Unexpected end of JSON input

[brylie]

          It appears to run normally now. However, there is a different error about the `sarif.json`. Is this expected or should we discuss it in a separate issue?

https://github.com/WesternFriend/westernfriend.org/actions/runs/7684163911/job/20940323308

Artifact SARIF Results has been successfully uploaded! Run github/codeql-action/upload-sarif@v2 Warning: CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/ Uploading results Processing sarif files: ["sarif.json"] Error: Unexpected end of JSON input SyntaxError: Unexpected end of JSON input at JSON.parse () at validateSarifFileSchema (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:191:24) at uploadFiles (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:261:9) at Object.uploadFromActions (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:141:22) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:53:30) at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:75:9)

Originally posted by @brylie in https://github.com/facebook/pysa-action/issues/5#issuecomment-1913483420

[alexkassil]

https://github.com/facebook/sapp/blob/54cf5f125a929644683cbe96da994698b43d05b8/sapp/ui/filters.py#L249 Looking at the error message

Error: -28 07:15:33,722 [ERROR] Total number of issues after filtering: 0
Run actions/upload-artifact@v2
With the provided path, there will be 1 file uploaded
Starting artifact upload
For more detailed logs during the artifact upload process, enable step-debugging: https://docs.github.com/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging
Artifact name is valid!
Container for artifact "SARIF Results" successfully created. Starting upload of file(s)
Total size of all the files uploaded is 0 bytes

my hypothesis is when 0 issues are found, the code emits an error (even though 0 issues found is technically valid), and leads to an empty file sarif.json instead of perhaps a sarif.json that contains just {} or something to signify no issues.

        total_filtered_issues_output = (
            f"Total number of issues after filtering: {len(query_results)}"
        )
        if len(query_results) <= 0:
            LOG.error(total_filtered_issues_output)
            return
        else:
            LOG.info(total_filtered_issues_output)
        if output_format == "sapp":
            output_json = {"issues": [issue.to_json() for issue in query_results]}
            print(json.dumps(output_json, indent=2, default=str))
        elif output_format == "sarif":
            sarif_output = SARIF(context.tool, session, query_results)
            print(sarif_output.to_json())

[alexkassil]

So in your case, 0 security issues were found (did you define sources and sinks like explained here? https://pyre-check.org/docs/pysa-basics/#sources ) and that seemed to have caused the error, but it shouldn't have. The error was in the final step uploading the found results.

[brylie]

I’ll double check the configuration. But, it does make sense that the pipeline shouldn’t fail when zero issues are detected.