CondaLock: Stack overflow issue in github actions #1334
Description
Summary:
A stack overflow occurs in the Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver module when processing conda-lock.yml file
Steps to Reproduce
-
In github actions, generate "conda-lock.yml" file
conda-lock lock --file ./environment.yml --lockfile conda-lock.yml -
Run component detection
- name: Component detection
uses: advanced-security/[email protected]
with:
detectorArgs: CondaLock=EnableIfDefaultOff
Observed Error:
Running component-detection
/runner/_work/xyz/component-detection scan --SourceDirectory . --ManifestFile ./output.json --DetectorArgs CondaLock=EnableIfDefaultOff
[16:59:01 INF] Finding components...
[16:59:01 INF] No instructions received to scan docker images.
[16:59:01 INF] PipReport: No pip found on system. Pip installation report detection will not run.
[16:59:01 INF] Starting enumeration of /runner/_work/xyz/
[16:59:01 INF] Enumerated 173 files and 36 directories in 00:00:00.01[7](https://github.com/xyz/abc-/actions/runs/1248432454641/job/3484154561922#step:5:8)0189
Stack overflow.
at System.Collections.Concurrent.ConcurrentDictionary`2[[System.__Canon, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec[8](https://github.com/trdc/12484324641/actions/runs/1248432464ss1/job/34841561922#step:5:9)5d7bea7798e],[System.Byte, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea77[9](https://github.com/edsx/sss-rrr/actions/runs/1248434524641/job/3484321561922#step:5:10)8e]]..ctor(Int32, Int32, Boolean, System.Collections.Generic.IEqualityComparer`1<System.__Canon>)
at Microsoft.ComponentDetection.Contracts.DetectedComponent..ctor(Microsoft.ComponentDetection.Contracts.TypedComponent.TypedComponent, Microsoft.ComponentDetection.Contracts.IComponentDetector, System.Nullable`1<Int32>, System.Nullable`1<Int32>)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver.RegisterPackageWithDependencies(Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaPackage, System.String, Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaLock, Microsoft.ComponentDetection.Contracts.ISingleFileComponentRecorder)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver+<>c__DisplayClass2_0.<RegisterPackageWithDependencies>b__0(System.String)
at System.Collections.Generic.List`1[[System.__Canon, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ForEach(System.Action`1<System.__Canon>)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver.RegisterPackageWithDependencies(Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaPackage, System.String, Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaLock, Microsoft.ComponentDetection.Contracts.ISingleFileComponentRecorder)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver+<>c__DisplayClass2_0.<RegisterPackageWithDependencies>b__0(System.String)
at System.Collections.Generic.List`1[[System.__Canon, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ForEach(System.Action`1<System.__Canon>)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver.RegisterPackageWithDependencies(Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaPackage, System.String, Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaLock, Microsoft.ComponentDetection.Contracts.ISingleFileComponentRecorder)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver+<>c__DisplayClass2_0.<RegisterPackageWithDependencies>b__0(System.String)
at System.Collections.Generic.List`1[[System.__Canon, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ForEach(System.Action`1<System.__Canon>)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver.RegisterPackageWithDependencies(Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaPackage, System.String, Microsoft.ComponentDetection.Detectors.CondaLock.Contracts.CondaLock, Microsoft.ComponentDetection.Contracts.ISingleFileComponentRecorder)
at Microsoft.ComponentDetection.Detectors.CondaLock.CondaDependencyResolver+<>c__DisplayClass2_0.<RegisterPackageWithDependencies>b__0(System.String)
at System.Collections.Generic.List`1[[System.__Canon, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ForEach(System.Action`1<System.__Canon>)`