ort: [BUG] Analyzer fails with go.mod

Trying to analyze a Go project like this https://github.com/parvez3019/go-swagger3 ort crashes with this message

[DefaultDispatcher-worker-1] ERROR org.ossreviewtoolkit.analyzer.PackageManager - Resolving GoMod dependencies for path 'go.mod' failed with: MissingKotlinParameterException: Instantiation of [simple type, class org.ossreviewtoolkit.analyzer.managers.ModuleInfoFile] value failed for JSON property Origin due to missing (therefore NULL) value for creator parameter origin which is a non-nullable type
 at [Source: (File); line: 1, column: 50] (through reference chain: org.ossreviewtoolkit.analyzer.managers.ModuleInfoFile["Origin"])

The Analyzer used by ort was GoMod and the command used for testing was

./cli/build/install/ort/bin/ort analyze -i ~/go-swagger3/ -o ~/ort_results/

(built from sources)

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 22 (9 by maintainers)

Commits related to this issue

Most upvoted comments

Hey @fviernau, here is our example project that produces this error (Note: the Go code itself does not work, but contains the necessary dependencies ๐Ÿ˜‰).

example-project-missing-gomod-field.zip

What I did to test this:

# Run docker container because Go is not installed on my pc
$ docker run -it --rm -v path/to/project:/test --entrypoint="" golang:1.19 bash

# Switch to mounted directory
root@fbb823281ed9: $ cd /test

# Run 'go mod tidy' - which does not change the 'go.mod' or 'go.sum' (they are up to date)
root@fbb823281ed9: $ go mod tidy

# Verify that the graph can be generated - works
root@fbb823281ed9: $ go mod graph

# Install jq for json parsing
root@fbb823281ed9: $ apt-get update && apt-get install -y jq

# Run 'go list' for the full output
root@fbb823281ed9: $ go list -m -json -buildvcs=false all

# Run 'go list' and only select packages that do not contain the 'GoMod' field
root@fbb823281ed9: $ go list -m -json -buildvcs=false all | jq '. | select(.GoMod == null)'

For our project these dependencies seem to be missing the GoMod field:

{
  "Path": "github.com/davecgh/go-spew",
  "Version": "v1.1.1",
  "Time": "2018-02-21T23:26:28Z",
  "Indirect": true,
  "Dir": "/go/pkg/mod/github.com/davecgh/go-spew@v1.1.1"
}
{
  "Path": "github.com/stretchr/testify",
  "Version": "v1.7.2",
  "Time": "2022-06-06T09:52:45Z",
  "Indirect": true,
  "Dir": "/go/pkg/mod/github.com/stretchr/testify@v1.7.2"
}
{
  "Path": "gopkg.in/yaml.v3",
  "Version": "v3.0.1",
  "Time": "2022-05-27T08:35:30Z",
  "Indirect": true,
  "Dir": "/go/pkg/mod/gopkg.in/yaml.v3@v3.0.1"
}

Apparently they are all indirect dependencies used by github.com/aws/aws-go-lambda - because once you remove it the issue can no longer be reproduced (see the comment in the main.go).

To reproduce the error inside ORT I used revision d949be19c1c99f8abd07d30bbe5d2ce480744bed (released 2023-03-06 11:06 PM GMT+1). Running the analyze phase then produces this error:

11:24:10.595 [DefaultDispatcher-worker-2] DEBUG org.eclipse.jgit.util.SystemReader - loading config FileBasedConfig[/home/ort/.gitconfig]
11:24:10.663 [DefaultDispatcher-worker-2] ERROR org.ossreviewtoolkit.analyzer.PackageManager - Resolving GoMod dependencies for path 'go.mod' failed with: MissingKotlinParameterException: Instantiation of [simple type, class org.ossreviewtoolkit.analyzer.managers.ModuleInfo] value failed for JSON property GoMod due to missing (therefore NULL) value for creator parameter goMod which is a non-nullable type
 at [Source: (String)"{
\u0009"Path": "my.company.local/team-a/app-a",
\u0009"Main": true,
\u0009"Dir": "/builds/team-a/app-a",
\u0009"GoMod": "/builds/team-a/app-a/go.mod",
\u0009"GoVersion": "1.19"
}
{
\u0009"Path": "github.com/aws/aws-lambda-go",
\u0009"Version": "v1.35.0",
\u0009"Time": "2022-11-16T11:12:14Z",
\u0009"GoMod": "/tmp/ort-GoMod15285485639793805450/pkg/mod/cache/download/github.com/aws/aws-lambda-go/@v/v1.35.0.mod",
\u0009"GoVersion": "1.18"
}
{
\u0009"Path": "github.com/aws/aws-sdk-go-v2",
\u0009"Versi"[truncated 7185 chars]; line: 162, column: 1] (through reference chain: org.ossreviewtoolkit.analyzer.managers.ModuleInfo["GoMod"])
11:24:10.666 [DefaultDispatcher-worker-2] INFO  org.ossreviewtoolkit.analyzer.PackageManager - Resolving GoMod dependencies for path 'go.mod' took 1m 16.851894495s.
11:24:10.669 [DefaultDispatcher-worker-2] INFO  org.ossreviewtoolkit.analyzer.Analyzer - Finished GoMod analysis.

If there is anything else I can provide then please let me know.

+4
malmor on Mar 9, 2023

Thanks a lot @fviernau (and everybody else who reviewed the PRs and shared their thoughts)!

+3
malmor on Mar 10, 2023

I just re-tested this issue running revision 314c95804246f2b668a2eb8ce046590b9216af84 (released 2023-03-13 10:01 PM GMT+1) and the issue does no longer occur - neither for the small reproduction project nor for our main project ๐Ÿš€

+2
malmor on Mar 13, 2023

Awsome @malmor this was very helpful. Iโ€™ve just tested my 2 open PRs against your example and it seems to work now. It also works against the go.mod file` described in the ticket description.

+2
fviernau on Mar 9, 2023

@Franco0700 pls check the other commits that you got from the master branch and list here?

Please not here. If you encounter a new issue like a regression in runtime, please open a new issue.

+1
sschuberth on Mar 14, 2023

Thanks!

+1
dgutson on Mar 10, 2023

Thanks @fviernau - looking forward to testing the new version once itโ€™s released!

+1
malmor on Mar 9, 2023

Note: when analyzing the docker package ORT shows no dependencies of docker.

+1
dgutson on Mar 6, 2023
Read more comments on GitHub
← ort: Analyzer reports issues and returns exit code 2 but no issues are visible
ort: [docker] failed on windows →