Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing logging and false reports in folder permission check #444

Closed
DelphinRP opened this issue Nov 10, 2023 · 2 comments
Closed

Missing logging and false reports in folder permission check #444

DelphinRP opened this issue Nov 10, 2023 · 2 comments
Labels
tabled We like this idea, but we are not going to action on it in the moment

Comments

@DelphinRP
Copy link

DelphinRP commented Nov 10, 2023
edited
Loading

Hello everyone,

we are attempting to generate SBOM using sbom-tool in our GitLab jobs using powershell within windows docker container, but receive the following error message:

$ dotnet restore ProfiSignal-Neu/ProfiSignal.sln --configfile "${NuGetConfig}" --verbosity quiet
$ dotnet publish ProfiSignal-Neu/PSDesktop/PSDesktopWPF/PSDesktopWPF.csproj --output "wpf_client" --runtime win10-x64 --no-self-contained --version-suffix $CI_COMMIT_SHA --no-restore --configuration Release --verbosity quiet /p:WarningLevel=0 /p:DefineConstants=STABLE
$ dotnet tool install Microsoft.Sbom.DotNetTool --tool-path .tools
You can invoke the tool using the following command: sbom-tool
Tool 'microsoft.sbom.dotnettool' (version '2.0.0') was successfully installed.
 $ .tools\sbom-tool generate -b ${CI_PROJECT_DIR}\wpf_client -bc ${CI_PROJECT_DIR}\ProfiSignal-Neu -pn PS20WPF -pv $version -ps Delphin -nsb https://sbom.delphin.com -V Verbose
 ##[information]Could not start execution of workflow. Logging telemetry SBOMTelemetry {Result=Failure, Errors=null, Parameters=InputConfiguration {BuildDropPath=ConfigurationSetting`1 {Value="C:\\builds\\software\\profisignal-20\\profisignal-clients\\wpf_client", Source=CommandLine, IsDefaultSource=False}, BuildComponentPath=ConfigurationSetting`1 {Value="C:\\builds\\software\\profisignal-20\\profisignal-clients\\ProfiSignal-Neu", Source=CommandLine, IsDefaultSource=False}, BuildListFile=null, ManifestPath=null, ManifestDirPath=null, OutputPath=null, Parallelism=null, Verbosity=ConfigurationSetting`1 {Value=Verbose, Source=CommandLine, IsDefaultSource=False}, ConfigFilePath=null, ManifestInfo=ConfigurationSetting`1 {Value=null, Source=Default, IsDefaultSource=True}, HashAlgorithm=ConfigurationSetting`1 {Value=AlgorithmName {Name="SHA256"}, Source=Default, IsDefaultSource=True}, RootPathFilter=null, CatalogFilePath=null, ValidateSignature=null, IgnoreMissing=null, ManifestToolAction=Generate, PackageName=ConfigurationSetting`1 {Value="PS20WPF", Source=CommandLine, IsDefaultSource=False}, PackageVersion=ConfigurationSetting`1 {Value="1.10.0", Source=CommandLine, IsDefaultSource=False}, PackageSupplier=ConfigurationSetting`1 {Value="Delphin", Source=CommandLine, IsDefaultSource=False}, FilesList=null, PackagesList=null, TelemetryFilePath=null, DockerImagesToScan=null, ExternalDocumentReferenceListFile=null, AdditionalComponentDetectorArgs=null, NamespaceUriUniquePart=null, NamespaceUriBase=ConfigurationSetting`1 {Value="https://sbom.delphin.com", Source=CommandLine, IsDefaultSource=False}, GenerationTimestamp=null, FollowSymlinks=null, DeleteManifestDirIfPresent=null, FailIfNoPackages=null, FetchLicenseInformation=null}, SBOMFormatsUsed=null, Timings=[], Switches={}, Exceptions={["PowerArgs.ValidationArgException"]="BuildDropPath directory does not have read permissions 'C:\\builds\\software\\profisignal-20\\profisignal-clients\\wpf_client'"}, APIExceptions=null, TotalLicensesDetected=0}
 BuildDropPath directory does not have read permissions 'C:\builds\software\profisignal-20\profisignal-clients\wpf_client'

Since dotnet publish was able to create the folder and write into it and other commands such as Compress-Archive -Path wpf_client -DestinationPath ProfiSignalDesktop.zip -Force are able to read the folder, we assume that read permissions are not the issue in our case.

It seems that the source code checking folder permissions is missing logging statements and simply returns false in case of exceptions. This might lead to false reports of missing permissions eventhough the actual problem is somewhere else.

Without any logs we currently do not know why sbom-tool is failing.

sbom-tool/src/Microsoft.Sbom.Common/WindowsFileSystemUtils.cs

Lines 52 to 56 in 80d0b27

catch (Exception)
{
// TODO Add logger with debug
return false;
}

@jalkire jalkire added the tabled We like this idea, but we are not going to action on it in the moment label Feb 29, 2024
@DaveTryon DaveTryon mentioned this issue Apr 11, 2024
Merged
@DaveTryon
Copy link
Contributor

This has been merged into main and will be in our next release

@DaveTryon
Copy link
Contributor

DaveTryon commented Apr 23, 2024
edited
Loading

@DelphinRP, version 2.2.5 has been released. Please give it a try to see if the logging reveals more details about what is failing in the directory check. If it's still failing, please feel free to open a new issue with the failure details. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tabled We like this idea, but we are not going to action on it in the moment
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jalkire @edgarrs @jlperkins @DaveTryon @DelphinRP