search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.59k stars 309 forks source link

ORT should fail gracefully ... #1658

Closed adambhere closed 2 years ago

adambhere commented 5 years ago

ORT's analyzer crashes on .ort.yml with invalid fields or an incorrectly specified --repository-configuration-file.

The expected behaviour would an analyzer error in the report and ORT should carry on.

Only a fatal error that makes it impossible for the analyzer (or ORT as a whole) to produce meaningful results should terminate execution.

18:26:18 ________ _____________________
18:26:18 \_____  \\______   \__    ___/ the OSS Review Toolkit, version 6e3c27d.
18:26:18  /   |   \|       _/ |    |    Running 'analyze' on Java 10 and Linux with
18:26:18 /    |    \    |   \ |    |    JAVA_HOME = /opt/jdk-10
18:26:18 \_______  /____|_  / |____|    ANDROID_HOME = /opt/android-sdk-linux
18:26:18         \/       \/
18:26:18 
18:26:18 The following package managers are activated:
18:26:18    Bower, Bundler, Cargo, DotNet, GoDep, Gradle, Maven, NPM, NuGet, PhpComposer, PIP, SBT, Stack, Yarn
18:26:18 Analyzing project path:
18:26:18    /workspace/project/Downloader/unknown/Client%20Microservices/unknown
18:26:18 16:26:18.628 INFO  - Using configuration file '/workspace/project/Downloader/unknown/Client%20Microservices/unknown/.ort.yml'.
18:26:19 Exception in thread "main" com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "projects" (class com.here.ort.model.config.Excludes), not marked as ignorable (2 known properties: "paths", "scopes"])
18:26:19  at [Source: (File); line: 148, column: 140] (through reference chain: com.here.ort.model.config.RepositoryConfiguration["excludes"]->com.here.ort.model.config.Excludes["projects"])
18:26:19    at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
18:26:19    at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:823)
18:26:19    at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1153)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1589)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperties(BeanDeserializerBase.java:1543)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:504)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1287)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:326)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159)
18:26:19    at com.fasterxml.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:530)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeWithErrorWrapping(BeanDeserializer.java:528)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:417)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1287)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:326)
18:26:19    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159)
18:26:19    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4013)
18:26:19    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2921)
18:26:19    at com.here.ort.analyzer.Analyzer.analyze(Analyzer.kt:164)
18:26:19    at com.here.ort.commands.AnalyzerCommand.runCommand(AnalyzerCommand.kt:156)
18:26:19    at com.here.ort.CommandWithHelp.run(CommandWithHelp.kt:53)
18:26:19    at com.here.ort.Main.runCommand(Main.kt:112)
18:26:19    at com.here.ort.CommandWithHelp.run(CommandWithHelp.kt:53)
18:26:19    at com.here.ort.Main.run(Main.kt:95)
18:26:19    at com.here.ort.Main.main(Main.kt:75)
18:26:19 
18:26:19 FAILURE: Build failed with an exception.
sschuberth commented 5 years ago

Looks like this is related to @fviernau's removal of project excludes in https://github.com/heremaps/oss-review-toolkit/pull/1639.

sschuberth commented 3 years ago

This should be the relevant line by now:

https://github.com/oss-review-toolkit/ort/blob/42845fa5eb5fbb1a9bc617aa778c2979ca0da26d/cli/src/main/kotlin/commands/AnalyzerCommand.kt#L174

But I'm wondering whether throwing an exception isn't the right thing to do on a corrupted / invalid repository configuration file. Or should be just create an OrtIssue / analyzer error instead, @oss-review-toolkit/core-devs?

sschuberth commented 2 years ago

Ping again @oss-review-toolkit/core-devs, and esp. @fviernau and @adambhere! Is this relevant?

fviernau commented 2 years ago

In my opinion ORT behavior is good as-is. I've fixed a bunch of issues for such exceptions, and IIRC I was always able to identify the root cause quickly based on the exception message.

Besides that, behavior IIRC is consistent with how serialization issues of package configurations and curations or other configurations files are handled.

sschuberth commented 2 years ago

Agreed, so let's close this.