Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Converting HDF to Sarif using sarif-multitool@4.5.4 results in System.IndexOutOfRangeException #2820

Open
RLI-Rdeaton opened this issue Sep 27, 2024 · 2 comments

Comments

@RLI-Rdeaton
Copy link

Consider the following HDF file.

example.hdf.json.zip

Performing the following command on this data:

DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 sarif-multitool convert -t Hdf -o openscap-report.sarif openscap-report.hdf.json

Results in the following error:

System.IndexOutOfRangeException: Index was outside the bounds of the array.
at System.String.get_Chars(Int32 index)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.<>c.b__6_0(String s)
at System.Linq.Enumerable.SelectArrayIterator2.MoveNext() at System.String.Join(String separator, IEnumerable1 values)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.SarifRuleAndResultFromHdfControl(ExecJsonControl execJsonControl)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.ExtractRulesAndResults(HdfFile hdfFile)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
at Microsoft.CodeAnalysis.Sarif.Converters.ToolFormatConverter.ConvertToStandardFormat(String toolFormat, Stream inputStream, IResultLogWriter outputStream, OptionallyEmittedData dataToInsert, String pluginAssemblyPath)
at Microsoft.CodeAnalysis.Sarif.Converters.ToolFormatConverter.ConvertToStandardFormat(String toolFormat, String inputFileName, String outputFileName, FilePersistenceOptions logFilePersistenceOptions, OptionallyEmittedData dataToInsert, String pluginAssemblyPath)
at Microsoft.CodeAnalysis.Sarif.Multitool.ConvertCommand.Run(ConvertOptions convertOptions, IFileSystem fileSystem)

The HDF in question was generated from a valid openscap XCCDF , using a profile available at https://github.com/chainguard-dev/stigs .

I'm pretty flummoxed as to what the issue could be, as I'm able to generate SARIF files from this otherwise.

@matthew-duval
Copy link

I'm having this exact same issue.

@SemiCicada
Copy link

I ran into this issue when attempting to convert an OpenSCAP report as well. The fix for me was to downgrade the npm package sarif-multitool from 4.5.4 to 4.2.2.

What was odd was that I had to force npm to install sarif-multitool-win32 and sarif-multitool-linux directly, instead of the base package. When I installed the base package it would automatically install the latest version no matter what version I specified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants