Invalid emass.json "systemID" (it is not an integer nor valid for eMASS) repo is not showing up in the dashboard

department-of-veterans-affairs / codeql-tools

MIT License

4 stars 2 forks source link

Invalid emass.json "systemID" (it is not an integer nor valid for eMASS) repo is not showing up in the dashboard #67

Closed Boberski closed 1 year ago

Boberski commented 1 year ago

We have another bug it looks like. It showed up on the SEPS repo. While it has an invalid emass.json "systemID" (it is not an integer nor valid for eMASS), it is not showing up in the dashboard. Tool health is green, no error messages otherwise when looking at that repo. When looking at the code-scanning-governance-platform repo's Generate Metrics job, we see starting on line 27513, then on 27519 Failed processing repository [department-of-veterans-affairs/SEPS], skipping: failed retrieving emass.json. So looks like a fix is needed.

Boberski commented 1 year ago

Also perhaps obviously the CodeQL db is not being uploaded

lindluni commented 1 year ago

Thanks for reporting this @Boberski , I believe I have a solution for this which is caused by Javascript not being able to differentiate between 1.0 and 1, I am testing that fix now.

Boberski commented 1 year ago

Note no eMASS ID's are floats. So perhaps can check if integer, if valid integer greater than zero/valid depending on app, that should do it

lindluni commented 1 year ago

Fixed in https://github.com/department-of-veterans-affairs/codeql-tools/commit/2815d74782623367f06055164c5a247ccf101cf1 and tested

lindluni commented 1 year ago

Failed scans due to invalid values do in fact raise those issues to the GitHub UI as well:

Boberski commented 1 year ago

Tool health now shows error, despite "systemID" of 2246 being valid
Now shows up in dashboard as fully compliant
CodeQL database is not uploading

Boberski commented 1 year ago

(issues addressed now)