search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.57k stars 308 forks source link

SCANOSS - Snippet Scanning - Throws 400 Bad Request #7320

Closed ozgursedef closed 1 year ago

ozgursedef commented 1 year ago

ORT throws 400 http error when configured SCANOSS as scanner.

Reproduce steps: 1) https://github.com/jshttp/mime-types (clone and generate a analyzer-result.yml) 2) config.yml : scanner: options: ScanOss: apiUrl: 'https://osskb.org/api/' 3) start scan.

Output; 15:39:13.956 [main] INFO org.ossreviewtoolkit.plugins.scanners.scanoss.ScanOss - The SCANOSS API URL is https://osskb.org/api/. 15:39:14.165 [main] INFO org.ossreviewtoolkit.plugins.scanners.scanoss.ScanOss - The SCANOSS API URL is https://osskb.org/api/. Scanning projects with: SCANOSS (version 1.1.6) Scanning packages with: SCANOSS (version 1.1.6) ....

Error: Exception in thread "main" retrofit2.HttpException: HTTP 400 at retrofit2.KotlinExtensions$await$2$2.onResponse(KotlinExtensions.kt:53) at retrofit2.OkHttpCall$1.onResponse(OkHttpCall.java:161) at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:519) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833)

It seems something has changed on ScanOss Api and ORT needs to be aligned.

Could you please help ?

Thanks.

sschuberth commented 1 year ago

Any hint what changed in the SCANOSS API, @eeisegn?

sschuberth commented 1 year ago

Note that https://docs.osskb.org/#/scan/scandirect also returns the undocumented TypeError: NetworkError when attempting to fetch resource for me.

scanoss-qg commented 1 year ago

Hi @sschuberth @ozgursedef ,

First of all, apologies for the delayed response. The scanning API has not undergone any changes. However, we came across an erroneous requirement in the server while running the SCANOSS client from ORT. It seems that the line https://github.com/oss-review-toolkit/ort/blob/deec91b27c24d517c6caab3ff7e8b42a1c9a4a5e/plugins/scanners/scanoss/src/main/kotlin/ScanOss.kt#L106 is receiving the same value for both the field name and the value.

As a result, we have performed a code review and renamed the form field to "file," which resolved the issue. Tomorrow, you will receive a pull request with these changes.

If you have any questions or concerns, please feel free to reach out. Thank you for your understanding.

Best regards,

Quique

sschuberth commented 1 year ago

As a result, we have performed a code review and renamed the form field to "file," which resolved the issue. Tomorrow, you will receive a pull request with these changes.

Thanks a lot @scanoss-qg for taking the time to look at our client code, and even be willing to contribute a fix! That's highly appreciated! Looking forward to that PR 😸