Some minor error handling improvements.

Dave Wichers · Dave Wichers · commit 07eb867725e7 · 2024-11-01T17:05:39.000-04:00
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/CategoryMetrics.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/CategoryMetrics.java
@@ -44,8 +44,11 @@ public CategoryMetrics(
                     "ERROR: precision for category: " + category + " is NaN");
         }
         if (Double.isNaN(tpr)) {
-            throw new IllegalArgumentException(
-                    "ERROR: true positive rate for category: " + category + " is NaN");
+            System.out.println(
+                    "WARNING: true positive rate for category: "
+                            + category
+                            + " is NaN. Setting it to 0.");
+            tpr = 0.0;
         }
         if (Double.isNaN(fpr)) {
             throw new IllegalArgumentException(
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/sarif/SarifReader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/sarif/SarifReader.java
@@ -29,6 +29,7 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.json.JSONArray;
+import org.json.JSONException;
 import org.json.JSONObject;
 import org.owasp.benchmarkutils.score.ResultFile;
 import org.owasp.benchmarkutils.score.TestCaseResult;
@@ -159,15 +160,24 @@ private Map<String, Integer> ruleCweMappingsByTag(JSONObject tool) {
         Map<String, Integer> mappings = new HashMap<>();
 
         for (JSONObject rule : extractRulesFrom(tool)) {
-            JSONArray tags = rule.getJSONObject("properties").getJSONArray("tags");
+            try {
+                JSONArray tags = rule.getJSONObject("properties").getJSONArray("tags");
 
-            for (int j = 0; j < tags.length(); j++) {
-                String tag = tags.getString(j).toLowerCase();
+                for (int j = 0; j < tags.length(); j++) {
+                    String tag = tags.getString(j).toLowerCase();
 
-                // only take first CWE id for rule
-                if (tag.contains("cwe") && !mappings.containsKey(rule.getString("id"))) {
-                    mappings.put(rule.getString("id"), mapCwe(extractCwe(tag)));
+                    // only take first CWE id for rule
+                    if (tag.contains("cwe") && !mappings.containsKey(rule.getString("id"))) {
+                        mappings.put(rule.getString("id"), mapCwe(extractCwe(tag)));
+                    }
                 }
+            } catch (JSONException e) {
+                System.err.println(
+                        "WARNING: "
+                                + e.getMessage()
+                                + " for rule: "
+                                + rule.toString()
+                                + ". Parser for this tool type needs to be fixed to handle this properly.");
             }
         }
 
@@ -214,7 +224,7 @@ private Map<String, Integer> ruleCweMappingsByField(JSONObject tool) {
         return mappings;
     }
 
-    public Map<String, Integer> customRuleCweMappings(JSONObject driver) {
+    public Map<String, Integer> customRuleCweMappings(JSONObject tool) {
         throw new IllegalArgumentException(
                 "SARIF Reader using custom CWE mappings MUST overwrite mapping method.");
     }
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/report/ScatterHome.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/report/ScatterHome.java
@@ -138,6 +138,17 @@ private JFreeChart display(String title, Set<Tool> tools) {
         for (XYDataItem item : (List<XYDataItem>) series.getItems()) {
             double x = item.getX().doubleValue();
             double y = item.getY().doubleValue();
+
+            // This should only happen if we don't have all the CWEs mapped to CategoryGroups,
+            // or there are no actual findings for this category.
+            if (Double.isNaN(y)) {
+                System.err.println(
+                        "WARNING: Y PlotPoint for item: "
+                                + item.toString()
+                                + " is NaN, so setting it to 0.");
+                y = 0.0;
+            }
+
             double z = (x + y) / 2;
             XYLineAnnotation score = new XYLineAnnotation(x, y, z, z, dashed, Color.blue);
             xyplot.addAnnotation(score);
diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/report/ScatterPlot.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/report/ScatterPlot.java
@@ -178,6 +178,17 @@ void addLabelsToPlotPoints(HashMap<Point2D, String> map, XYPlot xyplot) {
             if (e.getValue() != null) {
                 Point2D p = e.getKey();
                 String label = sort(e.getValue());
+
+                // This should only happen if we don't have all the CWEs mapped to CategoryGroups,
+                // or there are no actual findings for this category.
+                if (Double.isNaN(p.getY())) {
+                    System.err.println(
+                            "WARNING: Y PlotPoint for label: "
+                                    + label
+                                    + " is NaN, so setting it to 0.");
+                    p.setLocation(p.getX(), 0.0);
+                }
+
                 XYTextAnnotation annotation = new XYTextAnnotation(label, p.getX(), p.getY());
                 annotation.setTextAnchor(
                         p.getX() < 3 ? TextAnchor.TOP_LEFT : TextAnchor.TOP_CENTER);

Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,11 @@ public CategoryMetrics(`
`44`	`44`	`"ERROR: precision for category: " + category + " is NaN");`
`45`	`45`	`}`
`46`	`46`	`if (Double.isNaN(tpr)) {`
`47`		`- throw new IllegalArgumentException(`
`48`		`- "ERROR: true positive rate for category: " + category + " is NaN");`
	`47`	`+ System.out.println(`
	`48`	`+ "WARNING: true positive rate for category: "`
	`49`	`+ + category`
	`50`	`+ + " is NaN. Setting it to 0.");`
	`51`	`+ tpr = 0.0;`
`49`	`52`	`}`
`50`	`53`	`if (Double.isNaN(fpr)) {`
`51`	`54`	`throw new IllegalArgumentException(`