Skip to content

fix: fix report comparison for optional tracking field

Lucas Charles requested to merge fix-report-comparison-for-missing-tracking into master

What does this MR do?

Previously compare_reports.sh would fail when the optional tracking field was missing from sast reports. With this change, we set a default value to ensure reports are properly sortable and avoid failures if vulnerability[].tracking is not generated.

I still haven't quite got this comparison right since the diff isn't correctly showing the contents of the tracking field but it at least fails gracefully now and hints at the correct diff. Any suggestions are welcome!

Previous error

❯ ./scripts/compare_reports.sh sast test/fixtures/go-modules/gl-sast-report-sanitized.json qa/expect/go-modules/gl-sast-report.json
Error: jq encountered an error while attempting to parse the file: 'qa/expect/go-modules/gl-sast-report.json': 'jq: error (at qa/expect/go-modules/gl-sast-report.json:199): null (null) cannot be sorted, as it is not an array'. It appears as though the JSON file 'qa/expect/go-modules/gl-sast-report.json' consists of some objects which contain array elements, while other objects are missing these elements. In order for jq to be able to sort the file, all objects (entries) in the file must have the _same_ structure. Please ensure that you've set the correct report-type value for the given report. If the report-type has been set correctly, then you'll need to update the `jq_filter` variable of this script to insert blank `[]` entries for these missing array elements using the `map_values` function.

After fix

❯ ./scripts/compare_reports.sh sast test/fixtures/go-modules/gl-sast-report.json qa/expect/go-modules/gl-sast-report.json

Error occurred while comparing actual report 'test/fixtures/go-modules/gl-sast-report.json' against expected report 'qa/expect/go-modules/gl-sast-report.json': report contents differ:

--- qa/expect/go-modules/gl-sast-report-sanitized.json	2021-05-11 11:25:01.000000000 -0700
+++ test/fixtures/go-modules/gl-sast-report-sanitized.json	2021-05-11 11:25:01.000000000 -0700
@@ -104,11 +104,10 @@
           "url": "https://securego.io/docs/rules/g104.html"
         }
       ],
+      "links": [],
       "tracking": {
-        "type": "source",
         "items": []
-      },
-      "links": []
+      }
     },
     {
       "category": "sast",

What are the relevant issue numbers?

Relates to gitlab-org&4612 (closed)

Does this MR meet the acceptance criteria?

Edited by Lucas Charles

Merge request reports