Zstandard compression is not available

[31deR]

Describe the bug Getting error "Zstandard compression is not available" when scanning some packages after upgrading from 7.3.2 to 8.4.0

Version of dependency-check used The problem occurs using version 8.4.0 of the cli

Log file In report file Zstandard compression is not available exception: org.owasp.dependencycheck.analyzer.exception.AnalysisException: Zstandard compression is not available org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:507) org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:295) org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277) org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) java.base/java.lang.Thread.run(Thread.java:832) Zstandard compression is not available cause: java.io.IOException: Zstandard compression is not available org.eclipse.packager.rpm.coding.ZstdPayloadCoding.createInputStream(ZstdPayloadCoding.java:45) org.eclipse.packager.rpm.parse.RpmInputStream.setupPayloadStream(RpmInputStream.java:129) org.eclipse.packager.rpm.parse.RpmInputStream.ensureInit(RpmInputStream.java:86) org.eclipse.packager.rpm.parse.RpmInputStream.getPayloadHeader(RpmInputStream.java:147) org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:496) org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:295) org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277) org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) java.base/java.lang.Thread.run(Thread.java:832)

Log: `2023-09-06 15:10:47,731 org.owasp.dependencycheck.utils.Settings:970 DEBUG - Properties updated via merge:

analyzer.cocoapods.enabled='true' cve.url.base='https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.json.gz' proxy.disableSchemas='true' cve.url.modified.validfordays='7' analyzer.dependencybundling.enabled='true' cve.url.original='https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz' odc.ecosystem.maxquerylimit.native='1000' data.connection_string='jdbc:h2:file:%s;AUTOCOMMIT=ON;CACHE_SIZE=65536;RETENTION_TIME=1000;MAX_COMPACT_TIME=10000;' archive.scan.depth='3' analyzer.cmake.enabled='true' analyzer.pipfile.enabled='true' cve.download.waittime='4000' odc.application.name='Dependency-Check Core' analyzer.retirejs.repo.validforhours='24' analyzer.node.package.enabled='true' analyzer.central.url='https://search.maven.org/solrsearch/select' analyzer.pe.enabled='false' analyzer.poetry.enabled='true' downloader.quick.query.timestamp='true' analyzer.archive.enabled='true' analyzer.retirejs.repo.js.url='https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' analyzer.swift.package.resolved.enabled='true' cpe.url='https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz' analyzer.ossindex.url='https://ossindex.sonatype.org' analyzer.nvdcve.enabled='true' analyzer.jar.enabled='true' analyzer.cpe.enabled='true' analyzer.knownexploited.enabled='true' analyzer.cpanfile.enabled='true' data.writelock.shutdownhook='org.owasp.dependencycheck.utils.WriteLockCleanupHook' analyzer.central.query='%s?q=1:%s&wt=xml' analyzer.bundle.audit.enabled='true' analyzer.node.audit.use.cache='true' odc.settings.mask='.password.,.token.' analyzer.dependencymerging.enabled='true' cpe.validfordays='30' analyzer.pnpm.audit.enabled='false' junit.fail.on.cvss='0' central.content.url='https://search.maven.org/remotecontent?filepath=' analyzer.node.audit.url='https://registry.npmjs.org/-/npm/v1/security/audits' odc.application.version='8.4.0' analyzer.msbuildproject.enabled='true' data.user='admin' engine.version.url='https://jeremylong.github.io/DependencyCheck/current.txt' odc.autoupdate='true' analyzer.autoconf.enabled='true' analyzer.cpesuppression.enabled='true' analyzer.retirejs.enabled='true' cve.check.validforhours='4' hosted.suppressions.validforhours='2' analyzer.versionfilter.enabled='true' analyzer.assembly.enabled='true' cve.cpe.startswith.filter='cpe:2.3:a:' analyzer.golang.dep.enabled='true' odc.analysis.timeout='180' analyzer.nexus.url='https://repository.sonatype.org/service/local/' cve.url.base.defaultFilename='nvdcve-1.1-%d.json.gz' analyzer.hint.enabled='true' analyzer.dart.enabled='true' hosted.suppressions.enabled='true' analyzer.retired.enabled='false' database.batchinsert.enabled='true' analyzer.openssl.enabled='true' analyzer.swift.package.manager.enabled='true' analyzer.nuspec.enabled='true' analyzer.central.retry.count='7' analyzer.central.use.cache='true' updater.nvdcve.enabled='true' analyzer.mix.audit.enabled='true' max.download.threads='1' analyzer.central.enabled='true' analyzer.python.distribution.enabled='true' analyzer.nexus.enabled='false' cve.url.modified.defaultFilename='nvdcve-1.1-modified.json.gz' odc.reports.pretty.print='false' analyzer.artifactory.enabled='false' analyzer.retirejs.filternonvulnerable='false' analyzer.ossindex.enabled='true' analyzer.central.parallel.analysis='false' analyzer.nexus.proxy='true' cve.startyear='2002' analyzer.maveninstall.enabled='true' odc.ecosystem.maxquerylimit.default='100' nvd.newyear.grace.period='10' downloader.tls.protocols='TLSv1.1,TLSv1.2,TLSv1.3' data.file_name='odc.mv.db' analyzer.ruby.gemspec.enabled='true' analyzer.composer.lock.enabled='true' data.version='5.4' kev.check.validforhours='24' analyzer.vulnerabilitysuppression.enabled='true' analyzer.libman.enabled='true' data.directory='[JAR]/data/7.0' analyzer.experimental.enabled='false' analyzer.golang.mod.enabled='true' analyzer.filename.enabled='true' analyzer.ossindex.use.cache='true' analyzer.python.package.enabled='true' updater.versioncheck.enabled='true' ecosystem.skip.cpeanalyzer='npm' kev.url='https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json' analyzer.pip.enabled='true' analyzer.falsepositive.enabled='true' analyzer.node.audit.enabled='true' analyzer.yarn.audit.enabled='true' analyzer.npm.cpe.enabled='true' database.batchinsert.maxsize='1000' data.driver_name='org.h2.Driver' hosted.suppressions.url='https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml' data.password='****' analyzer.nugetconf.enabled='true' cve.url.modified='https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz'

