Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Line numbers don't match files when Codyze CLI is executed with a folder (-s parameter) #123

Open
agigleux opened this issue Nov 30, 2020 · 2 comments
Open

Line numbers don't match files when Codyze CLI is executed with a folder (-s parameter) #123

agigleux opened this issue Nov 30, 2020 · 2 comments
Assignees
@fwendland

Comments

@agigleux
Copy link

Hello,

I extracted the test cases corresponding to JCA in this repo so it's easier for me to test and load the results into SonarQube/SonarCloud:

When I run Codyze with this command line I'm getting results for AESCBC.java (findings-AESCBC.json.txt)
~/Softwares/codyze-1.4.1/bin/codyze -c -s=src/main/java/jca/AESCBC.java -m=/home/alex/Softwares/codyze-1.4.1/mark/bouncycastle/ --no-good-findings

When I run this command line looking at all the Java files under the directory src/main/java/jca/, I'm getting different results for AESCBC.java (findings-all.json.txt).

~/Softwares/codyze-1.4.1/bin/codyze -c -s=src/main/java/jca/ -m=/home/alex/Softwares/codyze-1.4.1/mark/bouncycastle/ --no-good-findings

I'm getting 21 problems when I target only AESCBC.java, while I'm getting only 13 problems for AESCBC.java when I target the entire folder.

I would expect to see the same quantity of problems because the files under the directory src/main/java/jca/ have no relationship.

The second problem is the inconsistency of the line numbers when targeting a folder.
For example, there is a problem raised on AESGMAC.java on line 17 (so 18 for real), while there is not 66 characters on this line but only 44:

  "locations": [
    {
      "region": {
        "endLine": 17,
        "endColumn": 66,
        "startColumn": 9,
        "startLine": 17
      },
      "artifactLocation": {"uri": "file:/home/alex/Repos/Java_Validation/codyze-java-testcases/src/main/java/jca/AESGMAC.java"}
    },

image
@agigleux agigleux changed the title Line numbers don't match files when Codyze CLI is executed with a folder (s parameter) Line numbers don't match files when Codyze CLI is executed with a folder (-s parameter) Nov 30, 2020
@oxisto
Copy link
Member

oxisto commented Nov 30, 2020

Hi! Thanks for reporting this. This is indeed a very strange bug reg. scanning file vs. folder

The line number inconsistency looks to be the the same as #106. My guess that this arises out of the fact that we use both SARIF and lsp code regions / locations in codyze and the underlying code property graph library. I guess that converting between those two goes wrong at some point and the line width of the wrong line is used (which I guess in 66 in case of line 17).

@fwendland fwendland self-assigned this Jan 13, 2021
@fwendland fwendland added this to the 2.0.0 milestone Jan 13, 2021
fwendland added a commit that referenced this issue Jan 14, 2021
@fwendland
Added full folder JCA test case
8132d2f 
Combined tests for individual resources into one test to investigate #123.
@fwendland fwendland mentioned this issue Jan 14, 2021
Closed
@fwendland
Copy link
Collaborator

Hi @agigleux,

Thank you for the issue. I have verified that the analysis produces different results when scanning a single file vs. scanning a folder. With the given files and don't see a reason for this behavior and the findings should in fact be very similar.

My hope is that I find the problem with the lines/columns on the way as well.

I need to investigate further. For now, I've created a WIP PR (#137) to track the progress.

@fwendland fwendland removed this from the 2.x.y milestone Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fwendland fwendland

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@agigleux @fwendland @oxisto