search

higolab / Osmy

Osmy: A tool for software management using SPDX Documents
MIT License
2 stars 0 forks source link

OSVExceptionを適切にハンドリングする #33

Open rioil opened 1 year ago

rioil commented 1 year ago

OSVExceptionが発生すると落ちます.

fail: Microsoft.Extensions.Hosting.Internal.Host[9]
      BackgroundService failed
      System.AggregateException: One or more errors occurred. (Exception of type 'OSV.Client.OSVException' was thrown.)
       ---> OSV.Client.OSVException: Exception of type 'OSV.Client.OSVException' was thrown.
       ---> System.Net.Http.HttpRequestException: Request failed with status code GatewayTimeout
         --- End of inner exception stack trace ---
         at Osmy.Server.Services.OSVClientEx.ExecuteAsync[T](RestRequest request, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 67
         at Osmy.Server.Services.OSVClientEx.QueryAffectedBatchAsync(BatchQueryEx batchQuery, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 51
         --- End of inner exception stack trace ---
         at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
         at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
         at Osmy.Server.Services.VulnerabilityScanner.<>c__DisplayClass8_1.<ExecuteBatchQueryAsync>b__1(Task`1 t) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 160
         at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
         at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
      --- End of stack trace from previous location ---
         at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
      --- End of stack trace from previous location ---
         at Osmy.Server.Services.VulnerabilityScanner.ScanPackageVulnerability(SbomPackageComponent[] pkgs, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 98
         at Osmy.Server.Services.VulnerabilityScanner.ScanAllAsync(CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 47
         at Osmy.Server.Services.VulnerabilityScanService.StartAutoScanRequest(CancellationToken stoppingToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanService.cs:line 38
         at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
crit: Microsoft.Extensions.Hosting.Internal.Host[10]
      The HostOptions.BackgroundServiceExceptionBehavior is configured to StopHost. A BackgroundService has thrown an unhandled exception, and the IHost instance is stopping. To avoid this behavior, configure this to Ignore; however the BackgroundService will not be restarted.
      System.AggregateException: One or more errors occurred. (Exception of type 'OSV.Client.OSVException' was thrown.)
       ---> OSV.Client.OSVException: Exception of type 'OSV.Client.OSVException' was thrown.
       ---> System.Net.Http.HttpRequestException: Request failed with status code GatewayTimeout
         --- End of inner exception stack trace ---
         at Osmy.Server.Services.OSVClientEx.ExecuteAsync[T](RestRequest request, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 67
         at Osmy.Server.Services.OSVClientEx.QueryAffectedBatchAsync(BatchQueryEx batchQuery, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 51
         --- End of inner exception stack trace ---
         at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
         at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
         at Osmy.Server.Services.VulnerabilityScanner.<>c__DisplayClass8_1.<ExecuteBatchQueryAsync>b__1(Task`1 t) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 160
         at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
         at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
      --- End of stack trace from previous location ---
         at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
      --- End of stack trace from previous location ---
         at Osmy.Server.Services.VulnerabilityScanner.ScanPackageVulnerability(SbomPackageComponent[] pkgs, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 98
         at Osmy.Server.Services.VulnerabilityScanner.ScanAllAsync(CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 47
         at Osmy.Server.Services.VulnerabilityScanService.StartAutoScanRequest(CancellationToken stoppingToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanService.cs:line 38
         at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
rioil commented 10 months ago

この部分でcatchしているので,落ちることは無くなっていますが,ログが出力が無く,例外が握りつぶされています. そもそもこの例外はOSV側の問題なので,プログラムを異常終了させたり,脆弱性診断をスキップしてユーザーに通知したりするべきかもしれません.

https://github.com/higolab/Osmy/blob/89ea5031681f4e26ace57ce8eb33b97250d91837/Osmy.Server/Services/VulnerabilityScanService.cs#L36-L47