Failed to parse input fileresults.json if we if we dont use finding-rule-level "0" from versions v0.1.6 onwards

Question

Failed to parse input fileresults.json if we if we dont use finding-rule-level "0" from versions v0.1.6 onwards

wesco-prathapmotupalli opened this issue a year ago · 5 comments

wesco-prathapmotupalli commented a year ago

We encountered an issue while parsing the input file "fileresults.json" in versions veracode/veracode-pipeline-scan-results-to-sarif@v0.1.6 and above. This issue arises when users do not include "0" in the finding-rule-level.

To address this problem, we kindly request that update the readme notes to specify that "0" must be included, as failure to do so it will fail to parse input fileresults.json in versions v0.1.6 and onwards.

Answer 1 · 2023-09-11T16:32:05.000Z

Please see the latest testing observation with the v1.0.5

Working Code Scenario-1:
uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "4:3:0"

Working Code Scenario-2:
uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "3:1:0"

Working Code Scenario-3:
uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "3:1:1"

Working Code Scenario-4:
uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "4:1:1"

Failing Code:
uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "4:3:1"
Error: Failed to parse input fileresults.json

uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "4:2:1"

Error: Failed to parse input fileresults.json

Answer 2 · 2023-09-15T13:42:31.000Z

For Python code, veracode/veracode-pipeline-scan-results-to-sarif@v0.1.6 onwards failing with the finding rule 3:1:0

Failing Code:
uses: veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
finding-rule-level: "3:1:0"
Error: Failed to parse input fileresults.json

uses: veracode/veracode-pipeline-scan-results-to-sarif@v0.1.6
with:
pipeline-results-json: results.json
finding-rule-level: "3:1:0"

Error: Failed to parse input fileresults.json

Answer 3 · 2023-12-05T13:38:13.000Z

Hi Team,
do we have any update on this?

Answer 4 · 2024-01-08T18:42:56.000Z

Thanks to the Veracode team for putting a fix out for this. It appears to be fixed in 1.0.7 version. The problem was a missing section (flaw_match) in results.json for some languages. This is expected results, but those results aren't accounted for in this action until now. Tweaks have been made to allow the results to still be parsed if that section does not exist in v1.0.7.

Answer 5 · 2024-01-08T18:49:05.000Z

Veracode Static Analysis Pipeline scan and import of results to SARIF issue is fixed in veracode/veracode-pipeline-scan-results-to-sarif@v1.0.7 is working fine for Python code as well. Thank you to the Veracode team