search

snyk-tech-services / snyk-delta

Other
19 stars 21 forks source link

snyk-delta fails with TypeError #160

Closed mazulo closed 1 year ago

mazulo commented 1 year ago

Hi team!

So I have a GitHub Action that runs snyk test with snyk-delta but all of a sudden it started failing with the following error messsage:

2022-11-29T13:27:26.578Z snyk sending request to: https://api.snyk.io/v1/analytics/cli
2022-11-29T13:27:26.578Z snyk request body size: 1132
2022-11-29T13:27:26.579Z snyk gzipped request body size: 614
2022-11-29T13:27:26.581Z snyk not using proxy
2022-11-29T13:27:26.706Z snyk Verify input data for JSON structure
2022-11-29T13:27:26.707Z snyk Retrieving Snyk Project [redacted] in org [redacted]
Unexpected error: Cannot read property 'schemaVersion' of null
Re-run in debug mode for more information: DEBUG=* snyk-delta <...>
2022-11-29T13:27:27.200Z snyk TypeError: Cannot read property 'schemaVersion' of null
    at validateDepGraphData (/opt/hostedtoolcache/node/12.22.12/x64/lib/node_modules/snyk-delta/node_modules/@snyk/dep-graph/src/core/create-from-json.ts:66:33)
    at Object.createFromJSON (/opt/hostedtoolcache/node/12.22.12/x64/lib/node_modules/snyk-delta/node_modules/@snyk/dep-graph/src/core/create-from-json.ts:17:3)
    at Object.exports.getAggregatedIssuesWithVulnPaths (/opt/hostedtoolcache/node/12.22.12/x64/lib/node_modules/snyk-delta/node_modules/snyk-api-ts-client/src/lib/client/abstraction/org/aggregatedissues.ts:29:20)
    at processTicksAndRejections (internal/process/task_queues.js:[97](https://github.com/mazulo/my-project/actions/runs/[redacted]/jobs/[redacted]#step:9:98):5)
    at Aggregatedissues.getAggregatedIssuesWithVulnPaths (/opt/hostedtoolcache/node/12.22.12/x64/lib/node_modules/snyk-delta/node_modules/snyk-api-ts-client/src/lib/client/generated/org.ts:3415:16)
    at Object.getProjectIssues (/opt/hostedtoolcache/node/12.22.12/x64/lib/node_modules/snyk-delta/src/lib/snyk/snyk.ts:66:35)
    at getDelta (/opt/hostedtoolcache/node/12.22.12/x64/lib/node_modules/snyk-delta/src/lib/index.ts:193:21)

My GitHub action looks like this:

name: Snyk vulnerability check - python-3.10

on:
  workflow_dispatch:
  pull_request:
    branches:
      - main

jobs:
  snyk-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Use Node.js 12
        uses: actions/setup-node@v1
        with:
          node-version: 12.x
      - name: Installing snyk-delta
        run: npm i -g snyk-delta@1.8.2
      - name: Use python3.10
        uses: actions/setup-python@v4
        with:
          python-version: "3.10"
      - name: Install dependencies
        run: |
          pip install -r ./requirements/release.txt
      - uses: snyk/actions/setup@master
      - uses: actions/setup-python@v4
        with:
          python-version: "3.10"
      - name: Snyk Test
        run: snyk test -d --json --print-deps --severity-threshold=high --org='[redacted]' --file=./requirements/release.txt --package-manager=pip | snyk-delta -d --baselineOrg '[redacted]' --baselineProject '[redacted]'
        env:
          SNYK_TOKEN: ${{ [redacted] }}

Any ideas of what's happening?

aarlaud commented 1 year ago

Check the output of "snyk test -d --json --print-deps --severity-threshold=high --org='[redacted]' --file=./requirements/release.txt --package-manager=pip" first. I suspect something is not right with the depgraph

mazulo commented 1 year ago

Hey @aarlaud thanks for the fastest response I've seen haha!

I think this is the output for the snyk test:


2022-11-29T13:27:24.304Z snyk test <ref *1> {
  _: [ [Circular *1] ],
  debug: true,
  json: true,
  'print-deps': true,
  org: '[redacted]',
  file: './requirements/release.txt',
  packageManager: 'pip',
  severityThreshold: 'high'
}
2022-11-29T13:27:24.576Z snyk inline mode
2022-11-29T13:27:26.108Z snyk Potential policy locations found: [ '/home/runner/work/my-project/my-project/requirements' ]
2022-11-29T13:27:26.174Z snyk:prune rootPkg { name: 'requirements', version: '0.0.0' }
2022-11-29T13:27:26.174Z snyk:prune prePrunePathsCount: 266
2022-11-29T13:27:26.174Z snyk:prune isDenseGraph false
2022-11-29T13:27:26.176Z snyk sending request to: https://api.snyk.io/v1/test-dep-graph
2022-11-29T13:27:26.177Z snyk request body size: [15](https://github.com/mazulo/my-project/actions/runs/[redacted]/jobs/[redacted]#step:9:16)204
2022-11-29T13:27:26.177Z snyk gzipped request body size: 2685
2022-11-29T13:27:26.179Z snyk not using proxy
2022-11-29T13:27:26.578Z snyk analytics {
  "args": [
    {
      "debug": true,
      "json": true,
      "print-deps": true,
      "org": "[redacted]",
      "file": "./requirements/release.txt",
      "packageManager": "pip",
      "severityThreshold": "high"
    }
  ],
  "command": "test",
  "org": "[redacted]",
  "metadata": {
    "upgradable-snyk-protect-paths": 0,
    "local": true,
    "pluginName": "snyk-python-plugin",
    "policies": 1,
    "policyLocations": [
      "/home/runner/work/my-project/my-project/requirements"
    ],
    "packageManager": "pip",
    "packageName": "requirements",
    "packageVersion": "0.0.0",
    "package": "requirements@0.0.0",
    "prePrunedPathsCount": 266,
    "depGraph": true,
    "isDocker": false,
    "vulns-pre-policy": 0,
    "vulns": 0
  },
  "os": "Linux 5.15",
  "osPlatform": "linux",
  "osRelease": "5.15.0-1023-azure",
  "osArch": "x64",
  "version": "1.1064.0",
  "nodeVersion": "v[16](https://github.com/mazulo/my-project/actions/runs/[redacted]/jobs/[redacted]#step:9:17).16.0",
  "standalone": true,
  "integrationName": "GITHUB_ACTIONS",
  "integrationVersion": "setup (Linux)",
  "integrationEnvironment": "",
  "integrationEnvironmentVersion": "",
  "id": "[redacted][17](https://github.com/mazulo/my-project/actions/runs/[redacted]/jobs/[redacted]#step:9:18)",
  "ci": true,
  "durationMs": 2243,
  "metrics": {
    "network_time": {
      "type": "timer",
      "values": [
        397
      ],
      "total": 397
    },
    "cpu_time": {
      "type": "synthetic",
      "values": [
        [18](https://github.com/mazulo/my-project/actions/runs/[redacted]/jobs/[redacted]#step:9:19)46
      ],
      "total": 1846
    }
  }
}
aarlaud commented 1 year ago

That doesn't look like standard output... it's only the debug output You should see something like a dep graph or dep tree first then a set of issues if any issues were found, or a no issues found kinda deal. Feel free to open a support ticket if you need assistance from our support team here.

mazulo commented 1 year ago

Hey @aarlaud thank you for the support so far. In the end the issue was on our end. Everything looks good now!

pfernandesviz commented 1 year ago

@mazulo what was the issue?