0x1, 0x1}, {{0x0, 0x0}, {0x0, ...}, ...}})
github.com/zricethezav/gitleaks/v8/report/sarif.go:50 +0x66
github.com/zricethezav/gitleaks/v8/report.getTool(...)
github.com/zricethezav/gitleaks/v8/report/sarif.go:37
github.com/zricethezav/gitleaks/v8/report.getRuns({{0x7ffeefbffc4c, 0x4e}, {0x0, 0x0}, {0xc00009c090, 0x1, 0x1}, {{0x0, 0x0}, {0x0, ...}, ...}}, ...)
github.com/zricethezav/gitleaks/v8/report/sarif.go:26 +0x65
github.com/zricethezav/gitleaks/v8/report.writeSarif({{0x7ffeefbffc4c, 0x4e}, {0x0, 0x0}, {0xc00009c090, 0x1, 0x1}, {{0x0, 0x0}, {0x0, ...}, ...}}, ...)
github.com/zricethezav/gitleaks/v8/report/sarif.go:15 +0x65
github.com/zricethezav/gitleaks/v8/report.Write({0x0, 0x0, 0x0}, {{0x7ffeefbffc4c, 0x4e}, {0x0, 0x0}, {0xc00009c090, 0x1, 0x1}, ...}, ...)
github.com/zricethezav/gitleaks/v8/report/report.go:28 +0x1bf
github.com/zricethezav/gitleaks/v8/cmd.runDetect(0x15ac7a0, {0x1335648, 0x5, 0x5})
github.com/zricethezav/gitleaks/v8/cmd/detect.go:87 +0x6de
github.com/spf13/cobra.(*Command).execute(0x15ac7a0, {0xc0000c4050, 0x5, 0x5})
github.com/spf13/cobra@v1.2.1/command.go:860 +0x5f8
github.com/spf13/cobra.(*Command).ExecuteC(0x15ac520)
github.com/spf13/cobra@v1.2.1/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
github.com/spf13/cobra@v1.2.1/command.go:902
github.com/zricethezav/gitleaks/v8/cmd.Execute()
github.com/zricethezav/gitleaks/v8/cmd/root.go:123 +0x25
main.main()
github.com/zricethezav/gitleaks/v8/main.go:22 +0x1f6
It seems error related with SARIF file generation, where gitleaks try to fill runs.tool.rules.shortDescription.text field with regex value.
Expected behavior
No error occur.
Screenshots
If applicable, add screenshots to help explain your problem.
Basic Info (please complete the following information):
- OS: Mac OS
- Gitleaks Version: 8.2.7
Additional context
Add any other context about the problem here.
cc @zricethezav