GlobalAdvisoryScanWorker: undefined method `input_file_path' for nil:NilClass
Summary
PackageMetadata::GlobalAdvisoryScanWorker (CVS GA) raises NoMethodError errors:
undefined method `input_file_path' for nil:NilClassWhen this bug occurs, the AdvisoryScanner fails to process the batch of affected SBOM occurrences,
and it moves on to the next batch.
See &11474 (comment 1681354223)
Further details
This is triggered from Dependency Scanning's FindingBuilder when the Sbom::Source is nil.
Steps to reproduce
Example Project
This has occurred on gitlab.com.
What is the current bug behavior?
The worker fails with the aforementioned error.
What is the expected correct behavior?
The worker does not fail.
Relevant logs and/or screenshots
stack trace
NoMethodError: undefined method `input_file_path' for nil:NilClass
from ee/lib/gitlab/vulnerability_scanning/dependency_scanning/finding_builder.rb:40:in `input_file'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:138:in `bind_call'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:138:in `block (2 levels) in do_strong_memoize'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:34:in `strong_memoize'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:137:in `block in do_strong_memoize'
from ee/lib/gitlab/vulnerability_scanning/dependency_scanning/finding_builder.rb:14:in `validate!'
from ee/lib/gitlab/vulnerability_scanning/finding_builder.rb:47:in `finding'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:138:in `bind_call'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:138:in `block (2 levels) in do_strong_memoize'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:34:in `strong_memoize'
from gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:137:in `block in do_strong_memoize'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:66:in `finding_for_affected_component'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:78:in `block in finding_maps'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:70:in `each'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:70:in `filter_map'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:70:in `finding_maps'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:33:in `execute'
from ee/app/services/security/vulnerability_scanning/create_vulnerability_service.rb:22:in `execute'
from ee/lib/gitlab/vulnerability_scanning/advisory_scanner.rb:109:in `create_vulnerabilities'
from ee/lib/gitlab/vulnerability_scanning/advisory_scanner.rb:105:in `bulk_vulnerability_ingestion'
from ee/lib/gitlab/vulnerability_scanning/advisory_scanner.rb:48:in `block (2 levels) in execute'
from ee/app/finders/sbom/possibly_affected_occurrences_finder.rb:30:in `block in execute_in_batches'
from app/models/concerns/each_batch.rb:99:in `block (2 levels) in each_batch'
from activerecord (7.0.8) lib/active_record/relation.rb:881:in `_scoping'
from activerecord (7.0.8) lib/active_record/relation.rb:428:in `scoping'
from activerecord (7.0.8) lib/active_record/scoping/default.rb:43:in `unscoped'
from app/models/concerns/each_batch.rb:99:in `block in each_batch'
from app/models/concerns/each_batch.rb:69:in `step'
from app/models/concerns/each_batch.rb:69:in `each_batch'
from activerecord (7.0.8) lib/active_record/relation/delegation.rb:108:in `public_send'
from activerecord (7.0.8) lib/active_record/relation/delegation.rb:108:in `block in method_missing'
from activerecord (7.0.8) lib/active_record/relation.rb:881:in `_scoping'
from activerecord (7.0.8) lib/active_record/relation.rb:428:in `scoping'
from activerecord (7.0.8) lib/active_record/relation/delegation.rb:108:in `method_missing'
from ee/app/finders/sbom/possibly_affected_occurrences_finder.rb:24:in `execute_in_batches'
from ee/lib/gitlab/vulnerability_scanning/advisory_scanner.rb:47:in `block in execute'
from activerecord (7.0.8) lib/active_record/relation/delegation.rb:88:in `each'
from activerecord (7.0.8) lib/active_record/relation/delegation.rb:88:in `each'
from ee/lib/gitlab/vulnerability_scanning/advisory_scanner.rb:38:in `execute'
from ee/lib/gitlab/vulnerability_scanning/advisory_scanner.rb:14:in `scan_projects_for'
from ee/app/services/package_metadata/advisory_scan_service.rb:6:in `execute'
from ee/app/workers/package_metadata/global_advisory_scan_worker.rb:20:in `handle_event'
from lib/gitlab/event_store/subscriber.rb:36:in `perform'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:202:in `execute_job'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:170:in `block (2 levels) in process'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:177:in `block in invoke'
from lib/gitlab/sidekiq_middleware/skip_jobs.rb:49:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb:29:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/duplicate_jobs/strategies/until_executed.rb:17:in `perform'
from lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb:45:in `perform'
from lib/gitlab/sidekiq_middleware/duplicate_jobs/server.rb:8:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/pause_control/strategies/base.rb:31:in `perform'
from lib/gitlab/sidekiq_middleware/pause_control/strategy_handler.rb:22:in `perform'
from lib/gitlab/sidekiq_middleware/pause_control/server.rb:8:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/worker_context.rb:9:in `wrap_in_optional_context'
from lib/gitlab/sidekiq_middleware/worker_context/server.rb:19:in `block in call'
from lib/gitlab/application_context.rb:130:in `block in use'
from gitlab-labkit (0.34.0) lib/labkit/context.rb:35:in `with_context'
from lib/gitlab/application_context.rb:130:in `use'
from lib/gitlab/application_context.rb:64:in `with_context'
