Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected Behavior #650

Open
Keeggo-AppSec opened this issue Nov 29, 2024 · 5 comments
Open

Unexpected Behavior #650

Keeggo-AppSec opened this issue Nov 29, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@Keeggo-AppSec
Copy link

Keeggo-AppSec commented Nov 29, 2024
edited
Loading

Current Behavior

When Runing a Pipeline, for a Ionic App, excluding some files from translation Phase, with the command.

scancentral package --build-tool none -targs '-exclude '**/$(Build.Repository.Name)-config/**/*'' -targs '-exclude '**/$(Build.Repository.Name)-config.git/**/*'' -targs '-exclude '**/.classpath/**/*'' -targs '-exclude '**/.dockerignore/**/*'' -targs '-exclude '**/.git/**/*'' -targs '-exclude '**/.gitignore/**/*'' -targs '-exclude '**/.mvn/**/*'' -targs '-exclude '**/.project/**/*'' -targs '-exclude '**/.settings/**/*'' -targs '-exclude '**/.sourcemaps/**/*'' -targs '-exclude './configuration/**/*'' -targs '-exclude './deployments/**/*'' -targs '-exclude './git-update-digest-workdir/**/*'' -targs '-exclude './Libs/**/*'' -targs '-exclude '**/mvnw'' -targs '-exclude '**/mvnw.cmd'' -targs '-exclude '**/node_modules/**/*'' -targs '-exclude './platforms/**/*'' -targs '-exclude '**/plugins/**/*'' -targs '-exclude './setting/**/*'' -targs '-exclude './target/**/*'' -targs '-exclude './www/**/*'' --output $(Build.Repository.Name)-fortify.zip

When we invoke
fcli sc-sast scan start --package-file=$(Build.Repository.Name)-fortify.zip --sensor-version=24.2 --publish-to $SSC_APP --ssc-ci-token $FORTIFY_CI_TOKEN --store job:jobToken

We Get this error.

Could not invoke public void com.fortify.cli.sc_sast.scan.cli.mixin.SCSastScanStartPackageOptions.setPackageFile(java.io.File) with xpto-app-front-angular.zip (java.lang.IllegalStateException: Unable to determine .NET version (if applicable) from package file)

Expected Behavior

The Expected behavior is Sent the code to Scancentral SAST

Steps To Reproduce

No response

Environment

OS: RHEL 9
SSC: 24.2.0
fcli: 2.10.0

Anything else?

No response
@Keeggo-AppSec Keeggo-AppSec added the bug Something isn't working label Nov 29, 2024
@rsenden
Copy link
Contributor

rsenden commented Dec 4, 2024

Hi @Keeggo-AppSec , thanks for reporting this issue. Unfortunately, it seems like fcli doesn't output/log the root cause of this error; we'd need to release an fcli fix to get more details as to what's failing exactly. Can you double-check that you're passing the correct zip file to the fcli sc-sast scan start command?

In the meantime, any chance you can share the failing package zip-file with me directly (my GitHub user name at opentext.com), or alternatively share the list of files inside the failing package zip-file either here or by email? Is it a valid zip-file (verify with Windows Explorer/7-zip/...)? If so, does it contain any file for which the name starts with dotnet?

@Keeggo-AppSec
Copy link
Author

Keeggo-AppSec commented Dec 5, 2024
edited
Loading

Hi @rsenden ,
fcli sc-sast scan start Yes Its is correct zip file.

Here is the metadata file

{ "version": 2.0, "client-version": "24.2.0.0050", "build-tool": "none", "projects": [ { "root": "Src/tsgv-gerenciamento-vulnerabilidades-front-angular", "filesToScan": [ "Src" ], "source-dirs": [], "excluded-files": [], "sca-translation-args": [ "-exclude", "Src/tsgv-gerenciamento-vulnerabilidades-front-angular/platforms/**/*", "-exclude", "Src/tsgv-gerenciamento-vulnerabilidades-front-angular/**/plugins/**/*" ], "properties": { "java": { "classpath": [ { "type": "file", "path": "Libs/java/-291165706/fortify.jar" }, { "type": "file", "path": "Libs/java/742263362/com.google.zxing.client.android.captureactivity.jar" }, { "type": "file", "path": "Libs/java/-1553591757/gradle-wrapper.jar" }, { "type": "file", "path": "Libs/java/-19705164/com.google.zxing.client.android.captureactivity.jar" } ] } } } ] }

Here is a Screenshot of Contents of Zip
image

image

@rsenden
Copy link
Contributor

rsenden commented Dec 5, 2024

Hi @Keeggo-AppSec, thanks for the additional information. Unfortunately, I don't directly see what could be causing this issue. I've just started the release process for a new fcli version 2.10.1 that should output the root cause of this error; can you please try submitting the scan request with this new fcli version (once binaries have been published) and then share the complete stack trace? Thanks!

@rsenden
Copy link
Contributor

rsenden commented Dec 11, 2024

Hi @Keeggo-AppSec, any updates on this issue? Have you been able to produce the same error with latest fcli version, and if so, can you please share the complete stack trace? Thanks!

@Keeggo-AppSec
Copy link
Author

Hi @rsenden , I Will ask for our customer to update fcli binaries on his agent, to try again and see if error occurs, i will let you know. i think until friday i have any info to reply

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rsenden @Keeggo-AppSec