search

Checkmarx / ast-github-action

Checkmarx application security testing (AST) GitHub action
https://github.com/marketplace/actions/checkmarx-ast-github-action
Apache License 2.0
16 stars 23 forks source link

project_name can not be empty otherwise the scan will fail #24

Closed Murray-Cx closed 2 years ago

Murray-Cx commented 2 years ago

Describe the bug

project_name can not be empty otherwise the scan will fail

Expected behavior

The comment suggests project_name is optional and a default name will be set... project_name: # optional, default is ${{ github.repository }}

Actual behavior

Scan fails - see log below...

Steps to reproduce

Take a working AST action YML and give project_name an empty string

Additional comments

None

Logs

Run Checkmarx/ast-github-action@2.0.0
  with:
    base_uri: https://eu.ast.checkmarx.net/
    cx_tenant: gs-emea-tam
    cx_client_id: ***
    cx_client_secret: ***
    branch: master
/usr/bin/docker run --name ea7a7afcfab4545788fe62b66d2246991_4e94b2 --label 84217e --workdir /github/workspace --rm -e INPUT_BASE_URI -e INPUT_CX_TENANT -e INPUT_CX_CLIENT_ID -e INPUT_CX_CLIENT_SECRET -e INPUT_PROJECT_NAME -e INPUT_BRANCH -e INPUT_GITHUB_TOKEN -e INPUT_ADDITIONAL_PARAMS -e CX_BASE_URI -e CX_TENANT -e CX_CLIENT_ID -e CX_CLIENT_SECRET -e GITHUB_TOKEN -e BRANCH -e PROJECT_NAME -e ADDITIONAL_PARAMS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/WebGoat/WebGoat":"/github/workspace" 84217e:a7a7afcfab4545788fe62b66d2246991  "https://eu.ast.checkmarx.net/" "gs-emea-tam" "***" "***" "" "" ""
Creating directory
panic: interface conversion: interface {} is nil, not string

goroutine 1 [running]:
github.com/checkmarx/ast-cli/internal/commands.updateScanRequestValues(0xc000117b38, 0x1, {0x862be9, 0x6}, {0x90d418, 0xc00008bc70}, {0x9000a0, 0xc00008bc40})
    /home/runner/work/ast-cli/ast-cli/internal/commands/scan.go:453 +0x745
github.com/checkmarx/ast-cli/internal/commands.createScanModel(0xc000097ce0, {0x900100, 0xc00008bc60}, {0x90d418, 0xc00008bc70}, {0x9000a0, 0xc00008bc40})
    /home/runner/work/ast-cli/ast-cli/internal/commands/scan.go:917 +0x1cc
github.com/checkmarx/ast-cli/internal/commands.runCreateScanCommand.func1(0xc00014c000, {0xc000153ae0, 0x0, 0xa})
Program exits with code:  2
    /home/runner/work/ast-cli/ast-cli/internal/commands/scan.go:864 +0xe5
github.com/spf13/cobra.(*Command).execute(0xc00014c000, {0xc0001539a0, 0xa, 0xa})
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:852 +0x60e
github.com/spf13/cobra.(*Command).ExecuteC(0xc000121900)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x3ad
github.com/spf13/cobra.(*Command).Execute(...)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897
main.main()
    /home/runner/work/ast-cli/ast-cli/cmd/main.go:48 +0x3fb
Scan Failed
pedrompflopes commented 2 years ago

@Murray-Cx Thanks for raising the bug.

If you want to use the default project name, please don't add the project property. If you add it but don't put a value it assumes that you want to use an empty value. We will add a task to our backlog to provide a better error message.

Example: https://github.com/Checkmarx/ast-github-action/blob/master/sample-yml/checkmarx-ast-scan-push.yml

pedrompflopes commented 2 years ago

@Murray-Cx We changed the error message, in case the user provides an empty project_name the error will appear like this:

Creating directory Program exits with code: 1 2022/02/[15](https://github.com/pedrompflopes/ast-github-tester/runs/5198008992?check_suite_focus=true#step:4:15) 09:56:33 Project name is required Scan Failed