search

snyk-labs / snyk-filter

Snyk filtering for SNYK CLI
https://snyk.io
15 stars 29 forks source link

snyk-filter produces invalid JSON output when used with `--all-projects` input from the Snyk CLI #71

Open snykerjames opened 3 years ago

snykerjames commented 3 years ago

Using: snyk@1.651.0 snyk-filter@1.1.0 snyk-to-html@2.0.1

When run with the --all-projects JSON input from the Snyk CLI, snyk-filter produces invalid JSON output, as illustrated in the following example with snyk-to-html:

> $ snyk test --all-projects --json | snyk-filter -f ~/opt/snyk/filter-high-vulns-upgradeable.yml --json |snyk-to-html -o results.html
Using a custom API endpoint from `snyk config` (tip: it should contain path to `/api`): https://snyk.io/api/v1/
json output enabled
json output enabled
json output enabled
High severity & upgradeable vulns found. Please review upgrade steps
Snyk Test Failed
The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON

Tip: To find more information, try running `snyk-to-html` in debug mode by appending to the CLI the `-d` parameter

Error running `snyk-to-html`. Please check you are providing the correct parameters. Is the issue persists contact support@snyk.io

Attached are the JSON outputs from the Snyk CLI and from snyk-filter, along with a copy of the filter that was used. supporting-docs.zip

It appears the difference between the two outputs is that the CLI output contains an array of snyk projects, but the snyk-filter output is a concatenation of these.

aarlaud commented 3 years ago

Ack. Snyk-filter predates all-projects option but we'll take a look.

odlevakp commented 2 years ago

Any movement on this?

I have the same issue, when using --all-projects with snyk test and feeding it to snyk-filter, it will produce invalid JSONs. Would be nice if I can provide developers with snyk-to-html output to better show why their deployment was stopped, instead of the plain output during a pipeline run.

lili2311 commented 2 years ago

hi @odlevakp This repository is not actively maintained, we are working on critical bug fixes only. However we can suggest you try something like this as a .sh script, but it would generate individual results instead of 1 html file:


#!/bin/bash

set -euo pipefail

exit_code=0

echo 'Running snyk test --all-projects --json | snyk-filter'

for test in `snyk test --all-projects --json $* | jq -r '. | select(.[] or .vulnerabilities) | @base64'`; do    
    project_exit_code=$?
    exit_code+=$project_exit_code
    project="$(echo ${test} | base64 --decode | jq -r '.displayTargetFile')"
    echo ${test} | base64 --decode | snyk-filter -f ./filter-high-vulns-upgradeable.yml --json |snyk-to-html -o results-${project}.html
done

exit $exit_code