Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scanner fails on C# Solution with "does not have a commit, PURL or ecosystem/name/version identifier" #639

Closed
felix-barz-brickmakers opened this issue Nov 3, 2023 · 2 comments · Fixed by #643
Closed

Scanner fails on C# Solution with "does not have a commit, PURL or ecosystem/name/version identifier" #639

felix-barz-brickmakers opened this issue Nov 3, 2023 · 2 comments · Fixed by #643
Labels
bug Something isn't working

Comments

@felix-barz-brickmakers
Copy link

Since the update to v1.4.3, the scanner fails to correctly scan a C# solution with many projects that depend on each other. The error is the following (full log):

Scanning dir .
Scanning /src/ at commit fa0451a287645ac3fdc9f11635150fac4fd73802
Scanning submodule Bricks.Module.Core at commit e62e6bc84277e5347a424282aea2f47328bb874e
Scanned /src/Brixit.Flows/Brixit.Apis/packages.lock.json file and found 7 packages
Scanned /src/Brixit.Flows/Brixit.Apis.Generator/packages.lock.json file and found 90 packages
Scanned /src/Brixit.Flows/Brixit.Apis.Hrworks/packages.lock.json file and found 65 packages
Scanned /src/Brixit.Flows/Brixit.Apis.Hrworks.Tests/packages.lock.json file and found 111 packages
...
Scanned /src/Common/Common.Extensions/packages.lock.json file and found 0 packages
package { brixit.apis NuGet   lockfile:/src/Brixit.Flows/Brixit.Apis.Hrworks/packages.lock.json} does not have a commit, PURL or ecosystem/name/version identifier

The submodule is currently not checked out. If I check out the submodule first, the scanner instead reports the same problem on one of the submodule packages.

Scanning dir .
Scanning /src/ at commit fa0451a287645ac3fdc9f11635150fac4fd73802
Scanning submodule Bricks.Module.Core at commit e62e6bc84277e5347a424282aea2f47328bb874e
Scanned /src/Bricks.Module.Core/Bricks.Module.Core/packages.lock.json file and found 90 packages
Scanned /src/Bricks.Module.Core/Bricks.Test.Module.Core/packages.lock.json file and found 214 packages
Scanned /src/Brixit.Flows/Brixit.Apis/packages.lock.json file and found 7 packages
...
Scanned /src/Common/Common.Extensions/packages.lock.json file and found 0 packages
package { bricks.module.core NuGet   lockfile:/src/Bricks.Module.Core/Bricks.Test.Module.Core/packages.lock.json} does not have a commit, PURL or ecosystem/name/version identifier

I downgraded to v1.4.2 and there it works again. Can reproduce it with multiple projects, both locally on macOS and in the CI with an ubuntu cloud machine.
@andrewpollock
Copy link
Contributor

Thanks for reporting this. Is this a public repository that you can advise for helping reproduce locally/validate a fix with?

@another-rex another-rex added the bug Something isn't working label Nov 5, 2023
@another-rex another-rex mentioned this issue Nov 6, 2023
Merged
another-rex added a commit that referenced this issue Nov 6, 2023
@another-rex
Filter local packages from scanning, and report the filtering. (#643)
8996ffa 
Filter local packages from scanning, and report the filtering happened.
Fixes #639

Also added a test for this case in main_test.go

Added another rust test of package on a local path, we currently have no
way to differentiate local rust packages and ones from the repository.
Perhaps something to consider in the future.
@another-rex
Copy link
Collaborator

This was caused by a mistake made in refactoring.

This will be fixed in the next release (1.5.0) (scheduled in around 2 weeks time I believe). Workaround for now is to just downgrade to a previous version (e.g. 1.4.2).

Please +1 the issue if you need this fixed on the latest version sooner than that.

@BrewTestBot BrewTestBot mentioned this issue Dec 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Filter local packages from scanning, and report the filtering. another-rex/osv-scanner
3 participants
@andrewpollock @felix-barz-brickmakers @another-rex