Command line contains twice same arguments

[psa-jforestier]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.347 OS: Linux - 4.14.152-127.182.amzn2.x86_64 Java: 11.0.13 - Red Hat, Inc. (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 ansicolor:1.0.1 antisamy-markup-formatter:159.v25b_c67cd35fb_ apache-httpcomponents-client-4-api:4.5.13-1.0 authentication-tokens:1.4 aws-credentials:191.vcb_f183ce58b_9 aws-java-sdk:1.12.215-339.vdc07efc5320c aws-java-sdk-cloudformation:1.12.287-357.vf82d85a_6eefd aws-java-sdk-codebuild:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ec2:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ecr:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ecs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-efs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-elasticbeanstalk:1.12.287-357.vf82d85a_6eefd aws-java-sdk-iam:1.12.287-357.vf82d85a_6eefd aws-java-sdk-logs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-minimal:1.12.287-357.vf82d85a_6eefd aws-java-sdk-sns:1.12.287-357.vf82d85a_6eefd aws-java-sdk-sqs:1.12.287-357.vf82d85a_6eefd aws-java-sdk-ssm:1.12.287-357.vf82d85a_6eefd awseb-deployment-plugin:0.3.21 blueocean-commons:1.26.0 blueocean-core-js:1.26.0 blueocean-jwt:1.26.0 blueocean-pipeline-api-impl:1.25.3 blueocean-pipeline-scm-api:1.25.3 blueocean-rest:1.26.0 blueocean-rest-impl:1.25.3 blueocean-web:1.26.0 bootstrap5-api:5.2.1-3 bouncycastle-api:2.27 branch-api:2.1071.v1a_188a_562481 build-timestamp:1.0.3 caffeine-api:2.9.3-65.v6a_47d0f4d1fe checkmarx-ast-scanner:2.0.11-415.vde4f199d0f33 checks-api:1.8.1 cloudbees-folder:6.740.ve4f4ffa_dea_54 command-launcher:81.v9c2cb_cb_db_392 commons-lang3-api:3.12.0-36.vd97de6465d5b_ commons-text-api:1.10.0-27.vb_fa_3896786a_7 config-file-provider:3.11.1 credentials:1143.vb_e8b_b_ceee347 credentials-binding:523.525.vb_72269281873 display-url-api:2.3.6 docker-commons:1.21 docker-workflow:1.28 durable-task:496.va67c6f9eefa7 echarts-api:5.4.0-1 favorite:2.4.2 font-awesome-api:6.2.1-1 git:4.11.1 git-client:3.11.0 git-parameter:0.9.16 git-server:1.11 github:1.34.3 github-api:1.303-400.v35c2d8258028 github-branch-source:1628.vb_2f51293cb_78 github-pullrequest:0.4.0 groovy:2.4 h2-api:1.4.199 handlebars:3.0.8 htmlpublisher:1.31 ionicons-api:31.v4757b_6987003 jackson2-api:2.14.2-319.v37853346a_229 javax-activation-api:1.2.0-5 javax-mail-api:1.6.2-8 jaxb:2.3.7-1 jdk-tool:1.5 jenkins-design-language:1.26.0 jjwt-api:0.11.2-71.v2722b_b_06a_2a_f jquery:1.12.4-1 jquery-detached:1.2.1 jquery3-api:3.6.1-2 jsch:0.1.55.2 junit:1166.1168.vd6b_8042a_06de lockable-resources:2.15 mailer:414.vcc4c33714601 matrix-project:772.v494f19991984 momentjs:1.1.1 okhttp-api:4.9.3-105.vb96869f8ac3a parameterized-trigger:2.44 pipeline-aws:1.43 pipeline-build-step:2.18 pipeline-github:2.8-138.d766e30bb08b pipeline-github-lib:38.v445716ea_edda_ pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:629.vb_5627b_ee2104 pipeline-input-step:466.v6d0a_5df34f81 pipeline-maven:1298.v43b_82f220a_e9 pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2077.vc78ec45162f1 pipeline-model-declarative-agent:1.1.1 pipeline-model-definition:2.2077.vc78ec45162f1 pipeline-model-extensions:2.2077.vc78ec45162f1 pipeline-multibranch-defaults:2.1 pipeline-rest-api:2.28 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2077.vc78ec45162f1 pipeline-stage-view:2.24 pipeline-utility-steps:2.15.0 plain-credentials:1.8 plugin-util-api:2.20.0 popper2-api:2.11.6-2 publish-over:0.22 publish-over-ssh:1.24 pubsub-light:1.16 scm-api:631.v9143df5b_e4a_a script-security:1229.v4880b_b_e905a_6 snakeyaml-api:1.33-90.v80dcb_3814d35 ssh-credentials:305.v8f4381501156 ssh-steps:2.0.39.v831c5e6468b_c sshd:3.228.v4c9f9e652c86 structs:324.va_f5d6774f3a_d timestamper:1.21 token-macro:321.vd7cc1f2a_52c8 trilead-api:1.67.vc3938a_35172f variant:59.vf075fe829ccb workflow-aggregator:2.7 workflow-api:1200.v8005c684b_a_c6 workflow-basic-steps:948.v2c72a_091b_b_68 workflow-cps:3536.vb_8a_6628079d5 workflow-cps-global-lib:575.v24fa_0a_b_f7383 workflow-cps-global-lib-http:2.23.0 workflow-durable-task-step:1130.v8fd69d0b_8857 workflow-job:1180.v04c4e75dce43 workflow-multibranch:716.vc692a_e52371b_ workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:839.v35e2736cfd5c ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Amazon Linux

Reproduction steps

1. Create a fresh new Jenkins job, with only "Checkmarx AST scan" step
2. Advanced Options : unset Use global additional arguments Copy/paste the "Additional Arguments" : "--report-format pdf --report-pdf-options ScanResults --project-tags AAAAAA:LVH00 --project-groups BBBBBB/LVH00 --output-name cx_result_label-vehicle-history" (assuming you have a working project-groups)
3. Run the build
4. Build is running, but failed with

   Scan Finished with status:  Completed
   Generating PDF report
   Failed downloading PDF report: Failed to create file cx_result_project-label.pdf: open cx_result_project-label.pdf: permission denied

5. But when you look at the build log file, I got this

   00:00:00.743 [Cx-Info]: ----**** Checkmarx Scan Configuration ****----
   00:00:00.744 [Cx-Info]: Checkmarx Server Url: https://eu.ast.checkmarx.net/
   00:00:00.744 [Cx-Info]: Checkmarx Auth Server Url: https://eu.iam.checkmarx.net/
   00:00:00.744 [Cx-Info]: Tenant Name: *****
   00:00:00.744 [Cx-Info]: Project Name: ******
   00:00:00.744 [Cx-Info]: Branch name: ${GIT_BRANCH}
   00:00:00.744 [Cx-Info]: Using global additional options: false
   00:00:00.744 [Cx-Info]: Additional Options: --report-format pdf --report-pdf-options ScanResults --project-tags AAAAAA:LVH00 --project-groups BBBBBB/LVH00 --output-name cx_result_label-vehicle-history
   00:00:00.744 
   00:00:00.748 [Cx-Info]: Checkmarx installation is UP-TO-DATE
   00:00:00.749 [Cx-Info]: Submitting the scan details to the CLI wrapper.
   00:00:00.749 [Cx-Info]: Executable path: /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx 
   00:00:00.749 $ /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx scan create --scan-info-format json -s /var/lib/jenkins/workspace/Checkmarx_AST_scan --agent Jenkins --project-name **** --branch master --report-format pdf --report-pdf-options ScanResults --project-tags AAAAAA:LVH00 --project-groups BBBBBB/LVH00 --output-name cx_result_label-vehicle-history --tenant stellantis-cxone --base-uri https://eu.ast.checkmarx.net/ --base-auth-uri https://eu.iam.checkmarx.net/ --report-format pdf --report-pdf-options ScanResults --project-tags AAAAAA:LVH00 --project-groups BBBBBB/LVH00 --output-name cx_result_label-vehicle-history

   As you can see, the "additional options" is repeated twice. in the last line (the real command line supposed to be executed by Jenkins). So i can't tell if the "permission denied" error is because of the wrongly generated command line or if there is a real permission error.

Expected Results

The generated log file should reflect exactly the command line. We should have the addition arguments only once.

Actual Results

Additional options is in double in the command line written on the log file.

Anything else?

No response

[pedrompflopes]

Hi @psa-jforestier

Thanks for raising the issue. We are working on removing the duplicated flags, although this doesn't have an impact on the functionality.

Please try to run with --debug to get more details about the issue. Please also ensure that your apikey or oauth client has "view-scans" role.

Thanks,

[psa-jforestier]

Hello. I added the "--debug" flag :

00:00:00.734  > git rev-list --no-walk 301258abfc36be87293262bef3c4c2c18098bb5b # timeout=10
00:00:00.767 [Cx-Info]: ----**** Checkmarx Scan Configuration ****----
00:00:00.768 [Cx-Info]: Checkmarx Server Url: https://eu.ast.checkmarx.net
00:00:00.768 [Cx-Info]: Checkmarx Auth Server Url: https://eu.iam.checkmarx.net
00:00:00.768 [Cx-Info]: Tenant Name: zzzzzzzzz-cxone
00:00:00.768 [Cx-Info]: Project Name: xxxx-XXX-LabelVehicleHistory
00:00:00.768 [Cx-Info]: Branch name: ${GIT_BRANCH}
00:00:00.768 [Cx-Info]: Using global additional options: false
00:00:00.768 [Cx-Info]: Additional Options: --report-format pdf --report-pdf-options ScanResults --project-tags xxxx-Jenkins:XXX00 --project-groups xxxx-PCD/CDF/XXX00 --output-name cx_result_label-vehicle-history --output-path ${WORKSPACE} --debug
00:00:00.773 [Cx-Info]: Checkmarx installation is UP-TO-DATE
00:00:00.774 [Cx-Info]: Submitting the scan details to the CLI wrapper.
00:00:00.774 [Cx-Info]: Executable path: /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx 
00:00:00.775 $ /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx scan create --scan-info-format json -s /var/lib/jenkins/workspace/Checkmarx_AST_scan --agent Jenkins --project-name xxxx-XXX-LabelVehicleHistory --branch master --report-format pdf --report-pdf-options ScanResults --project-tags xxxx-Jenkins:XXX00 --project-groups xxxx-PCD/CDF/XXX00 --output-name cx_result_label-vehicle-history --output-path /var/lib/jenkins/workspace/Checkmarx_AST_scan --debug --tenant zzzzzzzzz-cxone --base-uri https://eu.ast.checkmarx.net --base-auth-uri https://eu.iam.checkmarx.net --report-format pdf --report-pdf-options ScanResults --project-tags xxxx-Jenkins:XXX00 --project-groups xxxx-PCD/CDF/XXX00 --output-name cx_result_label-vehicle-history --output-path /var/lib/jenkins/workspace/Checkmarx_AST_scan --debug
00:00:00.775 2023/06/06 17:18:16 CLI Configuration:
00:00:00.775 2023/06/06 17:18:16                    cx_base_uri: https://eu.ast.checkmarx.net/
00:00:00.775 2023/06/06 17:18:16               cx_base_auth_uri: https://eu.iam.checkmarx.net/
00:00:00.775 2023/06/06 17:18:16                     http_proxy: 
00:00:00.775 2023/06/06 17:18:16               cx_client_secret: ***
00:00:00.775 2023/06/06 17:18:16                      cx_branch: master
00:00:00.775 2023/06/06 17:18:16                     cx_timeout: 30
00:00:00.775 2023/06/06 17:18:16                      cx_tenant: zzzzzzzz-cxone
00:00:00.775 2023/06/06 17:18:16             cx_proxy_auth_type: basic
00:00:00.775 2023/06/06 17:18:16                   cx_client_id: ***
00:00:00.775 2023/06/06 17:18:16                      cx_apikey: 
00:00:00.775 2023/06/06 17:18:16 Base Auth URI - Extract from Base Auth URI flag
00:00:00.775 2023/06/06 17:18:16 Base Auth URI - https://eu.iam.checkmarx.net/auth/realms/zzzzzzzz-cxone 
00:00:00.775 2023/06/06 17:18:16 Checking cache for API access token.
(...)
00:07:26.523 2023/06/06 17:25:42 Request attempt 1 in 4
00:07:26.523 2023/06/06 17:25:42 Starting connection: eu.ast.checkmarx.net:443
00:07:26.523 2023/06/06 17:25:42 DNS looking up host information for: eu.ast.checkmarx.net
00:07:26.523 2023/06/06 17:25:42 DNS found host address(s): [{IP:18.66.171.69 Zone:} {IP:18.66.171.30 Zone:} {IP:18.66.171.27 Zone:} {IP:18.66.171.10 Zone:}]
00:07:26.524 2023/06/06 17:25:42 Started TLS Handshake
00:07:26.531 2023/06/06 17:25:42 Completed TLS handshake
00:07:26.730 2023/06/06 17:25:42 Connected completed in: 208 (ms)
00:07:26.730 2023/06/06 17:25:42 Starting connection: eu.ast.checkmarx.net:443
00:07:27.026 2023/06/06 17:25:42 Connected completed in: 296 (ms)
00:07:27.026 2023/06/06 17:25:42 Receiving API response:
00:07:27.035 2023/06/06 17:25:42 Request contains binary data and cannot be printed!
00:07:27.035 Failed downloading PDF report: Failed to create file cx_result_label-vehicle-history.pdf: open cx_result_label-vehicle-history.pdf: permission denied
00:07:27.038 [Cx-Error]: Exit code from AST-CLI: 1
00:07:27.038 [Cx-Info]: Generating failed report
00:07:27.040 [Cx-Info]: Executable path: /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx 
00:07:27.040 $ /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx results show --scan-id e7673172-ab61-4934-b06b-3ef3bcb267c3 --report-format summaryHTML --tenant zzzzzzzzz-cxone --base-uri https://eu.ast.checkmarx.net --base-auth-uri https://eu.iam.checkmarx.net --output-path /var/lib/jenkins/workspace/Checkmarx_AST_scan/cx.tmp12289813062197396404 --output-name checkmarx-ast-results
00:07:30.806 2023/06/06 17:25:46 Creating Summary Report:  /var/lib/jenkins/workspace/Checkmarx_AST_scan/cx.tmp12289813062197396404/checkmarx-ast-results.html
00:07:30.813 [Cx-Info]: Executable path: /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx 
00:07:30.813 $ /var/lib/jenkins/tools/com.checkmarx.jenkins.tools.CheckmarxInstallation/Checkmarx/cx results show --scan-id e7673172-ab61-4934-b06b-3ef3bcb267c3 --report-format summaryJSON --tenant zzzzzzzzz-cxone --base-uri https://eu.ast.checkmarx.net --base-auth-uri https://eu.iam.checkmarx.net --output-path /var/lib/jenkins/workspace/Checkmarx_AST_scan/cx.tmp12289813062197396404 --output-name checkmarx-ast-results
00:07:34.217 2023/06/06 17:25:50 Creating summary JSON Report:  /var/lib/jenkins/workspace/Checkmarx_AST_scan/cx.tmp12289813062197396404/checkmarx-ast-results.json

The log continue after, but there is a lot of lines in verbose mode. I confirm the key have view-scan role.

The final error "Failed to create file cx_result_project-label.pdf" was because I have to set the --output-path parameter (by default, the plugin try to write the PDF in a wrong place).