Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(report): fix error with unmarshal of ExperimentalModifiedFindings #7463

Merged
merged 7 commits into from
Sep 11, 2024
Merged

fix(report): fix error with unmarshal of ExperimentalModifiedFindings #7463

merged 7 commits into from
Sep 11, 2024
+265 −3

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Sep 9, 2024
edited
Loading

Description

Fix error with unmarshal of ExperimentalModifiedFindings (e.g. in convert mode)

➜ trivy -d convert --show-suppressed  --exit-code 0 reports/trivyFull.json 
...
2024-09-09T10:22:22+06:00	FATAL	Fatal error
  - json decode error:
    github.com/aquasecurity/trivy/pkg/commands/convert.Run
        github.com/aquasecurity/trivy/pkg/commands/convert/run.go:32
  - json: cannot unmarshal object into Go struct field ModifiedFinding.Results.ExperimentalModifiedFindings.Finding of type types.finding

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@DmitriyLewen DmitriyLewen self-assigned this Sep 9, 2024
@DmitriyLewen DmitriyLewen marked this pull request as ready for review September 9, 2024 08:19
@afdesk afdesk mentioned this pull request Sep 9, 2024
Closed
@knqyf263 knqyf263 mentioned this pull request Sep 10, 2024
Merged
@knqyf263
Copy link
Collaborator

We don't run MarshalJSON functions for ExperimentalModifiedFindings.Finding. e.g.:

This problem will be solved after aquasecurity/trivy-db#436.

@knqyf263
Copy link
Collaborator

I'll also open another PR to fix this line.

trivy/pkg/fanal/types/package.go

Line 81 in 5c37361

func (id *PkgIdentifier) MarshalJSON() ([]byte, error) {

knqyf263
knqyf263 reviewed Sep 10, 2024
View reviewed changes
pkg/types/finding.go Outdated
Comment on lines 98 to 113
raw := struct {
Type FindingType `json:"Type"`
Status FindingStatus `json:"Status"`
Statement string `json:"Statement"`
Source string `json:"Source"`
Finding json.RawMessage `json:"Finding"`
}{}

if err := json.Unmarshal(data, &raw); err != nil {
return err
}

m.Type = raw.Type
m.Status = raw.Status
m.Statement = raw.Statement
m.Source = raw.Source
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we refactor as below?

    type Alias ModifiedFinding
    aux := &struct {
        Finding json.RawMessage `json:"Finding"`
        *Alias
    }{
        Alias: (*Alias)(m),
    }

cf.

trivy/pkg/fanal/types/package.go

Lines 97 to 121 in 5c37361

// UnmarshalJSON customizes the JSON decoding of PkgIdentifier.
func (id *PkgIdentifier) UnmarshalJSON(data []byte) error {
type Alias PkgIdentifier
aux := &struct {
PURL string `json:",omitempty"`
*Alias
}{
Alias: (*Alias)(id),
}
if err := json.Unmarshal(data, &aux); err != nil {
return err
}
if aux.PURL != "" {
p, err := packageurl.FromString(aux.PURL)
if err != nil {
return err
} else if len(p.Qualifiers) == 0 {
p.Qualifiers = nil
}
id.PURL = &p
}
return nil
}

Copy link
Contributor Author

@DmitriyLewen DmitriyLewen Sep 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in 38b0d2b

@DmitriyLewen DmitriyLewen changed the title fix(report): fix problems with ExperimentalModifiedFindings in json format fix(report): fix error with unmarshal of ExperimentalModifiedFindings Sep 10, 2024
@DmitriyLewen
Copy link
Contributor Author

@knqyf263 I merged #7483. So this PR is ready for review.

@knqyf263
refactor: do not repeat json.Unmarshal
ae75daa 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
@knqyf263 knqyf263 added this pull request to the merge queue Sep 11, 2024
Merged via the queue into aquasecurity:main with commit 7ff9aff Sep 11, 2024
12 checks passed
@knqyf263
Copy link
Collaborator

@DmitriyLewen Do you think we want to backport this fix? I'm not sure this is a critical issue because this problem happens only when --show-suppressed is passed.

@DmitriyLewen DmitriyLewen deleted the fix/marshal-modified-finding branch September 11, 2024 06:53
@DmitriyLewen
Copy link
Contributor Author

hmm... I'm not sure about that
To reproduce this bug you need to use json with ExperimentalModifiedFindings into convert mode.

This is really quite rare case
We can just wait for feedback from users.
if many people encounter this - we will release a patch

@aqua-bot aqua-bot mentioned this pull request Sep 11, 2024
Merged
@DmitriyLewen
Copy link
Contributor Author

@aqua-bot backport release/v0.55

github-actions bot pushed a commit that referenced this pull request Sep 12, 2024
@DmitriyLewen @knqyf263 @actions-user
fix(report): fix error with unmarshal of `ExperimentalModifiedFinding…
954e0c4 
…s` (#7463)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
@aqua-bot aqua-bot mentioned this pull request Sep 12, 2024
Merged
@aqua-bot
Copy link
Contributor

Backport PR created: #7492

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@DmitriyLewen DmitriyLewen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(convert): unable to decode ModifiedFinding.Results.ExperimentalModifiedFindings.Finding field
3 participants
@DmitriyLewen @knqyf263 @aqua-bot