2023-09-06 15:10:47,732 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: data.directory='/Users/PycharmProjects/fossproxy/odc840' 2023-09-06 15:10:47,733 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: odc.autoupdate='false' 2023-09-06 15:10:47,734 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.experimental.enabled='true' 2023-09-06 15:10:47,734 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.retirejs.repo.js.url='http://127.0.0.1:8000/jsrepository/' 2023-09-06 15:10:47,734 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.jar.enabled='true' 2023-09-06 15:10:47,734 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.msbuildproject.enabled='true' 2023-09-06 15:10:47,734 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.archive.enabled='true' 2023-09-06 15:10:47,734 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.knownexploited.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.python.distribution.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.python.package.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.autoconf.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.maveninstall.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.pip.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.pipfile.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.poetry.enabled='true' 2023-09-06 15:10:47,735 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.cmake.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.nuspec.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.nugetconf.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.assembly.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.bundle.audit.enabled='false' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.filename.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.mix.audit.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.openssl.enabled='true' 2023-09-06 15:10:47,736 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.composer.lock.enabled='true' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.cpanfile.enabled='true' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.golang.dep.enabled='true' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.golang.mod.enabled='false' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.dart.enabled='true' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.node.package.enabled='false' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.node.audit.enabled='false' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.yarn.audit.enabled='false' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.pnpm.audit.enabled='false' 2023-09-06 15:10:47,737 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.node.audit.use.cache='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.retirejs.enabled='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.swift.package.manager.enabled='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.swift.package.resolved.enabled='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.cocoapods.enabled='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.ruby.gemspec.enabled='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.central.enabled='false' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.central.use.cache='true' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.ossindex.enabled='false' 2023-09-06 15:10:47,738 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.ossindex.use.cache='true' 2023-09-06 15:10:47,739 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: junit.fail.on.cvss='0.0' 2023-09-06 15:10:47,739 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.nexus.url='http://127.0.0.1:8000/nexus/service/local/' 2023-09-06 15:10:47,739 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: analyzer.nexus.proxy='true' 2023-09-06 15:10:47,739 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: data.driver_name='org.postgresql.Driver' 2023-09-06 15:10:47,739 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: data.driver_path='/Users/PycharmProjects/fossproxy/odc840' 2023-09-06 15:10:47,740 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: data.connection_string='jdbc:postgresql://127.0.0.1:5433/odc8?currentSchema=odc8' 2023-09-06 15:10:47,741 org.owasp.dependencycheck.utils.Settings:983 DEBUG - Setting: hosted.suppressions.enabled='true' 2023-09-06 15:10:47,742 org.owasp.dependencycheck.App:356 DEBUG - Scanning /Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm 2023-09-06 15:10:47,752 org.owasp.dependencycheck.App:371 DEBUG - BaseDir: /Users/PycharmProjects/fossproxy/media/scan_files 2023-09-06 15:10:47,752 org.owasp.dependencycheck.App:372 DEBUG - Include: 1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm 2023-09-06 15:10:47,758 org.owasp.dependencycheck.App:390 DEBUG - Found file /Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm 2023-09-06 15:10:47,778 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Archive Analyzer 2023-09-06 15:10:47,779 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer File Name Analyzer 2023-09-06 15:10:47,792 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer PE Analyzer 2023-09-06 15:10:47,794 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Jar Analyzer 2023-09-06 15:10:47,795 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Hint Analyzer 2023-09-06 15:10:47,798 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer CPE Analyzer 2023-09-06 15:10:47,799 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer NPM CPE Analyzer 2023-09-06 15:10:47,800 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer