search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.43k stars 1.28k forks source link

Error: java.lang.NullPointerException: Cannot invoke "java.util.Map.entrySet()" because "entries" is null #5585

Closed PoteRii closed 1 year ago

PoteRii commented 1 year ago

We are using dependency check action in our github pipeline:

    - name: Run Dependency Check
      uses: dependency-check/Dependency-Check_Action@main
      id: Depcheck
      with:
        project: 'test'
        path: '.'
        format: 'HTML'

    - name: Archive Dependency Check Report
      uses: actions/upload-artifact@master
      with:
        name: Depcheck report
        path: ${{github.workspace}}/reports

We are getting the error: Error: java.lang.NullPointerException: Cannot invoke "java.util.Map.entrySet()" because "entries" is null

Full log:

  with:
    project: test
    path: .
    format: HTML
    out: reports
  env:
    SOLUTION_FILE: ./Space.Service.Common.Factory.sln
    PACKAGE_NAME: Space.Service.Common.Factory
    SPACE_NUGET_URL: https://nuget.pkg.github.com/SpaceBank/
    DOTNET_ROOT: /home/runner/.dotnet
/usr/bin/docker run --name c044[2](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:2)d490c5c076[3](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:3)7[4](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:4)[5](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:5)72ae5c0f5d114f2c8f_ad1710 --label [6](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:6)c0442 --workdir /github/workspace --rm -e "SOLUTION_FILE" -e "PACKAGE_NAME" -e "SPACE_NUGET_URL" -e "DOTNET_ROOT" -e "INPUT_PROJECT" -e "INPUT_PATH" -e "INPUT_FORMAT" -e "INPUT_OUT" -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/Space.Service.Common.Factory/Space.Service.Common.Factory":"/github/workspace" 6c0442:d490c5c0[7](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:7)6374572ae5c0f5d114f2c[8](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:8)f  "--project" "test" "--scan" "." "--format" "HTML" "--out" "/github/workspace/reports" "--noupdate" ""
[INFO] 

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

   About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
   False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html

💖 Sponsor: https://github.com/sponsors/jeremylong

[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Nuspec Analyzer (0 seconds)
[WARN] An error occurred while analyzing '/github/workspace/Space.Service.Common.Factory.UnitTests/Space.Service.Common.Factory.UnitTests.csproj' (MSBuild Project Analyzer).
[WARN] An error occurred while analyzing '/github/workspace/Space.Service.Common.Factory/Space.Service.Common.Factory.csproj' (MSBuild Project Analyzer).
[INFO] Finished MSBuild Project Analyzer (0 seconds)
[INFO] Finished Assembly Analyzer (12 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1[9](https://github.com/SpaceBank/Space.Service.Common.Factory/actions/runs/4497516738/jobs/7913183548#step:12:9) seconds)
[INFO] Writing report to: /github/workspace/reports/dependency-check-report.html
Error:  java.lang.NullPointerException: Cannot invoke "java.util.Map.entrySet()" because "entries" is null
Error:  java.lang.NullPointerException: Cannot invoke "java.util.Map.entrySet()" because "entries" is null

adding Directory.Build.props file to the root folder of the solution (where .sln is located), solves the issue for now:

<Project>
 <PropertyGroup>
 </PropertyGroup>
</Project>
ferben commented 1 year ago

The same in my pipeline. Appear from version 8.2 (yesterday run with version 8.1.2 was OK)

jepp-igus commented 1 year ago

We are also experiencing the same issue. At first we are getting the same warning for all MSBuild Projects and afterwards same amount of errors with :

Error: java.lang.NullPointerException: Cannot invoke "java.util.Map.entrySet()" because "entries" is null

jeremylong commented 1 year ago

duplicate of #5579.