Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Invalid SARIF. Missing 'results' array in run. #1725

Closed
wesley-dean-flexion opened this issue Aug 9, 2022 · 4 comments · Fixed by #1726
Closed

Error: Invalid SARIF. Missing 'results' array in run. #1725

wesley-dean-flexion opened this issue Aug 9, 2022 · 4 comments · Fixed by #1726
Labels
bug Something isn't working

Comments

@wesley-dean-flexion
Copy link
Contributor

Describe the bug

A run of Megalinter (still on @v6) spits out an error that the generated SARIF file is invalid with the following, semi-helpful message:

Uploading results
  Processing sarif files: ["megalinter-reports/megalinter-report.sarif"]
  Error: Invalid SARIF. Missing 'results' array in run.
  Error: Invalid SARIF. Missing 'results' array in run.
      at countResultsInSarif (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:[18](https://github.com/IMLS/estimating-wifi/runs/7748715810?check_suite_focus=true#step:11:19)0:[19](https://github.com/IMLS/estimating-wifi/runs/7748715810?check_suite_focus=true#step:11:20))
      at uploadFiles (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:283:30)
      at processTicksAndRejections (node:internal/process/task_queues:96:5)
      at async Object.uploadFromActions (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:139:12)
      at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:52:30)
      at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:74:9)

I pulled down the megalinter-report.sarif file and used jq to determine which item in the runs[] list is missing a results key. It's item 0 (go_revive):

{
  "properties": {
    "megalinter": {
      "docUrl": "https://oxsecurity.github.io/megalinter/latest/descriptors/go_revive",
      "linterKey": "GO_REVIVE",
      "linterVersion": "0.0.0"
    }
  },
  "tool": {
    "driver": {
      "informationUri": "https://revive.run",
      "name": "revive (MegaLinter GO_REVIVE)",
      "rules": [
        {
          "helpUri": "https://revive.run/r#unexported-return",
          "id": "unexported-return",
          "properties": {
            "severity": "warning"
          }
        }
      ],
      "version": "0.0.0"
    }
  }
}

The remainder of the items in that runs[] list have either results: [] or a dictionary with the relevant results.

To Reproduce

Steps to reproduce the behavior:

  1. hmm... I don't exactly know. I'm thinking a run the uses revive which comes back with no results for the go_revive linter?

Expected behavior

Given the error message, I suspect that there ought to be a key with an array of results, even if that array is empty (e.g., results: []).

Screenshots

log of an applicable run: https://github.com/IMLS/estimating-wifi/runs/7748715810?check_suite_focus=true#step:11:17

Additional context

(insert flattery here)

I haven't gotten to oxsecurity/megalinter:beta (per #1702) yet so this may have been addressed already.

@wesley-dean-flexion wesley-dean-flexion added the bug Something isn't working label Aug 9, 2022
@wesley-dean-flexion
Copy link
Contributor Author

confirmed that the issue presents on oxsecurity/megalinter:beta

@wesley-dean-flexion
Copy link
Contributor Author

wesley-dean-flexion commented Aug 9, 2022

https://github.com/oxsecurity/megalinter/blob/main/megalinter/reporters/SarifReporter.py#L217

would adding a line like this:

                run["results"] = []

(i.e., if the conditional on line 203 is false, add an empty list to the results key) help?

If you would rather that in PR form, I can put something together quickly. I opted not to as I'm not sure if it'll actually solve the issue in a way that is acceptable to you, @nvuillam.

@nvuillam
Copy link
Member

nvuillam commented Aug 9, 2022

Your proposition of fix is good, you can make. PR if you like , or I'll do it later ^^

@wesley-dean-flexion
Copy link
Contributor Author

Ohhh boy!! I get to make a PR!!!! Let's see how badly I can screw this up!!! 🤣

wesley-dean-flexion added a commit to wesley-dean-flexion/megalinter that referenced this issue Aug 9, 2022
GitHub's SARIF validator doesn't like it when there is no `results` list associated with a run; therefore, it a `results` key doesn't exist, create one with an empty list.

resolves oxsecurity#1725
nvuillam pushed a commit that referenced this issue Aug 10, 2022
* Update SarifReporter.py

GitHub's SARIF validator doesn't like it when there is no `results` list associated with a run; therefore, it a `results` key doesn't exist, create one with an empty list.

resolves #1725

* Update CHANGELOG.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants