@@ -198,14 +198,22 @@ jobs:
198198
199199 # Convert NDJSON to JSON array for processing
200200 if [[ -s all-results.ndjson ]]; then
201- jq -s '.' all-results.ndjson > all-results.json
201+ # Filter out empty lines and invalid JSON before processing
202+ grep -v '^$' all-results.ndjson | jq -s '.' > all-results.json 2>/dev/null || echo "[]" > all-results.json
202203 else
203204 echo "[]" > all-results.json
204205 fi
205206
206- # Count results
207- VERIFIED=$(jq '[.[] | select(.Verified==true)] | length' all-results.json)
208- UNVERIFIED=$(jq '[.[] | select(.Verified==false)] | length' all-results.json)
207+ # Validate JSON and count results with error handling
208+ if jq empty all-results.json 2>/dev/null; then
209+ VERIFIED=$(jq '[.[] | select(.Verified==true)] | length' all-results.json 2>/dev/null || echo "0")
210+ UNVERIFIED=$(jq '[.[] | select(.Verified==false)] | length' all-results.json 2>/dev/null || echo "0")
211+ else
212+ echo "Invalid JSON in all-results.json, resetting to empty array"
213+ echo "[]" > all-results.json
214+ VERIFIED=0
215+ UNVERIFIED=0
216+ fi
209217 TOTAL=$((VERIFIED+UNVERIFIED))
210218
211219 echo "Scan Summary:"
@@ -242,9 +250,15 @@ jobs:
242250 exit 0
243251 fi
244252
245- # Parse results
246- VERIFIED=$(jq '[.[] | select(.Verified==true)] | length' all-results.json)
247- UNVERIFIED=$(jq '[.[] | select(.Verified==false)] | length' all-results.json)
253+ # Parse results with error handling
254+ if jq empty all-results.json 2>/dev/null; then
255+ VERIFIED=$(jq '[.[] | select(.Verified==true)] | length' all-results.json 2>/dev/null || echo "0")
256+ UNVERIFIED=$(jq '[.[] | select(.Verified==false)] | length' all-results.json 2>/dev/null || echo "0")
257+ else
258+ echo "Invalid JSON in all-results.json for PR comment"
259+ VERIFIED=0
260+ UNVERIFIED=0
261+ fi
248262 TOTAL=$((VERIFIED+UNVERIFIED))
249263
250264 if [[ $TOTAL -eq 0 ]]; then
@@ -256,7 +270,7 @@ jobs:
256270 echo 'EOF'
257271 } >> "$GITHUB_OUTPUT"
258272 else
259- # Generate findings list
273+ # Generate findings list with error handling
260274 FINDINGS=$(jq -r '.[] |
261275 "- " +
262276 (if .Verified then "**VERIFIED SECRET**" else "**Possible secret**" end) +
@@ -266,7 +280,7 @@ jobs:
266280 ((.SourceMetadata?.Data?.Filesystem?.line // .SourceMetadata?.Data?.Git?.line) | tostring) +
267281 "` → `" +
268282 (if (.Raw | length) > 8 then (.Raw[:4] + "***" + .Raw[-4:]) else "***" end) +
269- "`"' all-results.json)
283+ "`"' all-results.json 2>/dev/null || echo "- Error processing scan results" )
270284
271285 ACTION_TEXT=""
272286 if [[ $VERIFIED -gt 0 ]]; then
@@ -363,8 +377,8 @@ jobs:
363377 echo ""
364378 echo "Detailed Results:"
365379 echo "=================="
366- if [[ -f "all-results.json" && -s "all-results.json" ]]; then
367- jq -r '.[] | "- " + (if .Verified then "VERIFIED" else "Unverified" end) + " " + .DetectorName + " at " + ((.SourceMetadata?.Data?.Filesystem?.file // .SourceMetadata?.Data?.Git?.file) // "unknown") + ":" + ((.SourceMetadata?.Data?.Filesystem?.line // .SourceMetadata?.Data?.Git?.line) | tostring) + " → " + (if (.Raw | length) > 8 then (.Raw[:4] + "***" + .Raw[-4:]) else "***" end)' all-results.json || echo "No detailed results available "
380+ if [[ -f "all-results.json" && -s "all-results.json" ]] && jq empty all-results.json 2>/dev/null ; then
381+ jq -r '.[] | "- " + (if .Verified then "VERIFIED" else "Unverified" end) + " " + .DetectorName + " at " + ((.SourceMetadata?.Data?.Filesystem?.file // .SourceMetadata?.Data?.Git?.file) // "unknown") + ":" + ((.SourceMetadata?.Data?.Filesystem?.line // .SourceMetadata?.Data?.Git?.line) | tostring) + " → " + (if (.Raw | length) > 8 then (.Raw[:4] + "***" + .Raw[-4:]) else "***" end)' all-results.json 2>/dev/null || echo "Error processing detailed results"
368382 else
369383 echo "No secrets detected"
370384 fi
0 commit comments