codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

SARIF produced in `csharp` scan contains `NaN` values

Open steve-gombos opened this issue 1 year ago • 3 comments

Description of the issue

When executing a csharp run on a repository, the SARIF produced has NaN values in it and causes errors in the workflow.

Workflow Error

Code Scanning could not process the submitted SARIF file: parsing restricted subset of SARIF data has failed: parse error: expected number near offset 223643 of 'NaN'

Workflow Link

Reproduction Repo

https://github.com/steve-gombos/codeql-error-repro

steve-gombos avatar Feb 02 '24 07:02 steve-gombos

Thanks for your report. Could you trigger a re-run with debug logging enabled of a failed job such as https://github.com/steve-gombos/codeql-error-repro/actions/runs/7752599838 .

In debug mode the codeql-action will upload a zip file containing log files, the CodeQL database, and the SARIF file. Those files would be really helpful to debug this issue.

aibaars avatar Feb 02 '24 08:02 aibaars

Just reran that job with debug enabled.

steve-gombos avatar Feb 02 '24 08:02 steve-gombos

Found the bad bit of data in the SARIF file

        "ruleId" : "cs/telemetry/extraction-information",
        "value" : "NaN",
        "message" : {
          "text" : "Percentage of calls with call target"
        }

This should be fixed by https://github.com/github/codeql/pull/15432 and should be included in the next release of CodeQL (2.16.2)

aibaars avatar Feb 02 '24 09:02 aibaars