Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebApp Reporter: Rule violations without pkg breaks the report #9880

Closed
MarcelBochtler opened this issue Jan 31, 2025 · 1 comment
Closed

WebApp Reporter: Rule violations without pkg breaks the report #9880

MarcelBochtler opened this issue Jan 31, 2025 · 1 comment
Assignees
@tsteenbe
Labels
bug Issues that are considered to be bugs reporter About the reporter tool

Comments

@MarcelBochtler
Copy link
Member

Describe the bug

Having a rule which creates a violation without specifying an affected package is allowed by the Evaluator's RuleViolation:

ort/model/src/main/kotlin/RuleViolation.kt

Lines 24 to 33 in cc6f09d

data class RuleViolation(
/**
* The identifier of the rule that found this violation.
*/
val rule: String,
/**
* The identifier of the package that caused this rule violation.
*/
val pkg: Identifier?,

Since the WebApp report rewrite in #9804, the webapp report can no longer be rendered if it contains such a rule violation.

I tested this in the latest Firefox and the latest Chrome versions.

To Reproduce

Steps to reproduce the behavior:

  1. Add a rule without a package:
ruleViolations += RuleViolation(
    "Rule without pkg",
    pkg = null,
    license = null,
    licenseSource = null,
    severity = Severity.HINT,
    message = "This is a violation without a package",
    howToFix = "This is a how to fix message"
)
  1. run the evaluator using this rule, and the webapp reporter.
  2. Open the WebApp report and see that it will only show a white screen.

