Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Converting HDF to Sarif using [email protected] results in System.IndexOutOfRangeException #2820

Open
RLI-Rdeaton opened this issue Sep 27, 2024 · 1 comment

Comments

@RLI-Rdeaton
Copy link

Consider the following HDF file.

example.hdf.json.zip

Performing the following command on this data:

DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1 sarif-multitool convert -t Hdf -o openscap-report.sarif openscap-report.hdf.json

Results in the following error:

System.IndexOutOfRangeException: Index was outside the bounds of the array.
at System.String.get_Chars(Int32 index)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.<>c.b__6_0(String s)
at System.Linq.Enumerable.SelectArrayIterator2.MoveNext() at System.String.Join(String separator, IEnumerable1 values)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.SarifRuleAndResultFromHdfControl(ExecJsonControl execJsonControl)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.ExtractRulesAndResults(HdfFile hdfFile)
at Microsoft.CodeAnalysis.Sarif.Converters.HdfConverter.Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
at Microsoft.CodeAnalysis.Sarif.Converters.ToolFormatConverter.ConvertToStandardFormat(String toolFormat, Stream inputStream, IResultLogWriter outputStream, OptionallyEmittedData dataToInsert, String pluginAssemblyPath)
at Microsoft.CodeAnalysis.Sarif.Converters.ToolFormatConverter.ConvertToStandardFormat(String toolFormat, String inputFileName, String outputFileName, FilePersistenceOptions logFilePersistenceOptions, OptionallyEmittedData dataToInsert, String pluginAssemblyPath)
at Microsoft.CodeAnalysis.Sarif.Multitool.ConvertCommand.Run(ConvertOptions convertOptions, IFileSystem fileSystem)

The HDF in question was generated from a valid openscap XCCDF , using a profile available at https://github.com/chainguard-dev/stigs .

I'm pretty flummoxed as to what the issue could be, as I'm able to generate SARIF files from this otherwise.

@matthew-duval
Copy link

I'm having this exact same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants