Java exception thrown in this action once scan completes and results are downloaded to the runner.

[nwsolv]

I am getting this error when trying to run the action. the project and scans are good. Everything works until the very end.
Using the latest cxflow and action.

2024-10-23 19:13:08.103 INFO 7 --- [ main] c.c.s.s.CxService [0PGjRj0y] : Report downloaded for report Id 200277
2024-10-23 19:13:08.162 ERROR 7 --- [ main] c.c.f.CxFlowRunner [0PGjRj0y] : An error occurred while processing request in commandLineRunner

java.lang.ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0
at com.checkmarx.sdk.service.CxService.buildIssue(CxService.java:1052)
at com.checkmarx.sdk.service.CxService.getIssues(CxService.java:1004)
at com.checkmarx.sdk.service.CxService.getReportContent(CxService.java:630)
at com.checkmarx.sdk.service.CxService.getReportContentByScanId(CxService.java:539)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.getScanResults(AbstractVulnerabilityScanner.java:162)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanRemoteRepo(AbstractVulnerabilityScanner.java:439)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanCli(AbstractVulnerabilityScanner.java:236)
at com.checkmarx.flow.CxFlowRunner.lambda$scanCommon$3(CxFlowRunner.java:707)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
at com.checkmarx.flow.CxFlowRunner.runOnActiveScanners(CxFlowRunner.java:811)
at com.checkmarx.flow.CxFlowRunner.scanCommon(CxFlowRunner.java:707)
at com.checkmarx.flow.CxFlowRunner.scanCommon(CxFlowRunner.java:675)
at com.checkmarx.flow.CxFlowRunner.scanRemoteRepo(CxFlowRunner.java:660)
at com.checkmarx.flow.CxFlowRunner.commandLineRunner(CxFlowRunner.java:509)
at com.checkmarx.flow.CxFlowRunner.run(CxFlowRunner.java:96)
at org.springframework.boot.SpringApplication.lambda$callRunner$4(SpringApplication.java:786)
at org.springframework.util.function.ThrowingConsumer$1.acceptWithException(ThrowingConsumer.java:83)
at org.springframework.util.function.ThrowingConsumer.accept(ThrowingConsumer.java:60)
at org.springframework.util.function.ThrowingConsumer$1.accept(ThrowingConsumer.java:88)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:798)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786)
at org.springframework.boot.SpringApplication.lambda$callRunners$3(SpringApplication.java:774)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:774)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:342)
at com.checkmarx.flow.CxFlowApplication.main(CxFlowApplication.java:22)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102)
at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64)
at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40)

2024-10-23 19:13:08.166 INFO 7 --- [ main] c.c.f.CxFlowRunner [0PGjRj0y] : Finished with exit code: 10

[gvocstr]

Getting the same error, it only happens when the bug tracker is set to Sarif.

[nwsolv]

When I set 'bug_tracker: None' the action completes without error.
If I put anything else like the same crash happens.

[itsKedar]

There seems to bug with checkmarx-ts/[email protected].
if using version 2.1 with bug_tracker will need to add few parameters to make it work.

Need to add GitHub input
scan_custom_field_key: "test"
scan_custom_field_value: "test"

in params add params: --checkmarx.settings-override=true
use below image for reference

This will make version 2.1 work.

Simple solution will be to use GitHub action version 2.0 (checkmarx-ts/[email protected]). It will not need any such configuration.

Will fix this bug in v2.2

Thanks