tslint secure analyzer not recognizing typescript files
Summary
When running the tslint
analyzer it is failing to pick up *.tsx
files. This is due to a conservative SEARCH_MAX_DEPTH
we have configured, which defaults to only 2
. By increasing this deep files are picked up, so we could either increase it, document the variable and workaround, or deprecate the search
functionality entirely given the removal of DinD will likely result in no longer needed directory traversal.
In the latter case we can simply run the analyze command directly. The tslint
analyzer may be a good candidate for removing this step in favor of the %13.0 deprecation, however increasing the scan depth may be a low-effort fix for the time being.
Steps to reproduce
(How one can reproduce the issue - this is very important)
Example Project
(If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report)
(If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version)
What is the current bug behavior?
No matching in $DIRNAME
What is the expected correct behavior?
tslint
analyzer should scan deeply nested files automatically
Relevant logs and/or screenshots
[0KRunning with gitlab-runner 12.8.0 (1b659122)
[0;m[0K on runner-bastion-i-0d5c1234196dd0958 H8yKqLv5
[0;msection_start:1583154875:prepare_executor
[0K[0KUsing Docker executor with image registry.gitlab.com/gitlab-org/security-products/analyzers/tslint:2 ...
[0;m[0KAuthenticating with credentials from job payload (GitLab Registry)
[0;m[0KPulling docker image registry.gitlab.com/gitlab-org/security-products/analyzers/tslint:2 ...
[0;m[0KUsing docker image sha256:cd692c0e6fa1de9fba538b0574ae8d7859053bd38a1ed6f19e3438d6cee0335e for registry.gitlab.com/gitlab-org/security-products/analyzers/tslint:2 ...
[0;msection_end:1583154882:prepare_executor
[0Ksection_start:1583154882:prepare_script
[0KRunning on runner-H8yKqLv5-project-16295749-concurrent-0 via runner-h8ykqlv5-gitlab-1583154353-86c26c37...
section_end:1583154884:prepare_script
[0Ksection_start:1583154884:get_sources
[0K[32;1mFetching changes with git depth set to 50...[0;m
Reinitialized existing Git repository in /builds/xxx/xxx-web/.git/
[32;1mChecking out 1c5ac3b5 as gitlab...[0;m
Removing node_modules/
Removing npm-check-audit.txt
Removing packages/apps/client/node_modules/
Removing packages/apps/dev-server/node_modules/
Removing packages/apps/lambda-apollo-authorizer/node_modules/
Removing packages/apps/lambda-asset-server/node_modules/
Removing packages/apps/lambda-page-renderer/node_modules/
Removing packages/libs/ado/node_modules/
Removing packages/libs/cms/node_modules/
Removing packages/libs/config/node_modules/
Removing packages/libs/core/node_modules/
Removing packages/libs/feature-toggles/node_modules/
Removing packages/libs/layout/node_modules/
Removing packages/libs/marketing/node_modules/
Removing packages/libs/search/node_modules/
Removing packages/libs/store/node_modules/
Removing packages/libs/styling/node_modules/
Removing packages/libs/tooling/node_modules/
Removing packages/pages/basket-page/node_modules/
Removing packages/pages/category-page/node_modules/
Removing packages/pages/checkout-page/node_modules/
Removing packages/pages/contact-form-page/node_modules/
Removing packages/pages/facet-page/node_modules/
Removing packages/pages/home-page/node_modules/
Removing packages/pages/info-page/node_modules/
Removing packages/pages/missing-page/node_modules/
Removing packages/pages/product-page/node_modules/
Removing packages/pages/search-page/node_modules/
Removing packages/pages/stores-page/node_modules/
Removing packages/tests/acceptance_tests/node_modules/
Removing packages/tests/audit/node_modules/
Removing packages/tests/integration/node_modules/
[32;1mSkipping Git submodules setup[0;m
section_end:1583154888:get_sources
[0Ksection_start:1583154888:restore_cache
[0Ksection_end:1583154890:restore_cache
[0Ksection_start:1583154890:download_artifacts
[0K[32;1mDownloading artifacts for build (456021590)...[0;m
Downloading artifacts from coordinator... ok [0;m id[0;m=456021590 responseStatus[0;m=200 OK token[0;m=aYUgPbcD
section_end:1583154895:download_artifacts
[0Ksection_start:1583154895:build_script
[0K[0KAuthenticating with credentials from job payload (GitLab Registry)
[0;m[32;1m$ /analyzer run[0;m
No match in /builds/xxx/xxx-web
section_end:1583154897:build_script
[0Ksection_start:1583154897:after_script
[0Ksection_end:1583154898:after_script
[0Ksection_start:1583154898:upload_artifacts_on_failure
[0K[32;1mUploading artifacts...[0;m
[0;33mWARNING: gl-sast-report.json: no matching files [0;m
[31;1mERROR: No files to upload [0;m
section_end:1583154899:upload_artifacts_on_failure
[0K[31;1mERROR: Job failed: exit code 3
[0;m
.gitlab-ci.yml
## relevant excerpt
include:
- template: Dependency-Scanning.gitlab-ci.yml
- template: SAST.gitlab-ci.yml
variables:
SAST_DISABLE_DIND: "true"
SAST_DEFAULT_ANALYZERS: "eslint, nodejs-scan, secrets, tslint"
sast:
stage: sec_checks
tags:
- xxxdev
- infrastructure
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
- Increase
SEARCH_MAX_DEPTH
(default2
levels) - Bypass
command/search
in therun
command