Comments (8)
dlukeomalley
commented on July 30, 2024
@jack-om Thank you for filing this issue. Tagging @brendongo who is working on Semgrep Action errors and improvements.
from semgrep-action.
brendongo
commented on July 30, 2024
Hi @jack-om are you running the semgrep action in a way different from the default instructions?
no valid configuration file found (0 configs were invalid) makes me think something weird is going on with file permissions maybe?
from semgrep-action.
brendongo
commented on July 30, 2024
If you can rerun with the environment variable SEMGREP_AGENT_DEBUGset to 1 the debug output might help us get to the bottom of this.
from semgrep-action.
jack-om
commented on July 30, 2024
Hi @brendongo, the semgrep.yml action is the default from the instructions. Here are the contents:
.github/workflows/semgrep.yml
name: Semgrep
on: [pull_request]
jobs:
semgrep:
name: Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: returntocorp/semgrep-action@v1
env: # Optional environment variable for inline PR comments (beta)
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SEMGREP_AGENT_DEBUG: 1
with:
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
publishDeployment: 203
Current output
Here are the results, after adding SEMGREP_AGENT_DEBUG: 1 to the action, which didn't look too different from the output without the debug flag. The command shows -e SEMGREP_AGENT_DEBUG being passed, so I'm not sure why output isn't more verbose.
Run returntocorp/semgrep-action@v1
with:
publishToken: ***
publishDeployment: 203
env:
GITHUB_TOKEN: ***
SEMGREP_AGENT_DEBUG: 1
/usr/bin/docker run --name returntocorpsemgrepactionv1_7910d9 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e SEMGREP_AGENT_DEBUG -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions - semgrep 0.33.0 on Python 3.7.9
| environment - running in environment github-actions, triggering event is 'pull_request'
| manage - logged in as deployment #203
=== setting up agent configuration
| policy - using Getting Started
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 4 changed paths
| found 4 files in the paths to be scanned
=== looking for current issues in 4 files
=== failed command's STDOUT:
{"results": [], "errors": [{"type": "SemgrepError", "code": 7, "message": "no valid configuration file found (0 configs were invalid)"}]}
=== failed command's STDERR:
Error: ROR] `/root/.local/bin/semgrep --skip-unknown-extensions --disable-nosem --json --no-rewrite-rule-ids --config /tmp/tmpymrxdwt4.yml more_fail.py other_feature.py .github/workflows/semgrep.yml should_fail.py` failed with exit code 7
This is an internal error, please file an issue at https://github.com/returntocorp/semgrep-action/issues/new/choose
and include any log output from above.
Previous output
The strange thing is that I didn't modify the action file between the last time it worked (Friday), and now. Here is expected output, using the same action file during an execution on Friday.
Run returntocorp/semgrep-action@v1
with:
publishToken: ***
publishDeployment: 203
env:
GITHUB_TOKEN: ***
/usr/bin/docker run --name returntocorpsemgrepactionv1_504a66 --label 179394 --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_PUBLISHTOKEN -e INPUT_PUBLISHDEPLOYMENT -e INPUT_CONFIG -e INPUT_GENERATESARIF -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/semgrep-test-repo/semgrep-test-repo":"/github/workspace" returntocorp/semgrep-action:v1
=== detecting environment
| versions - semgrep 0.32.0 on Python 3.7.9
| environment - running in environment github-actions, triggering event is 'pull_request'
| policy - using Getting Started
| manage - logged in as deployment #203
=== setting up agent configuration
| using semgrep rules configured on the web UI
| using default path ignore rules of common test and dependency directories
| looking at 3 changed paths
| found 3 files in the paths to be scanned
=== looking for current issues in 3 files
| 13 current issues found
| No ignored issues found
=== looking for pre-existing issues in 1 file
| 12 pre-existing issues found
python.lang.correctness.useless-eqeq.useless-eqeq
> should_fail.py:1
╷
1│ 5 == 5
╵
= This is always True: `5 == 5` or `5 != 5`. If testing for floating point
NaN, use `math.isnan(5)`, or `cmath.isnan(5)` if the number is complex.
=== exiting with failing status
The only real difference that I see is:
- Before:
| versions - semgrep 0.32.0 on Python 3.7.9 - After:
| versions - semgrep 0.33.0 on Python 3.7.9
from semgrep-action.
brendongo
commented on July 30, 2024
@jack-om any chance you can join the community slack: https://r2c.dev/slack I think we have an idea of what's happening
from semgrep-action.
nbrahms
commented on July 30, 2024
Confirmed that this happens if all items in a policy have both "notify" and "block" disabled. Fix should be to prevent or warn on this type of configuration.
from semgrep-action.
brendongo
commented on July 30, 2024
Going to add a check with https://github.com/returntocorp/semgrep-action/pull/133 that has a helpful message while we don't have the guarantee that rules from server will be non-empty.
from semgrep-action.
dlukeomalley
commented on July 30, 2024
@brendongo Is this issue resolved with your pre-2021 work?
from semgrep-action.
Related Issues (20)
- Failed with exit code 7 when running semgrep_app_rules.yaml with Type Script. HOT 5
- Unexpected input(s) 'publishDeployment', valid inputs are ['entryPoint', 'args', 'config', 'publishToken', 'generateSarif', 'auditOn'] HOT 1
- Semgrep Action failed with exit code 2 when no issues are found HOT 7
- Relative paths not working HOT 3
- UnknownLanguageError - This is an internal error, please file an issue HOT 1
- Output as json file? HOT 3
- Cannot run `semgrep ci` while logged in and with explicit config. Use semgrep.dev to configure rules to run. HOT 4
- semgrep --debug options makes the scan --strict and fail the whole scan HOT 7
- Python pip dependency conflict with semgrep version 0.86.0 and 0.87.0 HOT 6
- Passing verbose flag to semgrep-action HOT 3
- Semgrep-action no longer works with multiple configs HOT 1
- 0.89 fails with git error on CI HOT 7
- Warning: Unexpected input(s) 'generateSarif', valid inputs are ['entryPoint', 'args', 'config', 'publishToken'] HOT 10
- SARIF Error: instance additionalProperty "fixes" exists in instance when not allowed HOT 6
- 0.98.0 fails with git error on GHA HOT 1
- Semgrep command failing with exit code 7 internal error HOT 1
- Add exclude option in the Semgrep action yml file HOT 2
- semgrep-action@v1 fails with false success status when semgrep token is missing
- Add versioning for Semgrep rules as well
- Semgrep actions is full deprecated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from semgrep-action.