[Bug Report] Malformed / Typo'd Rule File causes opensnitch to segfault #1295
Description
Describe the bug:
Make opensnitch more resilient to typo's in rule files.
I generate most of my rule files using nix (due to lots of nix paths being involved), which makes manual creation of rules somewhat untenable.
Typo'ing critical parts (or leaving them out) causes opensnitch to behave erratically and crash.
Include the following information:
- OpenSnitch version: 1.6.7
- OS: NixOS
- OS version: NixOS 25.05 (Warbler)
- Window Manager: KDE (Plasma, 6.3.3)
- Kernel version:
Linux gaia 6.12.19 #1-NixOS SMP PREEMPT_DYNAMIC Thu Mar 13 12:02:20 UTC 2025 x86_64 GNU/Linux
To Reproduce:
- Create the simplest rule file with a regex somewhere (either by hand or via the gui, see example below).
- Change "regexp" to "regex" in the "type" of the operator
- The next time the rule matches/gets checked opensnitch crashes
Post error logs:
Mär 17 19:14:19 gaia opensnitchd[39456]: panic: runtime error: invalid memory address or nil pointer dereference
Mär 17 19:14:19 gaia opensnitchd[39456]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x97f26d]
Mär 17 19:14:19 gaia opensnitchd[39456]: goroutine 104 [running]:
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule.(*Operator).Match(0xc001d1ddd0, 0x0?)
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule/operator.go:277 +0x16d
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule.(*Operator).listMatch(0xc002387260, {0xaf78e0, 0xc001ceeb00})
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule/operator.go:260 +0x67
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule.(*Operator).Match(0xab0a80?, 0xc001034090?)
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule/operator.go:271 +0x4d
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule.(*Rule).Match(...)
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule/rule.go:76
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule.(*Loader).FindFirstMatch(0xc00103a000, 0xc001ceeb00)
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/rule/loader.go:427 +0xec
Mär 17 19:14:19 gaia opensnitchd[39456]: main.acceptOrDeny(0xc001e066c0, 0xc001ceeb00)
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/main.go:379 +0x54
Mär 17 19:14:19 gaia opensnitchd[39456]: main.onPacket({{0xc7d618, 0xc001d16500}, 0xc00150a380, 0x0, 0x2, 0x0, 0x3e8, 0x6})
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/main.go:357 +0x179
Mär 17 19:14:19 gaia opensnitchd[39456]: main.worker(0x7)
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/main.go:218 +0x9a
Mär 17 19:14:19 gaia opensnitchd[39456]: created by main.setupWorkers in goroutine 1
Mär 17 19:14:19 gaia opensnitchd[39456]: github.com/evilsocket/opensnitch/daemon/main.go:230 +0xb5
Mär 17 19:14:19 gaia systemd[1]: opensnitchd.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Mär 17 19:14:19 gaia systemd[1]: opensnitchd.service: Failed with result 'exit-code'.
Mär 17 19:14:19 gaia systemd[1]: opensnitchd.service: Consumed 31.171s CPU time, 79.3M memory peak.
Expected behavior (optional):
I expect the daemon to at least not segfault and just ignore the rule with a log.
Preferrably the ui would be noisy about it somewhere.
Additional context:
Example malformed rule (typo is in the "type" of the second list argument):
{
"created": "2025-03-16T22:54:44.000000Z",
"name": "050-mbsync",
"enabled": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "list",
"operand": "list",
"list": [
{
"type": "simple",
"operand": "process.path",
"data": "/nix/store/kkwkmhsi9kf7p5qzq6f1mz1l93046gnh-isync-1.5.0-unstable-2024-09-29/bin/mbsync"
},
{
"type": "regex",
"operand": "dest.host",
"data": "^(imap\\.fastmail\\.com|imap\\.gmail\\.com)$"
}
]
}
}