Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hasIssues property is set to false although there are issues in a Maven project #4105

Closed
sschuberth opened this issue Jun 2, 2021 · 8 comments · Fixed by #4120
Closed

hasIssues property is set to false although there are issues in a Maven project #4105

sschuberth opened this issue Jun 2, 2021 · 8 comments · Fixed by #4120
Assignees
@mnonnenmacher
Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs

Comments

@sschuberth
Copy link
Member

We have a case where in the analysis of a Maven project issues occur (ProjectBuildingException) and these issues also show up in the analyzer result, but still has_issues is set to false. This might be a regression from the refactoring to use the new dependency graph format.
@sschuberth sschuberth added bug Issues that are considered to be bugs analyzer About the analyzer tool labels Jun 2, 2021
@sschuberth
Copy link
Member Author

@mnonnenmacher and @fviernau, as I'm currently working on #4096, I was wondering what to do with this bug. We could:

  • Fix the bug and keep the semantics.
  • Simply drop the hasIssues property (as we had issues with it before).
  • Change the semantics (probably renaming it to hasSevereIssues) to only take issues into account that count as "severe" according to the user configuration.

Any opinions?

@mnonnenmacher
Copy link
Member

I like the idea with hasSevereIssues. How can users configure what counts as severe?

@sschuberth
Copy link
Member Author

How can users configure what counts as severe?

I would have said by another ort.conf entry, like severeIssueThreshold, which defaults to Severity.WARNING or Severity.HINT depending on whether we'd want to define it inclusive or exclusive. I would have said it should be inclusive, meaning we should use >= (not >) to compare against it in order to determine what counts as severe.

@sschuberth
Copy link
Member Author

FYI, just rewriting the file with resolved scope like so fixes has_issues to be correct:

val result = OrtMain().readOrtResult(File("analyzer-result.yml")) // Result with wrong `has_issues` in dependency graph format.
OrtMain().writeOrtResult(result, listOf(File("analyzer-result-rewritten.yml")), "analyzer") // Result with correct `has_issues` with resolved scopes.

@mnonnenmacher
Copy link
Member

How can users configure what counts as severe?

I would have said by another ort.conf entry, like severeIssueThreshold, which defaults to Severity.WARNING or Severity.HINT depending on whether we'd want to define it inclusive or exclusive. I would have said it should be inclusive, meaning we should use >= (not >) to compare against it in order to determine what counts as severe.

Ah ok, I was surprised because it sounded like it's already possible. I agree that the setting should be inclusive.

@mnonnenmacher
Copy link
Member

mnonnenmacher commented Jun 3, 2021
edited
Loading

FYI, just rewriting the file with resolved scope like so fixes has_issues to be correct:

val result = OrtMain().readOrtResult(File("analyzer-result.yml")) // Result with wrong `has_issues` in dependency graph format.
OrtMain().writeOrtResult(result, listOf(File("analyzer-result-rewritten.yml")), "analyzer") // Result with correct `has_issues` with resolved scopes.

Yes, that's because readOrtResult is resolving the dependency trees, but I think we need a solution that doesn't require that. Based on the other changes you are doing I assume you are going to remove the property in favor of the exit code?
Anyway we need to fix the collectIssues() function, I will assign this issue to me because it's a good chance to get more familiar with the dependency graph format.

@mnonnenmacher mnonnenmacher self-assigned this Jun 3, 2021
@sschuberth
Copy link
Member Author

Based on the other changes you are doing I assume you are going to remove the property in favor of the exit code?

Not necessarily. #4108 was done in parallel to this discussion, with a main focus on aligning the exit code behavior. I'd be still fine with introducing hasSevereIssues and making use of it to determine the exit code. But if the only use of the hasSevereIssues flag would be the exit code determination, I'd also be fine with my second bullet item from above and drop that flag.

So that boils down to the question: Do we (or does someone we know) use hasIssues / will use hasSevereIssues for anything else than exit code calculation? Is keeping that convenience flag still required, or is it fine to eventually call collectIssues()?

mnonnenmacher added a commit that referenced this issue Jun 4, 2021
@mnonnenmacher
AnalyzerResult: Collect issues from dependency graphs
7c8affd 
Add a function to collect issues from a `DependencyGraph` and use it in
the `AnalyzerResult` to collect issues also from graphs without having
to resolve them first.

Fixes #4105.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
@mnonnenmacher mnonnenmacher mentioned this issue Jun 4, 2021
Merged
mnonnenmacher added a commit that referenced this issue Jun 4, 2021
@mnonnenmacher
AnalyzerResult: Collect issues from dependency graphs
71b8949 
Add a function to collect issues from a `DependencyGraph` and use it in
the `AnalyzerResult` to collect issues also from graphs without having
to resolve them first.

Fixes #4105.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
@mnonnenmacher
Copy link
Member

So that boils down to the question: Do we (or does someone we know) use hasIssues / will use hasSevereIssues for anything else than exit code calculation? Is keeping that convenience flag still required, or is it fine to eventually call collectIssues()?

I think the main reason to keep the property would be third-party code that processes the ORT results, because parsing the whole file is not feasible. Another reason would be performance, because accessing the property multiple times wouldn't call collectIssues(), but since we are not using the property anywhere in the ORT code that's not really relevant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mnonnenmacher mnonnenmacher

Labels
analyzer About the analyzer tool bug Issues that are considered to be bugs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

AnalyzerResult: Collect issues from dependency graphs oss-review-toolkit/ort
2 participants
@sschuberth @mnonnenmacher