Alternatively, run the webapp report on this ort-result.yml

ort report -i ort-result.yml -o ort/  -f WebApp
ort-result.yml 
---
repository:
vcs:
  type: "Git"
  url: "https://github.com/MarcelBochtler/maven-simple.git"
  revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
  path: ""
vcs_processed:
  type: "Git"
  url: "https://github.com/MarcelBochtler/maven-simple.git"
  revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
  path: ""
config:
  license_choices:
    package_license_choices:
    - package_id: "Maven:net.java.dev.jna:jna:5.12.1"
      license_choices:
      - given: null
        choice: "Apache-2.0"
analyzer:
start_time: "2024-09-19T08:27:24Z"
end_time: "2024-09-19T08:27:31Z"
environment:
  ort_version: "29.1.0"
  build_jdk: "11.0.24+8"
  java_version: "17.0.12"
  os: "Linux"
  processors: 16
  max_memory: 12884901888
  variables:
    HOME: "/home/ort"
    TERM: "xterm"
    http_proxy: "http://10.143.0.177:8080/"
    https_proxy: "http://10.143.0.177:8080/"
    JAVA_HOME: "/opt/java/openjdk"
    ANDROID_HOME: "/opt/android-sdk"
  tool_versions: {}
config:
  allow_dynamic_versions: true
  enabled_package_managers:
  - "Bazel"
  - "Bundler"
  - "Cargo"
  - "Composer"
  - "GoMod"
  - "GradleInspector"
  - "Maven"
  - "NPM"
  - "NuGet"
  - "PIP"
  - "Pipenv"
  - "PNPM"
  - "Poetry"
  - "Yarn"
  - "Yarn2"
  - "Unmanaged"
  package_managers:
    NPM:
      options:
        legacyPeerDeps: "true"
    Yarn2:
      options:
        corepackOverride: "true"
  skip_excluded: false
result:
  projects:
  - id: "Maven:com.bosch.example:maven-simple:1.0"
    definition_file_path: "pom.xml"
    declared_licenses: []
    declared_licenses_processed: {}
    vcs:
      type: "Git"
      url: "https://github.com/MarcelBochtler/maven-simple.git"
      revision: ""
      path: ""
    vcs_processed:
      type: "Git"
      url: "https://github.com/MarcelBochtler/maven-simple.git"
      revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
      path: ""
    homepage_url: "http://www.example.com"
    scope_names:
    - "compile"
  packages:
  - id: "Maven:me.xdrop:fuzzywuzzy:1.4.0"
    purl: "pkg:maven/me.xdrop/[email protected]"
    authors:
    - "Panayiotis P"
    declared_licenses:
    - "GPL 2"
    declared_licenses_processed:
      spdx_expression: "GPL-2.0-only"
      mapped:
        GPL 2: "GPL-2.0-only"
    description: "Fuzzy string searching implementation of the well-known fuzzywuzzy\
      \ algorithm in Java"
    homepage_url: "https://github.com/xdrop/fuzzywuzzy"
    binary_artifact:
      url: "https://repo.maven.apache.org/maven2/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0.jar"
      hash:
        value: "9ab5d0aa1c87892e7c4c53d74d1e008c1724cf1a"
        algorithm: "SHA-1"
    source_artifact:
      url: "https://repo.maven.apache.org/maven2/me/xdrop/fuzzywuzzy/1.4.0/fuzzywuzzy-1.4.0-sources.jar"
      hash:
        value: "c59c0c138c0d7481511f060d008521e977765707"
        algorithm: "SHA-1"
    vcs:
      type: "Git"
      url: "git://github.com/fuzzywuzzy/fuzzywuzzy.git"
      revision: ""
      path: ""
    vcs_processed:
      type: "Git"
      url: "https://github.com/fuzzywuzzy/fuzzywuzzy.git"
      revision: ""
      path: ""
  dependency_graphs:
    Maven:
      packages:
      - "Maven:me.xdrop:fuzzywuzzy:1.4.0"
      scopes:
        com.bosch.example:maven-simple:1.0:compile:
        - root: 0
      nodes:
      - {}
      edges: []
scanner:
start_time: "2024-09-19T08:27:49Z"
end_time: "2024-09-19T08:27:50Z"
environment:
  ort_version: "29.1.0"
  build_jdk: "11.0.24+8"
  java_version: "17.0.12"
  os: "Linux"
  processors: 16
  max_memory: 12884901888
  variables:
    HOME: "/home/ort"
    TERM: "xterm"
    http_proxy: "http://10.143.0.177:8080/"
    https_proxy: "http://10.143.0.177:8080/"
    JAVA_HOME: "/opt/java/openjdk"
  tool_versions:
    ScanCode: "32.2.1"
config:
  skip_concluded: true
  skip_excluded: false
  config:
    ScanCode:
      options:
        maxVersion: "33.0.0"
        minVersion: "31.0.0"
        commandLine: "--copyright --license --info --strip-root --timeout 300 --max-in-memory\
          \ 5000"
        commandLineNonConfig: "--processes 4"
        parseLicenseExpressions: "true"
  ignore_patterns:
  - "**/*.ort.yml"
  - "**/*.spdx.yml"
  - "**/*.spdx.yaml"
  - "**/*.spdx.json"
  - "**/META-INF/DEPENDENCIES"
  - "**/META-INF/DEPENDENCIES.txt"
  - "**/META-INF/NOTICE"
  - "**/META-INF/NOTICE.txt"
provenances:
- id: "Maven:com.bosch.example:maven-simple:1.0"
  package_provenance:
    vcs_info:
      type: "Git"
      url: "https://github.com/MarcelBochtler/maven-simple.git"
      revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
      path: ""
    resolved_revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
scan_results:
- provenance:
    vcs_info:
      type: "Git"
      url: "https://github.com/MarcelBochtler/maven-simple.git"
      revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
      path: ""
    resolved_revision: "bea7870f64ba07e58aef59f7d010ce722024f0b0"
  scanner:
    name: "ScanCode"
    version: "32.0.8"
    configuration: "--copyright --license --info --strip-root --timeout 300 --max-in-memory\
      \ 5000 --json-pp"
  summary:
    start_time: "2024-05-27T09:36:29Z"
    end_time: "2024-05-27T09:36:35Z"
    licenses:
    - license: "Apache-2.0"
      location:
        path: ".ort.yml"
        start_line: 5
        end_line: 5
      score: 100.0
    - license: "BSD-3-Clause"
      location:
        path: "src/main/java/com/bosch/example/App.java"
        start_line: 4
        end_line: 4
      score: 100.0
scanners:
  Maven:com.bosch.example:maven-simple:1.0:
  - "ScanCode"
files: []
advisor:
start_time: "2024-09-19T08:27:46Z"
end_time: "2024-09-19T08:27:46Z"
environment:
  ort_version: "29.1.0"
  build_jdk: "11.0.24+8"
  java_version: "17.0.12"
  os: "Linux"
  processors: 16
  max_memory: 1610612736
  variables:
    TERM: "xterm"
    HOME: "/"
  tool_versions: {}
config:
  skip_excluded: false
  config:
    VulnerableCode:
      options:
        serverUrl: "http://vulnerablecode.prod.svc.cluster.local:8000"
results: {}
evaluator:
start_time: "2024-09-19T08:28:16Z"
end_time: "2024-09-19T08:28:30Z"
violations:
- rule: "Rule without pkg"
  pkg: null
  license: null
  license_source: null
  severity: "HINT"
  message: "Violation without a package"
  how_to_fix: "This is a how to fix message"
resolved_configuration:
package_configurations: []
package_curations:
- provider:
    id: "RepositoryConfiguration"
  curations: []
- provider:
    id: "ocaasPackageCurationProvider"
  curations:
  - id: "Maven:me.xdrop:fuzzywuzzy:1.4.0"
    curations:
      comment: "This is a comment"
      concluded_license: "GPL-2.0-only"
- provider:
    id: "OrtConfig"
  curations: []
resolutions: {}
labels:
transport.kubernetes.javaVersion: ""
applicationCategory: "BT05 Client application"
projectVcsRevision: "main"
ruleSet: "default"
organizationName: "OCaaS Legacy"
notifyOnSuccess: "true"
projectVcsPath: ""
productName: "Marcel Test Product"
projectName: "Marcel Test Project"
runId: "0"

Changing the pkg: null to pkg: asdf in line 235 fixes the issue.

Expected behavior

The WebApp reporter should allow null values for nullable properties of the RuleViolation.
@MarcelBochtler MarcelBochtler added bug Issues that are considered to be bugs to triage Issues that need triaging reporter About the reporter tool labels Jan 31, 2025
@sschuberth sschuberth removed the to triage Issues that need triaging label Jan 31, 2025
@tsteenbe tsteenbe self-assigned this Feb 1, 2025
tsteenbe added a commit that referenced this issue Feb 1, 2025
@tsteenbe
fix(web-app-template): Fix webAppRuleViolation.package.id typeError
20abb21 
Evaluator allows policy rule violations without a package see [1],
however this case was not supported in the data mapping from
`WebAppRuleViolation` to Ant Design table row data.

Fixes #9880.

[1]: https://github.com/oss-review-toolkit/ort/blob/cc6f09d/model/src/main/kotlin/RuleViolation.kt#L33

Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe
Copy link
Member

tsteenbe commented Feb 1, 2025

@MarcelBochtler Have code that handles this case but forgot to add this to a data mapping that was introduced in #9804 - added small commit to #9868 which fixes this issue.

tsteenbe added a commit that referenced this issue Feb 2, 2025
@tsteenbe
fix(web-app-template): Fix webAppRuleViolation.package.id typeError
dbc833a 
Evaluator allows policy rule violations without a package see [1],
however this case was not supported in the data mapping from
`WebAppRuleViolation` to Ant Design table row data.

Fixes #9880.

[1]: https://github.com/oss-review-toolkit/ort/blob/cc6f09d/model/src/main/kotlin/RuleViolation.kt#L33

Signed-off-by: Thomas Steenbergen <[email protected]>
tsteenbe added a commit that referenced this issue Feb 6, 2025
@tsteenbe
fix(web-app-template): Fix webAppRuleViolation.package.id typeError
618ab4c 
Evaluator allows policy rule violations without a package see [1],
however this case was not supported in the data mapping from
`WebAppRuleViolation` to Ant Design table row data.

Fixes #9880.

[1]: https://github.com/oss-review-toolkit/ort/blob/cc6f09d/model/src/main/kotlin/RuleViolation.kt#L33

Signed-off-by: Thomas Steenbergen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsteenbe tsteenbe

Labels
bug Issues that are considered to be bugs reporter About the reporter tool
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sschuberth @tsteenbe @MarcelBochtler