Vulnerability producer crashes during parsing of statements files, then restarts everything

[MagielBruntink]

Repro:

• Clone git@github.com:fasten-project/fasten-docker-deployment.git
• Checkout branch add-vulnerability-producer-and-consumer
• Put Github token in fasten-vulnerability-producer.env
• docker-compose --profile security up -d
• Observe log of Docker container: fasten-docker-deployment_fasten-vulnerability-producer_1

[2021-04-01 15:07:10,612] [INFO ] [main] [e.f.v.u.p.ExtraParser] - Parsing statement file for CVE-2013-4286
Cannot create property=notes for JavaBean=eu.fasten.vulnerabilityproducer.utils.mappers.YAMLHandler$SAPVulnMapper@79c5460e
in 'string', line 1, column 1:
vulnerability_id: CVE-2013-4286
^
Cannot create property=links for JavaBean=eu.fasten.vulnerabilityproducer.utils.mappers.YAMLHandler$NoteTextMapper@2e73d5eb
in 'string', line 3, column 3:
- links: []
^
Unable to find property 'links' on class: eu.fasten.vulnerabilityproducer.utils.mappers.YAMLHandler$NoteTextMapper
in 'string', line 3, column 10:
- links: []
^
in 'string', line 3, column 1:
- links: []
^
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:292)
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:171)
at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:331)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:219)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:173)
at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:157)
at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:472)
at org.yaml.snakeyaml.Yaml.load(Yaml.java:398)
at eu.fasten.vulnerabilityproducer.utils.parsers.ExtraParser.injectSAPProjectKb(ExtraParser.java:323)
at eu.fasten.vulnerabilityproducer.utils.parsers.ExtraParser.getVulnerabilities(ExtraParser.java:483)
at eu.fasten.vulnerabilityproducer.utils.parsers.ParserManager.getVulnerabilitiesFromParsers(ParserManager.java:92)
at eu.fasten.vulnerabilityproducer.VulnerabilityProducer.start(VulnerabilityProducer.java:105)
at eu.fasten.vulnerabilityproducer.Main.run(Main.java:118)
at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at eu.fasten.vulnerabilityproducer.Main.main(Main.java:72)
Caused by: Cannot create property=links for JavaBean=eu.fasten.vulnerabilityproducer.utils.mappers.YAMLHandler$NoteTextMapper@2e73d5eb
in 'string', line 3, column 3:
- links: []
^
Unable to find property 'links' on class: eu.fasten.vulnerabilityproducer.utils.mappers.YAMLHandler$NoteTextMapper
in 'string', line 3, column 10:
- links: []
^
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:292)
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:171)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:219)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructSequenceStep2(BaseConstructor.java:390)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructSequence(BaseConstructor.java:374)
at org.yaml.snakeyaml.constructor.Constructor$ConstructSequence.construct(Constructor.java:538)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:219)
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.newInstance(Constructor.java:305)
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:268)
... 20 more

Caused by: org.yaml.snakeyaml.error.YAMLException: Unable to find property 'links' on class: eu.fasten.vulnerabilityproducer.utils.mappers.YAMLHandler$NoteTextMapper
at org.yaml.snakeyaml.introspector.PropertyUtils.getProperty(PropertyUtils.java:159)
at org.yaml.snakeyaml.introspector.PropertyUtils.getProperty(PropertyUtils.java:148)
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.getProperty(Constructor.java:309)
at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:230)
... 30 more
[2021-04-01 15:07:10,630] [DEBUG] [Thread-0] [o.d.n.Nitrite] - Store compaction is successful.
[2021-04-01 15:07:10,632] [INFO ] [Thread-0] [o.d.n.Nitrite] - Nitrite database has been closed successfully.

[MagielBruntink]

Seems the statements for SAP advisories sometimes contain an empty - links[] entry in the notes, this is unexpected by the parser, hence the exception. I attached the statement file that causes the issue. statement.zip