Skip to content

BUG nil pointer dereference in Contributors check #4704

New issue
New issue
Open
#4705
Open
BUG nil pointer dereference in Contributors check#4704
#4705
Labels
kind/bugSomething isn't working
@maennchen

Description

@maennchen
maennchen
opened on Jul 17, 2025

Describe the bug

https://github.com/maennchen/ZipStream-PHP/actions/runs/16343623639/job/46171842742

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1827eb4]

goroutine 74 [running]:
github.com/ossf/scorecard/v5/clients/githubrepo.(*contributorsHandler).setup(0x3522362?, {0x0?, 0x0?})
	github.com/ossf/scorecard/v5@v5.2.1/clients/githubrepo/contributors.go:58 +0x34
github.com/ossf/scorecard/v5/clients/githubrepo.(*contributorsHandler).getContributors(0xc000349a90, {0x0?, 0x0?})
	github.com/ossf/scorecard/v5@v5.2.1/clients/githubrepo/contributors.go:172 +0x26
github.com/ossf/scorecard/v5/clients/githubrepo.(*Client).ListContributors(0xc00072e7e0)
	github.com/ossf/scorecard/v5@v5.2.1/clients/githubrepo/client.go:234 +0x7f
github.com/ossf/scorecard/v5/checks/raw.Contributors(0x3a058c0?)
	github.com/ossf/scorecard/v5@v5.2.1/checks/raw/contributors.go:30 +0x2b
github.com/ossf/scorecard/v5/checks.Contributors(0xc00077c1e0)
	github.com/ossf/scorecard/v5@v5.2.1/checks/contributors.go:39 +0x58
github.com/ossf/scorecard/v5/checker.(*Runner).Run(0xc0007e3f08, {0x3a05888, 0x5854dc0}, {0x36b8220?, {0x0?, 0x0?, 0x0?}})
	github.com/ossf/scorecard/v5@v5.2.1/checker/check_runner.go:118 +0x8f3
github.com/ossf/scorecard/v5/pkg/scorecard.runEnabledChecks.func1()
	github.com/ossf/scorecard/v5@v5.2.1/pkg/scorecard/scorecard.go:65 +0x1b0
created by github.com/ossf/scorecard/v5/pkg/scorecard.runEnabledChecks in goroutine 55
	github.com/ossf/scorecard/v5@v5.2.1/pkg/scorecard/scorecard.go:57 +0x106

Reproduction steps
Steps to reproduce the behavior:

  1. Run Scorecard Action 2.4.2 on https://github.com/maennchen/ZipStream-PHP project

Expected behavior
No error as in 2.4.1

Additional context

The action 2.4.2 updated to Scorecard 5.2.1. It was 5.1.1 before.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working

    Type

    No type

    Projects

    Scorecard - NEW

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions