scan with --json option will report "Other syntax error at line NO FILE INFO YET" message when no rules matched
wllxyz opened this issue · comments
Describe the bug
When I scan a code dir without --json option, if no rules run, it ends with no error message.
like this:
$ semgrep scan --config semgrep-rules/generic/secrets ExampleResourceService
┌─────────────┐
│ Scan Status │
└─────────────┘
Scanning 1793 files (only git-tracked) with 223 Code rules:
CODE RULES
Scanning 2298 files with 222 rules.
SUPPLY CHAIN RULES
No rules to run.
PROGRESS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:06
While I scan a code dir WITH --json option, if no rules run, it ends with error message.
as follows:
$ semgrep scan --config semgrep-rules/generic/secrets --json ExampleResourceService
┌─────────────┐
│ Scan Status │
└─────────────┘
Scanning 1793 files (only git-tracked) with 223 Code rules:
CODE RULES
Scanning 2298 files with 222 rules.
SUPPLY CHAIN RULES
No rules to run.
PROGRESS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:07
{"errors": [{"code": 2, "level": "warn", "message": "Other syntax error at line NO FILE INFO YET:-1:\n Invalid_argument: index out of bounds", "path": "NO FILE INFO YET", "type": "Other syntax error"}], "paths": {"scanned": []}, "results": [], "skipped_rules": [], "version": "1.68.0"}
To Reproduce
I guess there is some thing wrong with --json format scan result report, when no rules matched to be run.
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
$ semgrep scan --config semgrep-rules/generic/secrets --json ExampleResourceService
┌─────────────┐
│ Scan Status │
└─────────────┘
Scanning 1793 files (only git-tracked) with 223 Code rules:
CODE RULES
Scanning 2298 files with 222 rules.
SUPPLY CHAIN RULES
No rules to run.
PROGRESS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:07
{"errors": [{"code": 2, "level": "warn", "message": "Other syntax error at line NO FILE INFO YET:-1:\n Invalid_argument: index out of bounds", "path": "NO FILE INFO YET", "type": "Other syntax error"}], "paths": {"scanned": []}, "results": [], "skipped_rules": [], "version": "1.68.0"}
$
$
$ semgrep scan --config semgrep-rules/generic/secrets ExampleResourceService
┌─────────────┐
│ Scan Status │
└─────────────┘
Scanning 1793 files (only git-tracked) with 223 Code rules:
CODE RULES
Scanning 2298 files with 222 rules.
SUPPLY CHAIN RULES
No rules to run.
PROGRESS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:06
What is the priority of the bug to you?
- P0: blocking your adoption of Semgrep or workflow
- P1: important to fix or quite annoying
- [* ] P2: regular bug that should get fixed
Environment
If not using semgrep.dev: are you running off docker, an official binary, a local build?
Use case
What will fixing this bug enable for you?
Environment: unbuntu semgrep 1.55.0 and 1.86.0 version