Giters

checkmarx-ts / checkmarx-github-action

Checkmarx Scan Github Action

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

action fail on a technical error [ when creation github issue ]

GregoireW opened this issue · comments

commented

When I try to run this step in one of my self hosted runner

      - name: Checkmarx Action
        uses: checkmarx-ts/checkmarx-github-action@v1.0.3
        with:
          cxServer: https://my.checkmarx
          cxUsername: myUser
          cxPassword: ${{ secrets.CX_PASS }}
          cxTeam: /CxServer/SP/Company/Users 
          cxGithubIssues: true
          cxGithubToken: ${{ secrets.GITHUB_TOKEN }}
          cxGithubLabels: bug
          cxProject: checkmarx-test
          cxIncremental: true
          cxVersion: "9.0"

The scan is ok, but there is an error at the end which is a little bit troubling.

[2021-02-24 17:21:37,070 INFO ] SAST scan finished. Retrieving scan results
[2021-02-24 17:21:37,087 INFO ] Creating report file at: /home/runner/actions-runner/_work/my-app/my-app/report.xml
[2021-02-24 17:21:39,236 INFO ] ----------------------------Checkmarx Scan Results(CxSAST):-------------------------------
[2021-02-24 17:21:39,236 INFO ] 
 [2021-02-24 17:21:39,236 INFO ] SAST vulnerabilities Summary:
 [2021-02-24 17:21:39,236 INFO ] ------------------------ 
 [2021-02-24 17:21:39,236 INFO ] SAST high severity results: 0
 [2021-02-24 17:21:39,237 INFO ] SAST medium severity results: 1
 [2021-02-24 17:21:39,237 INFO ] SAST low severity results: 32
 [2021-02-24 17:21:39,237 INFO ] 
 [2021-02-24 17:21:39,237 INFO ] -----------------------------------------------------------------------------------------
 [2021-02-24 17:21:39,237 INFO ] CxConsole session finished
 [2021-02-24 17:21:39,237 INFO ] Job completed successfully - exit code 0
cxGithubIssues : true
cxGithubMilestone was not provided
Getting Octokit...
No cxReportXML input provided. It will be used the default one: /home/runner/actions-runner/_work/my-app/my-app/report.xml
Error: Cannot read property 'length' of undefined

Did I miss one parameter somewhere?

commented

@GregoireW can you please check what happens if you change the following:
uses: checkmarx-ts/checkmarx-github-action@v1.0.3 -> uses: checkmarx-ts/checkmarx-github-action@v1.0.4
cxVersion: "9.0" -> cxVersion: "2021.1.1"

I believe this is caused because you don't have any issue created in your repository, which was fixed on this commit: 8d28f7e

commented

I got the same issue with 2021.1.1 and action 1.0.4

commented

@miguelfreitas93 I get the report file and debug the report part of the code.

The error is here:

checkmarx-github-action/src/report/sastreport.js

Line 78 in ac69eb4

queryCategories: queryAttrs.categories.length > 0 ? queryAttrs.categories.replace(/;/g, ",").split(",") : [],

My report contains an issue that do not contains categories, so issue generation fail. here the query part in the report file

<Query id="6429" cweId="352" name="Spring_XSRF" group="Java_Spring" Severity="Medium" Language="Java" SeverityIndex="2" QueryPath="Java\Cx\Java Spring\Spring XSRF Version:1" QueryVersionCode="134990666">
commented

@GregoireW please try:
uses: checkmarx-ts/checkmarx-github-action@v1.0.4 -> uses: checkmarx-ts/checkmarx-github-action@master

and let me know if that works

commented

@miguelfreitas93 This is now fixed. Thank you