from lib/gitlab/sidekiq_middleware/worker_context/server.rb:17:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_status/server_middleware.rb:7:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_versioning/middleware.rb:9:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/query_analyzer.rb:7:in `block in call'
from lib/gitlab/database/query_analyzer.rb:37:in `within'
from lib/gitlab/sidekiq_middleware/query_analyzer.rb:7:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/admin_mode/server.rb:14:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/instrumentation_logger.rb:9:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/batch_loader.rb:7:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/extra_done_log_metadata.rb:7:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/request_store_middleware.rb:8:in `block in call'
from gems/gitlab-safe_request_store/lib/gitlab/safe_request_store.rb:66:in `enabling_request_store'
from gems/gitlab-safe_request_store/lib/gitlab/safe_request_store.rb:59:in `ensure_request_store'
from lib/gitlab/sidekiq_middleware/request_store_middleware.rb:7:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/server_metrics.rb:105:in `block in call'
from lib/gitlab/sidekiq_middleware/server_metrics.rb:133:in `block in instrument'
from lib/gitlab/metrics/background_transaction.rb:33:in `run'
from lib/gitlab/sidekiq_middleware/server_metrics.rb:133:in `instrument'
from lib/gitlab/sidekiq_middleware/server_metrics.rb:104:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from gitlab-labkit (0.34.0) lib/labkit/middleware/sidekiq/server.rb:21:in `block in call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:177:in `block in invoke'
from gitlab-labkit (0.34.0) lib/labkit/middleware/sidekiq/context/server.rb:16:in `block in call'
from gitlab-labkit (0.34.0) lib/labkit/context.rb:35:in `with_context'
from gitlab-labkit (0.34.0) lib/labkit/middleware/sidekiq/context/server.rb:15:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:182:in `invoke'
from gitlab-labkit (0.34.0) lib/labkit/middleware/sidekiq/server.rb:20:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/monitor.rb:10:in `block in call'
from lib/gitlab/sidekiq_daemon/monitor.rb:46:in `within_job'
from lib/gitlab/sidekiq_middleware/monitor.rb:9:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from lib/gitlab/sidekiq_middleware/size_limiter/server.rb:13:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from marginalia (1.11.1) lib/marginalia/sidekiq_instrumentation.rb:9:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from sentry-sidekiq (5.8.0) lib/sentry/sidekiq/sentry_context_middleware.rb:26:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from sentry-raven (3.1.2) lib/raven/integrations/sidekiq/cleanup_middleware.rb:7:in `call'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:179:in `block in invoke'
from sidekiq (6.5.12) lib/sidekiq/middleware/chain.rb:182:in `invoke'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:169:in `block in process'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:136:in `block (6 levels) in dispatch'
from sidekiq (6.5.12) lib/sidekiq/job_retry.rb:113:in `local'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:135:in `block (5 levels) in dispatch'
from sidekiq (6.5.12) lib/sidekiq/rails.rb:14:in `block in call'
from activesupport (7.0.8) lib/active_support/execution_wrapper.rb:92:in `wrap'
from activesupport (7.0.8) lib/active_support/reloader.rb:72:in `block in wrap'
from activesupport (7.0.8) lib/active_support/execution_wrapper.rb:92:in `wrap'
from activesupport (7.0.8) lib/active_support/reloader.rb:71:in `wrap'
from sidekiq (6.5.12) lib/sidekiq/rails.rb:13:in `call'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:131:in `block (4 levels) in dispatch'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:263:in `stats'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:126:in `block (3 levels) in dispatch'
from lib/gitlab/sidekiq_logging/structured_logger.rb:21:in `call'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:125:in `block (2 levels) in dispatch'
from sidekiq (6.5.12) lib/sidekiq/job_retry.rb:80:in `global'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:124:in `block in dispatch'
from sidekiq (6.5.12) lib/sidekiq/job_logger.rb:39:in `prepare'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:123:in `dispatch'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:168:in `process'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:78:in `process_one'
from sidekiq (6.5.12) lib/sidekiq/processor.rb:68:in `run'
from sidekiq (6.5.12) lib/sidekiq/component.rb:8:in `watchdog'
from sidekiq (6.5.12) lib/sidekiq/component.rb:17:in `block in safe_thread'Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)
Possible fixes
- Make this a recoverable error, similar to when the pipeline has no user. All validation errors coming from the finding builder could be recovered in a similar way. See #432875 (comment 1671085708)
- Add a model scope to filter out SBOM occurrences that don't have a SBOM source, and add this scope to the finder.
Proposal
Recover from all errors raised by #finding method of the finding builders. This generic solution applies to both Dependency Scanning an Container Scanning.
Optional: For consistency, make the #validate! method of the base class responsible for checking that the pipeline has a user. Right now this is handle by the CreateVulnerabilityService. This code refactoring could be handled in a follow-up issue though.
Implementation plan
-
Make the finding builder raise when there's no SBOM source. This could be implemented in the base class to be shared b/w DS & CS. -
Recover from all errors raised by #findingmethod of the finding builders. -
Optional: For consistency, make the #validate!method of the base class responsible for checking that the pipeline has a user.
Edited by Fabien Catteau