Bug running SonarQube via Lambdaguard?

[adoraiswamy]

hi :) - thanks for the tool. I'm looking to start using this for our dev teams and was playing with it.

Lambdaguard without SQ seems to run okay so far but I run into an error while integrating it with SonarQube. So here's where I stand:

• SonarQube server is running on port 9000

• SonarQube scanner is configured correctly and runs (java -jar sonar-scanner etc etc) and the output shows up in the SonarQube server

• config.json is created and configured as discussed in the README. Here is the file:

  {
  "command": "java -jar /Users/arvind/Downloads/sonar-scanner-4.4.0.2170-macosx/lib/sonar-scanner-cli-4.4.0.2170.jar -X -Dsonar.projectKey=test -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=<KEY>",
  "url": "http://localhost:9000",
  "login": "admin",
  "password": "*****"
  }

• Running lambdaguard gives me an error though as follows.

  
  (lambdaguard) arvind@Arvinds-MacBook-Pro lambdaguard % more lambdaguard_output/lambdaguard.log 
  [2020-07-07 12:10] [arn:aws:lambda:us-west-2:ACCTID:function:GetAccessKeys]
  Traceback (most recent call last):
  File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/core/Lambda.py", line 193, in get_security
  self.args
  File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/security/Scan.py", line 48, in __init__
  self.scan()
  File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/security/Scan.py", line 205, in scan
  self.report['runtime']
  File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/security/Scan.py", line 230, in scan_sonarqube
  for _ in self.sonarqube.scan(codeURL, runtime):
  File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/security/SonarQube.py", line 88, in scan
  sh(shsplit(self.config['command']), stdout=DEVNULL, stderr=DEVNULL)
  File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/subprocess.py", line 347, in check_call
  raise CalledProcessError(retcode, cmd)
  subprocess.CalledProcessError: Command '['java', '-jar', '/Users/arvind/Downloads/sonar-scanner-4.4.0.2170-macosx/lib/sonar-scanner-cli-4.4.0.2170.jar', '-X', '-Dsonar.projectKey=test', '-Dsonar.sources=.', '-Dsonar.host.url=http://localhost:9000', '-Dsonar.login=<KEY>']' returned non-zero exit status 1.

[2020-07-07 12:10] [arn:aws:lambda:us-west-2:ACCTID:function:GetAccessKeys] Traceback (most recent call last): File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/init.py", line 159, in run statistics.parse(lmbd.report()) File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/visibility/Statistics.py", line 68, in parse self.save(verbose=verbose) File "/Users/arvind/.local/share/virtualenvs/lambdaguard-EVx5Vuzh/lib/python3.7/site-packages/lambdaguard/visibility/Statistics.py", line 72, in save with self.path.joinpath('statistics.json').open('w') as f: File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/pathlib.py", line 1193, in open opener=self._opener) File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/pathlib.py", line 1046, in _opener return self._accessor.open(self, flags, mode) FileNotFoundError: [Errno 2] No such file or directory: 'lambdaguard_output/statistics.json'

Thoughts on what I am doing wrong if anything or if this is a bug? If its the latter, I'm happy to try and fix it, but a pointer would be nice :). Thanks.

[adoraiswamy]

So apparently if I modify the file config.json to look like this, things work as expected.

{
    "command": "java -jar /Users/arvind/Downloads/sonar-scanner-4.4.0.2170-macosx/lib/sonar-scanner-cli-4.4.0.2170.jar -X",
    "url": "http://localhost:9000",
    "login": "admin",
    "password": "*****",
    "projectKey": "lambdaguard"
}

I found projectKey from the file SonarQube.py here.

Happy to submit a PR to update the ReadMe if this is the right way to do things.

[adeptex]

Hi all, thanks for reporting. I've update SQ - https://github.com/Skyscanner/LambdaGuard/pull/36 The problem should now be fixed. Please feel free to open another issue if you are still not getting any SQ results.