Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

Line numbers don't match files when Codyze CLI is executed with a folder (-s parameter) #123

Closed
agigleux opened this issue Nov 30, 2020 · 2 comments
Assignees

Comments

@agigleux
Copy link

Hello,

I extracted the test cases corresponding to JCA in this repo so it's easier for me to test and load the results into SonarQube/SonarCloud:

When I run Codyze with this command line I'm getting results for AESCBC.java (findings-AESCBC.json.txt)
~/Softwares/codyze-1.4.1/bin/codyze -c -s=src/main/java/jca/AESCBC.java -m=/home/alex/Softwares/codyze-1.4.1/mark/bouncycastle/ --no-good-findings

When I run this command line looking at all the Java files under the directory src/main/java/jca/, I'm getting different results for AESCBC.java (findings-all.json.txt).

~/Softwares/codyze-1.4.1/bin/codyze -c -s=src/main/java/jca/ -m=/home/alex/Softwares/codyze-1.4.1/mark/bouncycastle/ --no-good-findings

I'm getting 21 problems when I target only AESCBC.java, while I'm getting only 13 problems for AESCBC.java when I target the entire folder.

I would expect to see the same quantity of problems because the files under the directory src/main/java/jca/ have no relationship.

The second problem is the inconsistency of the line numbers when targeting a folder.
For example, there is a problem raised on AESGMAC.java on line 17 (so 18 for real), while there is not 66 characters on this line but only 44:

  "locations": [
    {
      "region": {
        "endLine": 17,
        "endColumn": 66,
        "startColumn": 9,
        "startLine": 17
      },
      "artifactLocation": {"uri": "file:/home/alex/Repos/Java_Validation/codyze-java-testcases/src/main/java/jca/AESGMAC.java"}
    },

image

@agigleux agigleux changed the title Line numbers don't match files when Codyze CLI is executed with a folder (s parameter) Line numbers don't match files when Codyze CLI is executed with a folder (-s parameter) Nov 30, 2020
@oxisto
Copy link
Member

oxisto commented Nov 30, 2020

Hi! Thanks for reporting this. This is indeed a very strange bug reg. scanning file vs. folder

The line number inconsistency looks to be the the same as #106. My guess that this arises out of the fact that we use both SARIF and lsp code regions / locations in codyze and the underlying code property graph library. I guess that converting between those two goes wrong at some point and the line width of the wrong line is used (which I guess in 66 in case of line 17).

@fwendland fwendland self-assigned this Jan 13, 2021
@fwendland fwendland added this to the 2.0.0 milestone Jan 13, 2021
fwendland added a commit that referenced this issue Jan 14, 2021
Combined tests for individual resources into one test to investigate #123.
@fwendland
Copy link
Collaborator

Hi @agigleux,

Thank you for the issue. I have verified that the analysis produces different results when scanning a single file vs. scanning a folder. With the given files and don't see a reason for this behavior and the findings should in fact be very similar.

My hope is that I find the problem with the lines/columns on the way as well.

I need to investigate further. For now, I've created a WIP PR (#137) to track the progress.

@fwendland fwendland removed this from the 2.x.y milestone Dec 27, 2022
@oxisto oxisto closed this as not planned Won't fix, can't repro, duplicate, stale Jan 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants