codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

`startColumn must be greater than or equal to 1` message should report offset for error

Open jsoref opened this issue 2 years ago • 2 comments

This run generated a not particularly helpful message: https://github.com/check-spelling/gnu-gnulib/actions/runs/5151289440/jobs/9276309000#step:2:15096


Uploading results
  Processing sarif files: ["/tmp/tmp.Ba0HZNhBK7.sarif.json"]
Error details: instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn must be greater than or equal to 1
  {
    "path": [
      "runs",
      0,
      "results",
      0,
      "locations",
      0,
      "physicalLocation",
      "region",
      "startColumn"
    ],
    "property": "instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn",
    "message": "must be greater than or equal to 1",
    "schema": {
      "description": "The column number of the first character in the region.",
      "type": "integer",
      "minimum": 1
    },
    "instance": 0,
    "name": "minimum",
    "argument": 1,
    "stack": "instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn must be greater than or equal to 1"
  }
Error details: instance.runs[0].results[0].locations[0].physicalLocation.region.endColumn must be greater than or equal to 1
  {
    "path": [
      "runs",
      0,
      "results",
      0,
      "locations",
      0,
      "physicalLocation",
      "region",
      "endColumn"
    ],
    "property": "instance.runs[0].results[0].locations[0].physicalLocation.region.endColumn",
    "message": "must be greater than or equal to 1",
    "schema": {
      "description": "The column number of the character following the end of the region.",
      "type": "integer",
      "minimum": 1
    },
    "instance": 0,
    "name": "minimum",
    "argument": 1,
    "stack": "instance.runs[0].results[0].locations[0].physicalLocation.region.endColumn must be greater than or equal to 1"
  }
Error: Unable to upload "/tmp/tmp.Ba0HZNhBK7.sarif.json" as it is not valid SARIF:
- instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn must be greater than or equal to 1
- instance.runs[0].results[0].locations[0].physicalLocation.region.endColumn must be greater than or equal to 1
Error: Unable to upload "/tmp/tmp.Ba0HZNhBK7.sarif.json" as it is not valid SARIF:
- instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn must be greater than or equal to 1
- instance.runs[0].results[0].locations[0].physicalLocation.region.endColumn must be greater than or equal to 1
    at validateSarifFileSchema (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:201:15)
    at uploadFiles (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:251:9)
    at Object.uploadFromActions (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:137:18)
    at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:48:30)
    at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:70:9)

The json is available here: https://github.com/check-spelling/gnu-gnulib/suites/13318061458/artifacts/727508547

Ideally when reporting issues, at a minimum, a line / character offset should be reported, and unless there's a risk of binary output breaking things, a substring showing the offending content in context would be appreciated. (I'm sure I can find the item(s), but I shouldn't have to search through an 850k file to find the problem.

Fwiw, here's the relevant snippet, and it'd be really much nicer if I didn't have to try to search for it (especially because I can't actually search for startColumn:0, I have to remember to search for startColumn":0 -- and if I'm less familiar w/ the json -- which anyone other than me would be -- then I wouldn't know if I need to consider optional whitespace..).

[{"ruleIndex":0,"ruleId":"bad-regex","message":{"text":"Bad regex. \\(bad-regex\\)"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/actions/spelling/patterns.txt","uriBaseId":"%SRCROOT%"},"region":{"startLine":89,"startColumn":0,"endColumn":0}}}]}]

jsoref avatar Jun 02 '23 03:06 jsoref

In don't think we can easily fix this as java script json validation libraries run on parsed json objects which don't have metadata,.

You can use jq and the path (e.g. instance.runs[0].results[0].locations[0].physicalLocation.region.startColumn) to get the problematic element (although you probabaly want to shrink the path for context).

There are also online tools for sarif validation that can show you the eact location of the error.

alexet avatar Jun 02 '23 16:06 alexet

Perhaps run one of those online tools for validating in the event that an error is thrown? That'd save everybody else the trouble of finding one that works and in case its rules are different than GitHub's rules would make it easier to harmonize the different interpretations of the standards.

Thanks

setharnold avatar Jun 02 '23 19:06 setharnold