When gradle builds with rich console output, gemnasium analyzer cannot open gradle-dependencies.json file
Summary
The gemnasium analyzer invokes the gemnasiumDumpDependencies task here. It determines the path of the gradle-dependencies.json
file by parsing the STDOUT of the gradle task. It looks for a line containing “Writing dependency JSON to” and extracts the path from the rest of the line.
When gradle builds with rich console output, it’s adding an ANSI escape sequence to the end of this line:
\[4A\[1m<\[0;1m-------------> 0% EXECUTING \[20s\]\[m\[34D\[1B\[1m> :gemnasiumDumpDependencies\[m\[28D\[1B> IDLE\[6D\[1B> IDLE\[6D\[1B\[4A\[1m<\[0;1m-------------> 0% EXECUTING \[21s\]\[m\[34D\[4B\[4AWriting dependency JSON to /builds/<PROJECT_PATH>/gradle-dependencies.json\[0K
The extract function is returning the filename including the escape sequence, instead of the actual filename. So when it goes to open the file later, it fails with “no such file or directory”, because it is trying to open gradle-dependencies.json\[0K
, not gradle-dependencies.json
.
Steps to reproduce
In gradle.properties
set org.gradle.console=rich
.
What is the current bug behavior?
gemnasium analyzer parses the dependency file name incorrectly from the stdout line.
What is the expected correct behavior?
gemnasium analyzer should parse the correct dependency file name.
Relevant logs and/or screenshots
[4A[1m<[0;1m-------------> 0% EXECUTING [20s][m[34D[1B[1m> :gemnasiumDumpDependencies[m[28D[1B> IDLE[6D[1B> IDLE[6D[1B[4A[1m<[0;1m-------------> 0% EXECUTING [21s][m[34D[4B[4AWriting dependency JSON to /builds/<PATH>/gradle-dependencies.json[0K
[0K
...
[0;34m[DEBU] [gemnasium-maven] [2023-10-19T14:37:15Z] [/go/src/app/scanner/scanner.go:128] ▶ Location set to build.gradle[0m
[0;31m[FATA] [gemnasium-maven] [2023-10-19T14:37:15Z] [/go/src/app/cmd/gemnasium-maven/main.go:64] ▶ scanning file /builds/<PATH>/gradle-dependencies.json[0K: opening file /builds/<PATH>/gradle-dependencies.json[0K: open /builds/<PATH>/gradle-dependencies.json[0K: no such file or directory[0m
Possible fixes
Setting the env variable GRADLE_CLI_OPTS=--console=plain
resolves the issue.
This will make gradle produce the output without all the escape sequences, so the filename parses correctly. It might be good to add that cli option by default when invoking the gemnasiumDumpDependencies
task, or else maybe strip the escape sequences from the output before parsing.