False Positive Analyzer 2023-09-06 15:10:47,802 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Dependency Bundling Analyzer 2023-09-06 15:10:47,802 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Dependency Merging Analyzer 2023-09-06 15:10:47,803 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer NVD CVE Analyzer 2023-09-06 15:10:47,804 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Vulnerability Suppression Analyzer 2023-09-06 15:10:47,806 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Central Analyzer 2023-09-06 15:10:47,806 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Nexus Analyzer 2023-09-06 15:10:47,807 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Artifactory Analyzer 2023-09-06 15:10:47,807 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Nuspec Analyzer 2023-09-06 15:10:47,808 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Nugetconf Analyzer 2023-09-06 15:10:47,810 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer MSBuild Project Analyzer 2023-09-06 15:10:47,811 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Assembly Analyzer 2023-09-06 15:10:47,812 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Python Distribution Analyzer 2023-09-06 15:10:47,815 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Python Package Analyzer 2023-09-06 15:10:47,816 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer pip Analyzer 2023-09-06 15:10:47,816 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Pipfile Analyzer 2023-09-06 15:10:47,818 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Pipfile.lock Analyzer 2023-09-06 15:10:47,818 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Poetry Analyzer 2023-09-06 15:10:47,819 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Autoconf Analyzer 2023-09-06 15:10:47,820 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer OpenSSL Source Analyzer 2023-09-06 15:10:47,821 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer CMake Analyzer 2023-09-06 15:10:47,823 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Node.js Package Analyzer 2023-09-06 15:10:47,824 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Node Audit Analyzer 2023-09-06 15:10:47,825 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Yarn Audit Analyzer 2023-09-06 15:10:47,826 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Pnpm Audit Analyzer 2023-09-06 15:10:47,827 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Golang Mod Analyzer 2023-09-06 15:10:47,827 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Golang Dep Analyzer 2023-09-06 15:10:47,828 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer RetireJS Analyzer 2023-09-06 15:10:47,829 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Ruby Gemspec Analyzer 2023-09-06 15:10:47,830 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Ruby Bundler Analyzer 2023-09-06 15:10:47,831 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Ruby Bundle Audit Analyzer 2023-09-06 15:10:47,831 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Elixir Mix Audit Analyzer 2023-09-06 15:10:47,835 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Composer.lock analyzer 2023-09-06 15:10:47,836 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer CocoaPods Package Analyzer 2023-09-06 15:10:47,836 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer SWIFT Package Manager Analyzer 2023-09-06 15:10:47,837 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer SWIFT Package Resolved Analyzer 2023-09-06 15:10:47,837 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Version Filter Analyzer 2023-09-06 15:10:47,839 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Sonatype OSS Index Analyzer 2023-09-06 15:10:47,839 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Perl cpanfile Analyzer 2023-09-06 15:10:47,882 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Pinned Maven install Analyzer 2023-09-06 15:10:47,883 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Known Exploited Vulnerability Analyzer 2023-09-06 15:10:47,884 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Dart Package Analyzer 2023-09-06 15:10:47,884 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Unused Suppression Rule Analyzer 2023-09-06 15:10:47,885 org.owasp.dependencycheck.analyzer.AnalyzerService:113 DEBUG - Loaded Analyzer Libman Analyzer 2023-09-06 15:10:47,886 org.owasp.dependencycheck.utils.Settings:1184 DEBUG - Settings.getDataFile() - file: '/Users/PycharmProjects/fossproxy/odc840' 2023-09-06 15:10:48,103 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:143 DEBUG - Loading driver 'org.postgresql.Driver' 2023-09-06 15:10:48,103 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:146 DEBUG - Loading driver from: /Users/PycharmProjects/fossproxy/odc840 2023-09-06 15:10:48,127 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:178 DEBUG - Loading database connection 2023-09-06 15:10:48,127 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:179 DEBUG - Connection String: jdbc:postgresql://127.0.0.1:5433/odc8?currentSchema=odc8 2023-09-06 15:10:48,127 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:180 DEBUG - Database User: admin 2023-09-06 15:10:48,652 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:241 DEBUG - Database product: postgresql 2023-09-06 15:10:48,686 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:502 DEBUG - DC Schema: 5.4 2023-09-06 15:10:48,697 org.owasp.dependencycheck.data.nvdcve.DatabaseManager:503 DEBUG - DB Schema: 5.4 2023-09-06 15:10:49,022 org.owasp.dependencycheck.Engine:641 INFO -

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html

💖 Sponsor: https://github.com/sponsors/jeremylong

2023-09-06 15:10:49,023 org.owasp.dependencycheck.Engine:651 DEBUG -

BEGIN ANALYSIS

2023-09-06 15:10:49,023 org.owasp.dependencycheck.Engine:652 INFO - Analysis Started 2023-09-06 15:10:49,024 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Archive Analyzer 2023-09-06 15:10:49,024 org.owasp.dependencycheck.utils.FileUtils:121 DEBUG - Temporary directory is /var/folders/vy/dhppcn5d3ws8p8m03kjpt0s1gsp2ts/T/dctempfc6179e6-1238-4892-ac1e-16b3eda15b82 2023-09-06 15:10:49,026 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Archive Analyzer 2023-09-06 15:10:49,027 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: Archive Analyzer. 2023-09-06 15:10:49,029 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Archive Analyzer) 2023-09-06 15:10:49,038 org.eclipse.packager.rpm.parse.RpmInputStream:220 DEBUG - Skipping 4 pad bytes 2023-09-06 15:10:49,052 org.owasp.dependencycheck.analyzer.ArchiveAnalyzer:505 ERROR - Exception reading archive '1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm'. 2023-09-06 15:10:49,053 org.owasp.dependencycheck.analyzer.ArchiveAnalyzer:506 DEBUG - java.io.IOException: Zstandard compression is not available at org.eclipse.packager.rpm.coding.ZstdPayloadCoding.createInputStream(ZstdPayloadCoding.java:45) at org.eclipse.packager.rpm.parse.RpmInputStream.setupPayloadStream(RpmInputStream.java:129) at org.eclipse.packager.rpm.parse.RpmInputStream.ensureInit(RpmInputStream.java:86) at org.eclipse.packager.rpm.parse.RpmInputStream.getPayloadHeader(RpmInputStream.java:147) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:496) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:295) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832) 2023-09-06 15:10:49,054 org.owasp.dependencycheck.AnalysisTask:90 WARN - An error occurred while analyzing '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Archive Analyzer). 2023-09-06 15:10:49,054 org.owasp.dependencycheck.AnalysisTask:91 DEBUG - org.owasp.dependencycheck.analyzer.exception.AnalysisException: Zstandard compression is not available at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:507) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:295) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832) Caused by: java.io.IOException: Zstandard compression is not available at org.eclipse.packager.rpm.coding.ZstdPayloadCoding.createInputStream(ZstdPayloadCoding.java:45) at org.eclipse.packager.rpm.parse.RpmInputStream.setupPayloadStream(RpmInputStream.java:129) at org.eclipse.packager.rpm.parse.RpmInputStream.ensureInit(RpmInputStream.java:86) at org.eclipse.packager.rpm.parse.RpmInputStream.getPayloadHeader(RpmInputStream.java:147) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:496) ... 9 common frames omitted 2023-09-06 15:10:49,054 org.owasp.dependencycheck.Engine:675 INFO - Finished Archive Analyzer (0 seconds) 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Ruby Bundle Audit Analyzer 2023-09-06 15:10:49,055 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Ruby Bundle Audit Analyzer has been disabled 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Ruby Bundle Audit Analyzer (not enabled) 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Elixir Mix Audit Analyzer 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Elixir Mix Audit Analyzer (not enabled) 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing File Name Analyzer 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:760 DEBUG - Starting File Name Analyzer 2023-09-06 15:10:49,055 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: File Name Analyzer. 2023-09-06 15:10:49,055 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (File Name Analyzer) 2023-09-06 15:10:49,059 org.owasp.dependencycheck.Engine:675 INFO - Finished File Name Analyzer (0 seconds) 2023-09-06 15:10:49,059 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Jar Analyzer 2023-09-06 15:10:49,059 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Jar Analyzer (not enabled) 2023-09-06 15:10:49,059 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Central Analyzer 2023-09-06 15:10:49,059 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Central Analyzer has been disabled 2023-09-06 15:10:49,059 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Central Analyzer (not enabled) 2023-09-06 15:10:49,059 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Nexus Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Nexus Analyzer has been disabled 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Nexus Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Artifactory Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Artifactory Analyzer has been disabled 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Artifactory Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Nuspec Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Nuspec Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Nugetconf Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Nugetconf Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing MSBuild Project Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping MSBuild Project Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Assembly Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Assembly Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Python Distribution Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Python Distribution Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Python Package Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Python Package Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing pip Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping pip Analyzer (not enabled) 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Pipfile Analyzer 2023-09-06 15:10:49,060 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Pipfile Analyzer (not enabled) 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Pipfile.lock Analyzer 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Pipfile.lock Analyzer (not enabled) 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Poetry Analyzer 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Poetry Analyzer (not enabled) 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Autoconf Analyzer 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Autoconf Analyzer (not enabled) 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing OpenSSL Source Analyzer 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping OpenSSL Source Analyzer (not enabled) 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing CMake Analyzer 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping CMake Analyzer (not enabled) 2023-09-06 15:10:49,061 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Node.js Package Analyzer 2023-09-06 15:10:49,061 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Node.js Package Analyzer has been disabled 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Node.js Package Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Golang Mod Analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Golang Mod Analyzer has been disabled 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Golang Mod Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Golang Dep Analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Golang Dep Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Ruby Gemspec Analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Ruby Gemspec Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Ruby Bundler Analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Ruby Bundler Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Composer.lock analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Composer.lock analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing CocoaPods Package Analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping CocoaPods Package Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing SWIFT Package Manager Analyzer 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping SWIFT Package Manager Analyzer (not enabled) 2023-09-06 15:10:49,062 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing SWIFT Package Resolved Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping SWIFT Package Resolved Analyzer (not enabled) 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Perl cpanfile Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Perl cpanfile Analyzer (not enabled) 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Pinned Maven install Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Pinned Maven install Analyzer (not enabled) 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Dart Package Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Dart Package Analyzer (not enabled) 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Libman Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Libman Analyzer (not enabled) 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing PE Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - PE Analyzer has been disabled 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping PE Analyzer (not enabled) 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Dependency Merging Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Dependency Merging Analyzer 2023-09-06 15:10:49,063 org.owasp.dependencycheck.Engine:811 DEBUG - Parallel processing is not supported: Dependency Merging Analyzer. 2023-09-06 15:10:49,064 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Dependency Merging Analyzer) 2023-09-06 15:10:49,065 org.owasp.dependencycheck.Engine:675 INFO - Finished Dependency Merging Analyzer (0 seconds) 2023-09-06 15:10:49,065 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Hint Analyzer 2023-09-06 15:10:49,184 org.owasp.dependencycheck.analyzer.HintAnalyzer:333 DEBUG - 51 hint rules were loaded. 2023-09-06 15:10:49,185 org.owasp.dependencycheck.analyzer.HintAnalyzer:334 DEBUG - 6 duplicating hint rules were loaded. 2023-09-06 15:10:49,185 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Hint Analyzer 2023-09-06 15:10:49,185 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: Hint Analyzer. 2023-09-06 15:10:49,185 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Hint Analyzer) 2023-09-06 15:10:49,186 org.owasp.dependencycheck.Engine:675 INFO - