Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error: runtime error: index out of range [3] with length 3 #3341

Open
christoph623 opened this issue Nov 21, 2024 · 6 comments
Open

error: runtime error: index out of range [3] with length 3 #3341

christoph623 opened this issue Nov 21, 2024 · 6 comments
Assignees
Labels
Milestone

Comments

@christoph623
Copy link

What happened?

updated crowdsec on debian bookworm on multiple servers to
version: v1.6.4-debian-pragmatic-amd64-fb733ee4
BuildDate: 2024-11-20_13:29:57
GoVersion: 1.23.3
Platform: linux
And getting the error on all machines when starting crowdsec

What did you expect to happen?

process starting normally

How can we reproduce it (as minimally and precisely as possible)?

service crowdsec start

Anything else we need to know?

No response

Crowdsec version

$ cscli version
version: v1.6.4-debian-pragmatic-amd64-fb733ee4
Codename: alphaga
BuildDate: 2024-11-20_13:32:55
GoVersion: 1.23.3
Platform: linux
libre2: C++
User-Agent: crowdsec/v1.6.4-debian-pragmatic-amd64-fb733ee4-linux
Constraint_parser: >= 1.0, <= 3.0
Constraint_scenario: >= 1.0, <= 3.0
Constraint_api: v1
Constraint_acquis: >= 1.0, < 2.0
Built-in optional components: cscli_setup, datasource_appsec, datasource_cloudwatch, datasource_docker, datasource_file, datasource_http, datasource_journalctl, datasource_k8s-audit, datasource_kafka, datasource_kinesis, datasource_loki, datasource_s3, datasource_syslog, datasource_wineventlog

OS version

# On Linux:
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

$ uname -a
Linux mgm 6.1.0-27-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.115-1 (2024-11-01) x86_64 GNU/Linux


# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Enabled collections and parsers

$ cscli hub list -o raw
panic: runtime error: index out of range [3] with length 3

goroutine 1 [running]:
github.com/crowdsecurity/crowdsec/pkg/cwhub.(*Hub).getItemFileInfo(0xc0007be940?, {0xc0007be940, 0x36}, 0x36cde80)
	github.com/crowdsecurity/crowdsec/pkg/cwhub/sync.go:110 +0x905
github.com/crowdsecurity/crowdsec/pkg/cwhub.(*Hub).itemVisit(0xc000280880, {0xc0007be940?, 0xc000283a90?}, {0x269df60, 0xc0007afc80}, {0x0?, 0x0?})
	github.com/crowdsecurity/crowdsec/pkg/cwhub/sync.go:259 +0x27d
path/filepath.walkDir({0xc0007be940, 0x36}, {0x269df60, 0xc0007afc80}, 0xc000b07880)
	path/filepath/path.go:310 +0x50
path/filepath.walkDir({0xc0008be540, 0x24}, {0x269df60, 0xc0007af8c0}, 0xc000b07880)
	path/filepath/path.go:332 +0x285
path/filepath.walkDir({0xc000abf040, 0x19}, {0x269e008, 0xc00091ca10}, 0xc000b07880)
	path/filepath/path.go:332 +0x285
path/filepath.WalkDir({0xc000abf040, 0x19}, 0xc000b07880)
	path/filepath/path.go:400 +0x75
github.com/crowdsecurity/crowdsec/pkg/cwhub.(*Hub).syncDir(0xc000280880, {0xc000618be8, 0x11})
	github.com/crowdsecurity/crowdsec/pkg/cwhub/sync.go:430 +0x294
github.com/crowdsecurity/crowdsec/pkg/cwhub.(*Hub).localSync(0xc000280880)
	github.com/crowdsecurity/crowdsec/pkg/cwhub/sync.go:471 +0xfc
github.com/crowdsecurity/crowdsec/pkg/cwhub.(*Hub).Load(0xc000280880)
	github.com/crowdsecurity/crowdsec/pkg/cwhub/hub.go:67 +0xc9
github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require.Hub(0x0?, 0x0?, 0xdb757a4800000000?)
	github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require/require.go:118 +0x10f
github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clihub.(*cliHub).newListCmd.func1(0xc00023cb00?, {0xc000319b40?, 0x4?, 0x221b24f?})
	github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/clihub/hub.go:93 +0x39
github.com/spf13/cobra.(*Command).execute(0xc0007fcf08, {0xc000319b20, 0x2, 0x2})
	github.com/spf13/[email protected]/command.go:983 +0xaaa
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006b2908)
	github.com/spf13/[email protected]/command.go:1115 +0x3ff
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/[email protected]/command.go:1039
main.main()
	github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/main.go:304 +0x68

Acquisition config

```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* #Generated acquisition file - wizard.sh (service: apache2) / files : /var/log/apache2/error.log /var/log/apache2/access.log filenames: - /var/log/apache2/error.log - /var/log/apache2/access.log labels: type: apache2 --- #Generated acquisition file - wizard.sh (service: ssh) / files : /var/log/auth.log filenames: - /var/log/auth.log labels: type: syslog --- #Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log /var/log/messages filenames: - /var/log/syslog - /var/log/kern.log - /var/log/messages labels: type: syslog --- filenames: - /var/log/apache2/*.log - /var/log/*httpd*.log - /var/log/httpd/*log labels: type: apache2 You have new mail in /var/mail/root root@mgm:/etc/crowdsec#

On Windows:

C:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml

paste output here

Config show

$ cscli config show
Global:
   - Configuration Folder   : /etc/crowdsec
   - Data Folder            : /var/lib/crowdsec/data
   - Hub Folder             : /etc/crowdsec/hub
   - Simulation File        : /etc/crowdsec/simulation.yaml
   - Log Folder             : /var/log
   - Log level              : debug
   - Log Media              : file
Crowdsec:
  - Acquisition File        : /etc/crowdsec/acquis.yaml
  - Parsers routines        : 1
  - Acquisition Folder      : /etc/crowdsec/acquis.d
cscli:
  - Output                  : human
  - Hub Branch              : 
API Client:
  - URL                     : https://xx:8080/
  - Login                   : xx
  - Credentials File        : /etc/crowdsec/local_api_credentials.yaml
Local API Server:
  - Listen URL              : x.x.x.x:8080
  - Listen Socket           : 
  - Profile File            : /etc/crowdsec/profiles.yaml
  - Cert File : /etc/crowdsec/ssl/cert.pem
  - Key File  : /etc/crowdsec/ssl/key.pem

  - Trusted IPs:
      - 127.0.0.1
      - ::1
  - Database:
      - Type                : mysql
      - Host                : 127.0.0.1
      - Port                : 3306
      - User                : xxx
      - DB Name             : xx

Prometheus metrics

$ cscli metrics
# not dclosed

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

@christoph623 christoph623 added the kind/bug Something isn't working label Nov 21, 2024
Copy link

@christoph623: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@blotus
Copy link
Member

blotus commented Nov 21, 2024

Hello,

From the stacktrace, it seems you have placed custom parsers (or postoverflows) directly in /etc/crowdsec/hub/{parsers,posterflows}.

While it should not make crowdsec crash, those files were most likely not loaded properly before (the /etc/crowdsec/hub directory is intended to only contain files coming from the hub, not custom user files).

Can you move them to /etc/crowdsec/{parsers,postoverflows}/ and try again ?

@mmetc mmetc self-assigned this Nov 21, 2024
@mmetc mmetc reopened this Nov 21, 2024
@christoph623
Copy link
Author

Bingo, that was the issue. Moved the individual file and process started.
Thanks very much

@LaurenceJJones
Copy link
Contributor

LaurenceJJones commented Nov 21, 2024

We will reopen the issue to track PR and fix the issue as we shouldnt crash.

Edit: thank you for your report and providing us the details! as we need to fix it.

@mmetc
Copy link
Contributor

mmetc commented Nov 21, 2024

I'll take care of the crash for the next release

@mmetc mmetc added this to the 1.6.5 milestone Nov 21, 2024
@christoph623
Copy link
Author

lets close the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants