search

microsoft / GHAzDO-Resources

Resources, Scripts, etc. for GitHub Advanced Security on Azure DevOps
MIT License
31 stars 14 forks source link

PS script failing with "Cannot bind argument to parameter 'ReferenceObject' because it is null" #35

Open davidcatriel opened 5 months ago

davidcatriel commented 5 months ago

Hi there

First of all, thank you for posting this script. It's been extremely helpful!

We're running into a strange error with the PS1 script, and having a hard time understanding why. We've implemented this across several pipelines and it works well except in one of them. The script basically exits with the "Cannot bind argument to parameter 'ReferenceObject' because it is null" error, and I've tried the following in order to solve it:

  1. The target branch had no alerts in it, so we forced an alert into it (created another branch with a dummy alert and merged). Didn't help. Also closed the alert on the target branch and retried. Same result.
  2. Thought it might be the CodeQL installation that has to take place on the scaleset when the instances are brought up, but the scan tasks (AdvancedSecurity-Dependency-Scanning@1 and AdvancedSecurity-Codeql-Analyze@1) both run fine and without errors.
  3. I've also tried the new version of the script made available for PR about adding support for dependency scanning (https://github.com/microsoft/GHAzDO-Resources/pull/22) but that one generated several more errors. I can post that log here as well but am avoiding it initially so the post doesn't get muddled. Can add it in later if requested,

Any suggestions on what to look for?

Output of the ps1 execution:

Starting: Advanced Security PR block check
==============================================================================
Task         : PowerShell
Description  : Run a PowerShell script on Linux, macOS, or Windows
Version      : 2.237.5
Author       : Microsoft Corporation
Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell
==============================================================================
Generating script.
Formatted command: . 'C:\a\2\s\CIGate.ps1'
========================== Starting Command Output ===========================
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'C:\a\_temp\84934e75-5d9a-4494-99ed-c6ad9335081c.ps1'"
Will check to see if there are any new CodeQL issues in this PR branch
PR source : refs/pull/14116/merge. PR target: refs/heads/main
Compare-Object : Cannot bind argument to parameter 'ReferenceObject' because it is null.
At C:\a\2\s\CIGate.ps1:114 char:31
+ $newAlertIds = Compare-Object $prSourceAlertIds $prTargetAlertIds -Pa ...
+                               ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Compare-Object], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.CompareObje 
   ctCommand

##[error]PowerShell exited with code '1'.
Finishing: Advanced Security PR block check

Thank you.

rajindroid commented 5 months ago

Make sure the Advanced Security scan exists for the referenced target branch. Check if it exists here - DevOps -> Repos -> Advanced Security -> Code scanning - Branch

Hope it will help

davidcatriel commented 5 months ago

Thx for the answer, but yeah - that's the first thing we checked. The target branch had no alerts in it, so we forced one in. We then ran that pipeline when the alert was still open and then again after closing it. No difference.

felickz commented 4 months ago

We pushed a recent fix to the issue for dependency alerts, if you grab the latest this should be in a better state as we did some hacking on this out at Build this week! #42