Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go test report with SonarQube format: Failed to parse unit test report line (file gosec-report.json): { #571

Closed
crunchtime-ali opened this issue Feb 10, 2021 · 9 comments · Fixed by #572
Closed

Go test report with SonarQube format: Failed to parse unit test report line (file gosec-report.json): { #571

crunchtime-ali opened this issue Feb 10, 2021 · 9 comments · Fixed by #572

Comments

@crunchtime-ali
Copy link

crunchtime-ali commented Feb 10, 2021
edited
Loading

Summary

I use gosec to create a report that can be submitted to SonarQube (8.5) with sonar-scanner.
As shown below in greater detail I get the following error when using -fmt=sonarqube:

ERROR: Failed to parse unit test report line (file /builds/test/gosec-report.json):
 {

You can also find the generated gosec-report.json file at the bottom of this issue.

Steps to reproduce the behavior

go get -u github.com/securego/gosec/v2/cmd/gosec
gosec -fmt=sonarqube -no-fail -out=/builds/test/gosec-report.json ./...
sonar-scanner \
  -Dsonar.exclusions=**/*_test.go \
  -Dsonar.projectKey="my-project" \
  -Dsonar.qualitygate.wait=true \
  -Dsonar.sources=. \
  -Dsonar.test.inclusions=**/*_test.go \
  -Dsonar.tests=. \
  -Dsonar.go.tests.reportPaths=/builds/test/gosec-report.json

gosec version: 2.6.1

Go version: 1.15.7

Operating system / Environment

Expected behavior

The test report is submitted to SonarQube.

Actual behavior

INFO: Sensor SonarGo [go]
INFO: 14 source files to be analyzed
INFO: Load project repositories
INFO: Load project repositories (done) | time=25ms
INFO: Sensor SonarGo [go] (done) | time=583ms
INFO: 14/14 source files have been analyzed
INFO: Sensor Go Unit Test Report [go]
ERROR: Failed to parse unit test report line (file /builds/test/gosec-report.json):
 {
INFO: Sensor Go Unit Test Report [go] (done) | time=3ms

gosec-report.json:

{
	"issues": [
		{
			"engineId": "gosec",
			"ruleId": "G402",
			"cwe": {
				"ID": "295",
				"URL": "https://cwe.mitre.org/data/definitions/295.html"
			},
			"primaryLocation": {
				"message": "TLS MinVersion too low.",
				"filePath": "main/clusterclient.go",
				"textRange": {
					"startLine": 23,
					"endLine": 27
				}
			},
			"type": "VULNERABILITY",
			"severity": "BLOCKER",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G304",
			"cwe": {
				"ID": "22",
				"URL": "https://cwe.mitre.org/data/definitions/22.html"
			},
			"primaryLocation": {
				"message": "Potential file inclusion via variable",
				"filePath": "yaml/topic.go",
				"textRange": {
					"startLine": 117,
					"endLine": 117
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G304",
			"cwe": {
				"ID": "22",
				"URL": "https://cwe.mitre.org/data/definitions/22.html"
			},
			"primaryLocation": {
				"message": "Potential file inclusion via variable",
				"filePath": "json/schema.go",
				"textRange": {
					"startLine": 111,
					"endLine": 111
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G304",
			"cwe": {
				"ID": "22",
				"URL": "https://cwe.mitre.org/data/definitions/22.html"
			},
			"primaryLocation": {
				"message": "Potential file inclusion via variable",
				"filePath": "json/schema.go",
				"textRange": {
					"startLine": 99,
					"endLine": 99
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G304",
			"cwe": {
				"ID": "22",
				"URL": "https://cwe.mitre.org/data/definitions/22.html"
			},
			"primaryLocation": {
				"message": "Potential file inclusion via variable",
				"filePath": "cmd/helper.go",
				"textRange": {
					"startLine": 55,
					"endLine": 55
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G304",
			"cwe": {
				"ID": "22",
				"URL": "https://cwe.mitre.org/data/definitions/22.html"
			},
			"primaryLocation": {
				"message": "Potential file inclusion via variable",
				"filePath": "cmd/helper.go",
				"textRange": {
					"startLine": 38,
					"endLine": 38
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G307",
			"cwe": {
				"ID": "703",
				"URL": "https://cwe.mitre.org/data/definitions/703.html"
			},
			"primaryLocation": {
				"message": "Deferring unsafe method \"Close\" on type \"*os.File\"",
				"filePath": "yaml/topic.go",
				"textRange": {
					"startLine": 121,
					"endLine": 121
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G307",
			"cwe": {
				"ID": "703",
				"URL": "https://cwe.mitre.org/data/definitions/703.html"
			},
			"primaryLocation": {
				"message": "Deferring unsafe method \"Close\" on type \"*os.File\"",
				"filePath": "json/schema.go",
				"textRange": {
					"startLine": 115,
					"endLine": 115
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		},
		{
			"engineId": "gosec",
			"ruleId": "G307",
			"cwe": {
				"ID": "703",
				"URL": "https://cwe.mitre.org/data/definitions/703.html"
			},
			"primaryLocation": {
				"message": "Deferring unsafe method \"Close\" on type \"*os.File\"",
				"filePath": "json/schema.go",
				"textRange": {
					"startLine": 103,
					"endLine": 103
				}
			},
			"type": "VULNERABILITY",
			"severity": "MAJOR",
			"effortMinutes": 5
		}
	]
}
@ccojocar
Copy link
Member

gosec generates the report using the generic issue import format: https://docs.sonarqube.org/latest/analysis/generic-issue/.

Can you try to use that format instead of sonar.go.tests? Please let me know if you still get the error. Thanks!

@ccojocar
Copy link
Member

I think you can use instead the golint formatter if you want to import the report as a sonar.go.tests.

@crunchtime-ali
Copy link
Author

@ccojocar golint (via sonar.go.golint.reportPaths=artifacts/test/gosec-report.json) seems to consume it successfully (see log output below) but I can't find the issues anywhere in the SonarQube dashboard:

INFO: Sensor Import of Golint issues [go]
INFO: GoLintReportSensor: Importing /builds/test/gosec-report.json
INFO: Sensor Import of Golint issues [go] (done) | time=1ms

image

@ccojocar
Copy link
Member

Good to hear this. Is this related to the report format or is due to something else in SonarQube? Did you also try the generic format?

@crunchtime-ali
Copy link
Author

@ccojocar It works beautifully though when using sonar.externalIssuesReportPaths=artifacts/test/gosec-report.json. Shall I add that via PR to this README?

image

@ccojocar
Copy link
Member

@crunchtime-ali yes please! Thanks

@ccojocar ccojocar mentioned this issue Feb 11, 2021
Merged
@ccojocar
Copy link
Member

I amended some details to the README file.

@crunchtime-ali
Copy link
Author

Thank you, @ccojocar. I didn't get around to it yet. You should probably replace parts of my specific URI in the property with a more generic one such as: path/to/gosec-report.json instead of artifacts/test/gosec-report.json

@ccojocar
Copy link
Member

Thanks for suggestion. I fixed the path: #573

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update README with a note which describes how to import a SonarQube report ccojocar/gosec
2 participants
@ccojocar @crunchtime-ali