Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not running in project directory causes errors to be printed and code snippets parsed incorrectly #128

Open
WillBartee opened this issue May 9, 2022 · 1 comment
Open

Not running in project directory causes errors to be printed and code snippets parsed incorrectly #128

WillBartee opened this issue May 9, 2022 · 1 comment

Comments

@WillBartee
Copy link

Current Behavior

Multiple errors are printed to the console for each vulnerability when running snyk-to-html outside of the scanned projects root directory and using the output of snyk code test....

In addition to the errors, the "Data Flow" portion of the resulting HTML does not correctly display the vulnerable code.

Tested versions

  • snyk-to-html:
    • v2.3.2
  • snyk:
    • shouldn't matter

How to Reproduce

npm install -g snyk-to-html@latest
mkdir scratch
cd scratch
npm init -y
npm install axios
cat <<EOF > index.js
import axios from 'axios'

function fail(req, res) {
  return res.status(401).send(req.query)
}
EOF
snyk code test --json > ../snyk.json
cd ..
snyk-to-html -i snyk.json -o snyk.html

Example Output

$ snyk-to-html -i snyk.json -o results.html
[Error: ENOENT: no such file or directory, open '/Users/will/workspaces/index.js'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: '/Users/will/workspaces/index.js'
}
[Error: ENOENT: no such file or directory, open '/Users/will/workspaces/index.js'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: '/Users/will/workspaces/index.js'
}
[Error: ENOENT: no such file or directory, open '/Users/will/workspaces/index.js'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: '/Users/will/workspaces/index.js'
}
[Error: ENOENT: no such file or directory, open '/Users/will/workspaces/index.js'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: '/Users/will/workspaces/index.js'
}
Vulnerability snapshot saved at results.html

Screen Shot 2022-05-09 at 4 20 12 PM

Expected/Desired Behavior

  • Bug Report - Errors aren't displayed on handled exceptions.
  • Support Request - HTML output doesn't include invalid code snippets. (Without the need for custom templates)
  • Feature Request - Option to specify the uriBaseId referenced in the SARIF output as %SRCROOT%
@WillBartee WillBartee changed the title Code snippets parsed incorrectly and throw errors when not running in project directory Not running in project directory causes errors to be printed and code snippets parsed incorrectly May 10, 2022
@cmanaila60
Copy link

+1
Versions:
snyk-to-html: v2.3.2
snyk: 1.790.0

I am seeing the same behavior. Although the previous version of snyk-to-html didn't have this issue 2.3.1

snyk code test scan_folder/ --sarif | snyk-to-html > report-code.html
events.js:292
      throw er; // Unhandled 'error' event
      ^

Error: ENOENT: no such file or directory, open '/Users/Desktop/work/repos/salesforce/JiraIntegration.cls'
Emitted 'error' event on ReadStream instance at:
    at internal/fs/streams.js:147:14
    at FSReqCallback.oncomplete (fs.js:171:23) {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: '/Users/Desktop/work/repos/salesforce/JiraIntegration.cls'
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WillBartee @cmanaila60