Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: couldn't parse expression: fromJson(...) #339

Closed
2 tasks done
nedbat opened this issue Dec 20, 2024 · 1 comment · Fixed by #340
Closed
2 tasks done

[BUG]: couldn't parse expression: fromJson(...) #339

nedbat opened this issue Dec 20, 2024 · 1 comment · Fixed by #340
Assignees
@woodruffw
Labels
bug Something isn't working triage Issue is being triaged

Comments

@nedbat
Copy link

nedbat commented Dec 20, 2024

Pre-submission checks

  • I am not filing a feature request. These should be filed via the feature request form instead.
  • I have looked through the open issues for a duplicate report.

Expected behavior

I ran zizmor on https://github.com/nedbat/coveragepy/blob/master/.github/workflows/publish.yml. Previous versions worked fine, but 0.10.0 produced a warning.

Actual behavior

2024-12-19T19:16:32.907128Z  WARN audit:audit{workflow=file:///Users/ned/coverage/trunk/.github/workflows/publish.yml}: zizmor::audit::template_injection: couldn't parse expression: fromJson(steps.runs.outputs.data).workflow_runs[0].id

Reproduction steps

Logs

% ~/.cargo/bin/zizmor --verbose coverage/trunk/.github/workflows/publish.yml
2024-12-20T12:10:22.028500Z DEBUG zizmor::state: using cache directory: "/Users/ned/.cache/zizmor"
2024-12-20T12:10:22.029274Z DEBUG zizmor::config: no config discovered; loading default
2024-12-20T12:10:22.029285Z DEBUG zizmor::config: loaded config: Config { rules: {} }
2024-12-20T12:10:22.036755Z  WARN audit:audit{workflow=file:///Users/ned/coverage/trunk/.github/workflows/publish.yml}: zizmor::audit::template_injection: couldn't parse expression: fromJson(steps.runs.outputs.data).workflow_runs[0].id
2024-12-20T12:10:22.046189Z  INFO audit: zizmor: 🌈 completed /Users/ned/coverage/trunk/.github/workflows/publish.yml
No findings to report. Good job!



### Additional context

_No response_
@nedbat nedbat added bug Something isn't working triage Issue is being triaged labels Dec 20, 2024
@woodruffw
Copy link
Owner

Thanks for the report @nedbat!

Previous versions worked fine, but 0.10.0 produced a warning.

I suspect that this is because of us improving how we surface warnings, not actually a change in the expression parser. But I'll look into this, since we should be parsing that correctly anyways!

@woodruffw woodruffw mentioned this issue Dec 20, 2024
Merged
@woodruffw woodruffw self-assigned this Dec 20, 2024
woodruffw added a commit that referenced this issue Dec 20, 2024
@woodruffw
tests: add a snapshot reproducer for #339
34b8bcf 
Signed-off-by: William Woodruff <william@yossarian.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@woodruffw woodruffw

Labels
bug Something isn't working triage Issue is being triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: handle context accesses following calls woodruffw/zizmor
2 participants
@nedbat @woodruffw