search

dependency-check / dependency-check-gradle

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
http://jeremylong.github.io/DependencyCheck/
Apache License 2.0
360 stars 93 forks source link

Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=2000 #416

Open vidgeus opened 3 days ago

vidgeus commented 3 days ago

OWASP Release: 11.0.0 Gradle version: 7.6.4

Problem: Task dependencyCheckAggregate fails. Both locally on Windows and TeamCity on Linux agent.

Log:

[14:24:20] :     [Step 2/3] > Task :dependencyCheckAggregate
[14:24:20] :     [Step 2/3] Verifying dependencies for project upgrade-tools
[14:24:53] :     [Step 2/3] Checking for updates and analyzing dependencies for vulnerabilities
[14:25:37] :     [Step 2/3] 
[14:25:37] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=2000 : 3 time
[14:25:37] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=8000 : 3 time
[14:26:35] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:26:37] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:27:38] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=34000 : 3 time
[14:27:43] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=40000 : 3 time
[14:27:57] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=22000 : 3 time
[14:27:58] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=20000 : 3 time
[14:28:04] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:28:38] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:29:37] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=54000 : 3 time
[14:29:42] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=58000 : 3 time
[14:30:58] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:31:40] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=70000 : 3 time
[14:31:58] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=76000 : 3 time
[14:32:19] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:33:10] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:33:10] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:33:22] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:33:53] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=86000 : 3 time
[14:33:55] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=90000 : 3 time
[14:35:34] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=102000 : 3 time
[14:35:52] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=106000 : 3 time
[14:35:59] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=136000 : 3 time
[14:36:19] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:38:04] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=118000 : 3 time
[14:38:06] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=140000 : 3 time
[14:38:06] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=160000 : 3 time
[14:40:01] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=154000 : 3 time
[14:40:29] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=156000 : 3 time
[14:40:33] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:42:01] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=158000 : 3 time
[14:42:13] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=178000 : 3 time
[14:42:25] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=216000 : 3 time
[14:42:35] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:42:51] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:43:40] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=174000 : 3 time
[14:43:47] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=232000 : 3 time
[14:44:04] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=196000 : 3 time
[14:44:14] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:44:38] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:45:31] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=210000 : 3 time
[14:45:42] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=220000 : 3 time
[14:45:50] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=256000 : 3 time
[14:46:07] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:46:48] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=236000 : 3 time
[14:46:50] :     [Step 2/3] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=230000 : 3 time
[14:47:59] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:48:04] :     [Step 2/3] NVD API request failures are occurring; retrying request for the 5 time
[14:51:37] :     [Step 2/3] An unexpected error occurred during analysis of '/home/teamcity/.gradle/caches/modules-2/files-2.1/com.jetbrains.intellij.idea/ideaIC/2022.3.3/19e52733ac61e1d2e675720f92daf5959355cb1e/ideaIC-2022.3.3/plugins/java/lib/java-impl.jar' (Archive Analyzer): 'org.apache.commons.compress.archivers.zip.ZipFile$Builder org.apache.commons.compress.archivers.zip.ZipFile.builder()'
[14:51:37]W:     [Step 2/3] 
[14:51:37]W:     [Step 2/3] java.lang.NoSuchMethodError: 'org.apache.commons.compress.archivers.zip.ZipFile$Builder org.apache.commons.compress.archivers.zip.ZipFile.builder()'
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.isZipFileActuallyJarFile(ArchiveAnalyzer.java:731)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.addDisguisedJarsToDependencies(ArchiveAnalyzer.java:348)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:334)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:317)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
[14:51:37]W:     [Step 2/3]     at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
[14:51:37]W:     [Step 2/3]     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[14:51:37]W:     [Step 2/3]     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[14:51:37]W:     [Step 2/3]     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[14:51:37]W:     [Step 2/3]     at java.base/java.lang.Thread.run(Thread.java:829)
[14:51:38] :     [Step 2/3] An unexpected error occurred during analysis of '/home/teamcity/.gradle/caches/modules-2/files-2.1/studio/studio/7.0.11/affb2fe205a42b1c8938d4e1db20e8a56af592bc/studio-7.0.11.zip' (Archive Analyzer): 'org.apache.commons.compress.archivers.zip.ZipFile$Builder org.apache.commons.compress.archivers.zip.ZipFile.builder()'
[14:51:38]W:     [Step 2/3] 
[14:51:38]W:     [Step 2/3] java.lang.NoSuchMethodError: 'org.apache.commons.compress.archivers.zip.ZipFile$Builder org.apache.commons.compress.archivers.zip.ZipFile.builder()'
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.isZipFileActuallyJarFile(ArchiveAnalyzer.java:731)
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.addDisguisedJarsToDependencies(ArchiveAnalyzer.java:348)
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:334)
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277)
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
[14:51:38]W:     [Step 2/3]     at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
[14:51:38]W:     [Step 2/3]     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[14:51:38]W:     [Step 2/3]     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[14:51:38]W:     [Step 2/3]     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[14:51:38]W:     [Step 2/3]     at java.base/java.lang.Thread.run(Thread.java:829)
[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/3/pom.xml'
[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/4/pom.xml'
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/home/teamcity/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.5.3/a7ecd51f54b58a8513733893d6c6e9cccaf043ff/logback-classic-1.5.3.jar'.
[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/1/pom.xml'
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/home/teamcity/.gradle/caches/modules-2/files-2.1/args4j/args4j/2.37/244f60c057d72a785227c0562d3560f42a7ea54b/args4j-2.37.jar'.
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/home/teamcity/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-api/2.0.12/48f109a2a6d8f446c794f3e3fa0d86df0cdfa312/slf4j-api-2.0.12.jar'.
[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/2/pom.xml'
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/home/teamcity/.gradle/caches/modules-2/files-2.1/io.vavr/vavr/0.10.0/c9f28385e6ca99f9c253c4eef879720663905329/vavr-0.10.0.jar'.
[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/5/pom.xml'
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/home/teamcity/.gradle/caches/modules-2/files-2.1/io.vavr/vavr-match/0.10.0/2088877806b1c07514a134fa10d6a7ad480cac70/vavr-match-0.10.0.jar'.
[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/6/pom.xml'
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/home/teamcity/.gradle/caches/modules-2/files-2.1/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/b421526c5f297295adef1c886e5246c39d4ac629/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar'.

...

[14:51:38] :     [Step 2/3] Unexpected error during parsing of the pom '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check5080248911421138824tmp/103/pom.xml'
[14:51:38] :     [Step 2/3] An error occurred while analyzing '/tmp/dctemp430ed2c1-cb70-428b-8bd2-13eeb6d8d2ba/check9288974356145529405tmp/123/intellij-swagger/lib/guava-31.1-jre.jar'.
[14:51:39] :     [Step 2/3] 
[14:51:39]W:     [Step 2/3] ----------------------------------------------------
[14:51:39] :     [Step 2/3] > Task :dependencyCheckAggregate
[14:51:39]W:     [Step 2/3] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or add the path to dotnet core in the configuration.
[14:51:39]W:     [Step 2/3] The dotnet 8.0 core runtime or SDK is required to analyze assemblies
[14:51:39]W:     [Step 2/3] ----------------------------------------------------
[14:51:39]W:     [Step 2/3] Unexpected exception occurred initializing Hint Analyzer.
[14:51:40]W:     [Step 2/3] Unexpected exception occurred initializing CPE Analyzer.
[14:51:43]W:     [Step 2/3] Unexpected exception occurred initializing Vulnerability Suppression Analyzer.
[14:51:43]W:     [Step 2/3] Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT
[14:51:43]W:     [Step 2/3] Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL
[14:51:43]W:     [Step 2/3] Region [POM] : Not alive and dispose was called, filename: POM
[14:51:43] :     [Step 2/3] 
[14:51:43] :     [Step 2/3] 
[14:51:43] :     [Step 2/3] > Task :dependencyCheckAggregate FAILED
[14:51:43] :     [Step 2/3] 
[14:51:43] :     [Step 2/3] Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
[14:51:43] :     [Step 2/3] 
[14:51:43]W:     [Step 2/3] 
[14:51:43] :     [Step 2/3] You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
[14:51:43] :     [Step 2/3] 
[14:51:43]W:     [Step 2/3] FAILURE: Build failed with an exception.
[14:51:43]W:     [Step 2/3] 
[14:51:43] :     [Step 2/3] See https://docs.gradle.org/7.6.4/userguide/command_line_interface.html#sec:command_line_warnings
[14:51:43]W:     [Step 2/3] * What went wrong:
[14:51:43]W:     [Step 2/3] Execution failed for task ':dependencyCheckAggregate'.
[14:51:43] :     [Step 2/3] 8 actionable tasks: 8 executed
[14:51:43]W:     [Step 2/3] > Analysis failed.
jeremylong commented 1 day ago

See things like java.lang.NoSuchMethodError: 'org.apache.commons.compress.archivers.zip.ZipFile$Builder org.apache.commons.compress.archivers.zip.ZipFile.builder()' makes me think there is a dependency conflict in your buildEnv. The common buildEnv conflicts can be solved using the documentation here: https://github.com/dependency-check/dependency-check-gradle?tab=readme-ov-file#gradle-build-environment

However, as this is commons compress - you may need to pin it's version as well.