Do not fail hard if an ORT result contains no analyzer result #3878
Conversation
sschuberth
requested review from
MarcelBochtler,
oheger-bosch and
a team
as code owners
|
Such empty input files are indeed a strange corner case. Logging a warning in this case makes certainly sense. I was just thinking whether a tool running on such input should actually do nothing or whether it should at least produce an empty result of its own type. Then it would be possible to distinguish whether specific tools have been run on a concrete ORT result or not. |
Given that we agree that ORT result files without an analyzer result are a corner cases, I'm not actually feeling comfortable with deliberately creating more such corner cases... |
|
How could an ORT result without an analyzer section be created in practice? Is this just a theoretical case? If so, I would even say it is reasonable to ignore the case at all. (And if anybody does strange things, they will get what they deserve.) Or, as an alternative approach: Would it be possible to make the analyzer field in the ORT result mandatory? |
Currently, no ORT
That's worth a thought. Although I currently like the fact that data-model-wise all results are nullable, and are treated the same. |
advisor/src/main/kotlin/Advisor.kt
Outdated
| "The provided ORT result file '${ortFile.canonicalPath}' does not contain an analyzer result." | ||
| if (ortResult.analyzer == null) { | ||
| log.warn { | ||
| "The provided ORT result file '${ortFile.canonicalPath}' does not contain an analyzer result." |
There was a problem hiding this comment.
Could it be worth mentioning in the warning that this will lead to no vulnerability information being retrieved/ an unchanged OrtResult?
I don't understand that sentence, if with this change there is no exception anymore, how is the caller supposed to implement custom error handling? |
I was meaning to say that, if the caller does want to handle empty files differently, it should check whether the file it empty before calling the function.
Probably yes, but the caller would still need to (programmatically) inspect the exception message to find out whether it was thrown due to a missing analyzer result or something else. Also no nice. @mnonnenmacher, what do you think about @oheger-bosch's suggestion to instead make the analyzer result non-nullable? |
Pragmatically, when being asked to operate on empty input, then doing nothing is the right thing to do, esp. in library code where the caller should implement custom error handling. However, as it is rather unusual to not even have an analyzer result in a ORT result, still emit a warning in that case. Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch.io>
sschuberth
force-pushed
the
only-warn-no-analyzer
branch
from
b6a6778
to
e2ab835
Compare
Pragmatically, when being asked to operate on empty input, then doing
nothing is the right thing to do, esp. in library code where the caller
should implement custom error handling.
However, as it is rather unusual to not even have an analyzer result in a
ORT result, still emit a warning in that case.
Signed-off-by: Sebastian Schuberth sebastian.schuberth@bosch.io