Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix debug_enabled on steps and error handling #117

Merged
merged 5 commits into from
Jun 3, 2024
Merged

Conversation

becojo
Copy link
Contributor

@becojo becojo commented Jun 3, 2024

In the debug_enabled rule:

  • For GitHub Actions, report line numbers of the step or job that enables debugging.
  • Fix the step metadata value. It must be the step's index since the id is not always defined.

in analyze_org, log errors instead of cancelling the entire analysis of the org (see #102). Because of the wrong step reported in the debug_enabled rule, an org that had debugging enabled on a single workflow step could not be analyzed at all.

Make it so FindingMeta parsing error are logged instead. Currently, if a finding with metadata that cannot be parse would crash the org's analysis with the following error:

12:55PM | ERROR | error="failed to analyze repo statusburger/actions: json: invalid number literal, trying to unmarshal \"\\\"\\\"\" into Number"

Now it logs the error and the metadata it tried to parse:

12:55PM | ERROR | failed to unmarshal FindingMeta error="json: invalid number literal, trying to unmarshal \"\\\"\\\"\" into Number" meta={"details":"ACTIONS_STEP_DEBUG","job":"build","line":21,"path":".github/workflows/debug.yml","step":""}

@becojo becojo requested a review from a team as a code owner June 3, 2024 17:01
@fproulx-boostsecurity
Copy link
Contributor

We should get back to @rgmz (ref #102) as we merge and test this

@becojo becojo merged commit 481689e into main Jun 3, 2024
8 checks passed
@becojo becojo deleted the fix-debug-enabled-step branch June 3, 2024 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants