Sonar failed to parse json file due org.sonar.dependencycheck.parser.element.Analysis["scanInfo"] error

Question

Sonar failed to parse json file due org.sonar.dependencycheck.parser.element.Analysis["scanInfo"] error

garry-t opened this issue 2 years ago · 5 comments

Describe the bug
Plugin not able to parse json output from bundler-audit tool for ruby.

To Reproduce
Steps to reproduce the behavior:

Install 'plugin Dependency-Check 3.0.1'
Run 'bundle-audit check --format json --output bundle-audit.json'
Enable verbose output for sonar
See error in logs

Current behavior

11:26:40.134 DEBUG: Problem with JSON-Report-Mapping
org.sonar.dependencycheck.parser.ReportParserException: Problem with JSON-Report-Mapping
	at org.sonar.dependencycheck.parser.JsonReportParserHelper.parse(JsonReportParserHelper.java:44)
	at org.sonar.dependencycheck.DependencyCheckSensor.parseAnalysis(DependencyCheckSensor.java:71)
	at org.sonar.dependencycheck.DependencyCheckSensor.execute(DependencyCheckSensor.java:154)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
	at org.sonar.scanner.sensor.ProjectSensorsExecutor.execute(ProjectSensorsExecutor.java:49)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:360)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:150)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: Missing required creator property 'scanInfo' (index 0)
 at [Source: (sun.nio.ch.ChannelInputStream); line: 1, column: 78076] (through reference chain: org.sonar.dependencycheck.parser.element.Analysis["scanInfo"])
	at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:59)
	at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1482)
	at com.fasterxml.jackson.databind.deser.impl.PropertyValueBuffer._findMissing(PropertyValueBuffer.java:194)
	at com.fasterxml.jackson.databind.deser.impl.PropertyValueBuffer.getParameters(PropertyValueBuffer.java:160)
	at com.fasterxml.jackson.databind.deser.ValueInstantiator.createFromObjectWith(ValueInstantiator.java:229)
	at com.fasterxml.jackson.databind.deser.impl.PropertyBasedCreator.build(PropertyBasedCreator.java:202)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:490)
	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1322)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:331)
	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:164)
	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4526)
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3505)
	at org.sonar.dependencycheck.parser.JsonReportParserHelper.parse(JsonReportParserHelper.java:40)

Expected behavior
Plugin parse file and display data on UI

Versions (please complete the following information):

dependency-check
sonarqube = 8.9.9
dependency-check-sonar-plugin = 3.0.1

Answer 1 · 2022-10-04T11:39:47.000Z

I don't know bundler-audit, which doesn't seem to be the same as dependency-check.
Please explain the tool.

Answer 2 · 2022-10-04T11:42:57.000Z

I don't know bundler-audit, which doesn't seem to be the same as dependency-check. Please explain the tool.

this is same tool which you are using under the hood for your plugin if I correctly understood.

Answer 3 · 2022-10-04T14:34:11.000Z

And which version of the plugin is running in bundle-audit?

Answer 4 · 2022-10-04T14:44:10.000Z

bundler-audit 0.9.1

Answer 5 · 2022-10-04T15:01:28.000Z

In the README of bundle-audit I don't find any reference to the dependency-check project. I therefore assume that the generated JSON files are not compatible.
You need a JSON file, which is generated by dependency-check.