GithubHelp home page GithubHelp logo

Comments (8)

dlukeomalley avatar dlukeomalley commented on July 30, 2024

@jack-om Thank you for filing this issue. Tagging @brendongo who is working on Semgrep Action errors and improvements.

from semgrep-action.

brendongo avatar brendongo commented on July 30, 2024

Hi @jack-om are you running the semgrep action in a way different from the default instructions?

no valid configuration file found (0 configs were invalid) makes me think something weird is going on with file permissions maybe?

from semgrep-action.

brendongo avatar brendongo commented on July 30, 2024

If you can rerun with the environment variable SEMGREP_AGENT_DEBUGset to 1 the debug output might help us get to the bottom of this.

from semgrep-action.

jack-om avatar jack-om commented on July 30, 2024

Hi @brendongo, the semgrep.yml action is the default from the instructions. Here are the contents:

.github/workflows/semgrep.yml

name: Semgrep
on: [pull_request]
jobs:
  semgrep:
    name: Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: returntocorp/semgrep-action@v1
        env: # Optional environment variable for inline PR comments (beta)
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SEMGREP_AGENT_DEBUG: 1
        with:
          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
          publishDeployment: 203

Current output

Here are the results, after adding SEMGREP_AGENT_DEBUG: 1 to the action, which didn't look too different from the output without the debug flag. The command shows -e SEMGREP_AGENT_DEBUG being passed, so I'm not sure why output isn't more verbose.

Run returntocorp/semgrep-action@v1
  with:
    publishToken: ***
    publishDeployment: 203
  env:
    GITHUB_TOKEN: ***
    SEMGREP_AGENT_DEBUG: 1
/usr/bin/docker run --name returntocorpsemgrepactionv1_7910d9 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e SEMGREP_AGENT_DEBUG -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions          - semgrep 0.33.0 on Python 3.7.9
| environment       - running in environment github-actions, triggering event is 'pull_request'
| manage            - logged in as deployment #203
=== setting up agent configuration
| policy            - using Getting Started
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 4 changed paths
| found 4 files in the paths to be scanned
=== looking for current issues in 4 files

=== failed command's STDOUT:

{"results": [], "errors": [{"type": "SemgrepError", "code": 7, "message": "no valid configuration file found (0 configs were invalid)"}]}


=== failed command's STDERR:



Error: ROR] `/root/.local/bin/semgrep --skip-unknown-extensions --disable-nosem --json --no-rewrite-rule-ids --config /tmp/tmpymrxdwt4.yml more_fail.py other_feature.py .github/workflows/semgrep.yml should_fail.py` failed with exit code 7

This is an internal error, please file an issue at https://github.com/returntocorp/semgrep-action/issues/new/choose
and include any log output from above.

Previous output

The strange thing is that I didn't modify the action file between the last time it worked (Friday), and now. Here is expected output, using the same action file during an execution on Friday.

Run returntocorp/semgrep-action@v1
  with:
    publishToken: ***
    publishDeployment: 203
  env:
    GITHUB_TOKEN: ***
/usr/bin/docker run --name returntocorpsemgrepactionv1_504a66 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions          - semgrep 0.32.0 on Python 3.7.9
| environment       - running in environment github-actions, triggering event is 'pull_request'
| policy            - using Getting Started
| manage            - logged in as deployment #203
=== setting up agent configuration
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 3 changed paths
| found 3 files in the paths to be scanned
=== looking for current issues in 3 files
| 13 current issues found
| No ignored issues found
=== looking for pre-existing issues in 1 file
| 12 pre-existing issues found
python.lang.correctness.useless-eqeq.useless-eqeq
     > should_fail.py:1
     ╷
    1│   5 == 5
     ╵
     = This is always True: `5 == 5` or `5 != 5`. If testing for floating point
       NaN, use `math.isnan(5)`, or `cmath.isnan(5)` if the number is complex.

=== exiting with failing status

The only real difference that I see is:

  • Before: | versions - semgrep 0.32.0 on Python 3.7.9
  • After: | versions - semgrep 0.33.0 on Python 3.7.9

from semgrep-action.

brendongo avatar brendongo commented on July 30, 2024

@jack-om any chance you can join the community slack: https://r2c.dev/slack I think we have an idea of what's happening

from semgrep-action.

nbrahms avatar nbrahms commented on July 30, 2024

Confirmed that this happens if all items in a policy have both "notify" and "block" disabled. Fix should be to prevent or warn on this type of configuration.

from semgrep-action.

brendongo avatar brendongo commented on July 30, 2024

Going to add a check with https://github.com/returntocorp/semgrep-action/pull/133 that has a helpful message while we don't have the guarantee that rules from server will be non-empty.

from semgrep-action.

dlukeomalley avatar dlukeomalley commented on July 30, 2024

@brendongo Is this issue resolved with your pre-2021 work?

from semgrep-action.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.