search

microsoft / sarif-tools

A set of Python command line tools for working with SARIF files produced by code analysis tools
MIT License
76 stars 19 forks source link

No location for <CVE> #36

Closed Jiri-Stary closed 8 months ago

Jiri-Stary commented 8 months ago

Running this command in github action

sarif summary ./*_scan.sarif -o ./hdf/issues.txt

The tool crashes on this jfrog xray sarif file with the following error :

xray_scan.zip

Traceback (most recent call last): File "/home/runner/.local/bin/sarif", line 8, in sys.exit(main()) File "/home/runner/.local/lib/python3.10/site-packages/sarif/cmdline/main.py", line 40, in main exitcode = args.func(args) File "/home/runner/.local/lib/python3.10/site-packages/sarif/cmdline/main.py", line 399, in _summary summary_op.generate_summary(input_files, output, multiple_file_output) File "/home/runner/.local/lib/python3.10/site-packages/sarif/operations/summary_op.py", line 40, in generate_summary summary_lines = _generate_summary(input_files) File "/home/runner/.local/lib/python3.10/site-packages/sarif/operations/summary_op.py", line 62, in _generate_summary result_count_by_severity = input_files.get_result_count_by_severity() File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 957, in get_result_count_by_severity result_counts_by_severity.append(input_file.get_result_count_by_severity()) File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 741, in get_result_count_by_severity get_result_count_by_severity_per_run = [ File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 742, in run.get_result_count_by_severity() for run in self.runs File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 572, in get_result_count_by_severity records = self.get_records() File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 510, in get_records self._cached_records = [self.result_to_record(result) for result in results] File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 510, in self._cached_records = [self.result_to_record(result) for result in results] File "/home/runner/.local/lib/python3.10/site-packages/sarif/sarif_file.py", line 530, in result_to_record raise ValueError(f"No location in {error_id} output from {tool_name}") ValueError: No location in CVE-2021-43[616](https://github.com//actions/runs/6628611502/job/18006238865#step:4:623)_npm_8.1.2 output from JFrog Xray SCA Error: Process completed with exit code 1.

Jiri-Stary commented 8 months ago

possibly duplicate of https://github.com/microsoft/sarif-tools/issues/12 However the fix is probably not in any released version

balgillo commented 8 months ago

Hi, that's right, this is fixed in the latest code, which will be released as v2.0 very soon. I've tested your sarif file in the new version and it's working.