Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Analysis processing failed" #665

Open
h3xstream opened this issue Jul 29, 2021 · 5 comments
Open

"Analysis processing failed" #665

h3xstream opened this issue Jul 29, 2021 · 5 comments

Comments

@h3xstream
Copy link

When we see "Analysis processing failed", where should we look to investigate what failed?

test

The ouput of the CodeQL action is saying

Processing sarif files: ["reports/test.sarif"]
Uploading results
Successfully uploaded results
@aeisenberg
Copy link
Contributor

Normally, there should be a failing code scanning workflow run in the Actions tab of your repository. The fact that the latest scan has a duration of 1s, implies to me that the workflow didn't really run at all (or at least it was aborted shortly after starting).

Can you locate which run this was? And add the logs?

If this repo is public, can you share the link?

@h3xstream
Copy link
Author

Hi
This is the workflow:
https://github.com/h3xstream/sarif-samples/actions/workflows/upload-me.yml

@aeisenberg
Copy link
Contributor

Thanks for the information. I've forwarded this on to the code scanning team and someone should follow up.

@marcogario
Copy link
Contributor

👋 @h3xstream We have few additional expectations from the SARIF file that are stricter than what the standard requires. These are meant to provide a reasonable UI experience. One of those is that each result should have a message. The file you uploaded does not include these values.

You can see the full explanation at: https://docs.github.com/en/code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning#result-object

To further debug this type of problems, you can use the Code Scanning API endpoint to list analyses. These errors are reported under the error property: https://docs.github.com/en/rest/reference/code-scanning#list-code-scanning-analyses-for-a-repository

Hope this helps!

@h3xstream h3xstream mentioned this issue Aug 2, 2021
Closed
This was referenced Oct 18, 2021
Closed
Open
@jsoref
Copy link
Contributor

jsoref commented Nov 13, 2022

So, I'm looking at

Thoughts:

  1. If at all possible, the Analysis processing failed should be a link to something. Preferably to a report showing the specific complaint(s). Alternatively, to a page explaining how to debug a failure.
  2. I was hoping there'd be some way for me to do what I'm trying to do here, but, so far, I haven't found one...
  3. It isn't obvious why the error message appears to be doubled.
  4. If the errors thing should be an array, perhaps it should be reformulated as such?
  5. if you're going to merge items into a human readable message in errors, please include whitespace between entries.
  6. If an error can be sufficiently ambiguous, why not include the actual value you dislike instead of just the parsed portion?
  7. I guess that results_count and rules_count aren't populated unless the sarif parser is entirely happy, ...
  8. To make my life easier (and to enable one to pull the sarif file into other tools, e.g. VSCode), the action generates a sarif artifact, so people can retrieve it and review manually.
code-scanning/analyses/51044536

gh api /repos/jsoref/examples-testing/code-scanning/analyses/51044536:

{
  "analysis_key": ".github/workflows/spelling.yml:spelling",
  "category": "check-spelling",
  "commit_sha": "1903e85d65371f1fb587e60e92fddf822e81a55c",
  "created_at": "2022-11-13T06:26:40Z",
  "deletable": false,
  "environment": "{}",
  "error": "SARIF URI scheme \"https\" did not match the checkout URI scheme \"file\",SARIF URI scheme \"https\" did not match the checkout URI scheme \"file\",",
  "id": 51044536,
  "ref": "refs/pull/25/merge",
  "results_count": 0,
  "rules_count": 0,
  "sarif_id": "21e893e4-631c-11ed-88e3-9a1618496759",
  "tool": {
    "guid": null,
    "name": "check-spelling",
    "version": "0.0.20"
  },
  "url": "https://api.github.com/repos/jsoref/examples-testing/code-scanning/analyses/51044536",
  "warning": ""
}
The relevant sarif items

... appear to be:

[
...
        {
          "ruleId": "unrecognized-spelling",
          "ruleIndex": 0,
          "message": {
            "text": "[haddd](#security-tab) is not a recognized word. \\(unrecognized-spelling\\)"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "https://github.com/jsoref/examples-testing/pull/25#",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 6,
                  "endColumn": 11
                }
              }
            }
          ]
        },
...
        {
          "ruleId": "unrecognized-spelling",
          "ruleIndex": 0,
          "message": {
            "text": "[fleeze](#security-tab) is not a recognized word. \\(unrecognized-spelling\\)"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "https://github.com/jsoref/examples-testing/pull/25#",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 5,
                  "endColumn": 11
                }
              }
            }
          ]
        },
...
]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aeisenberg @h3xstream @marcogario @jsoref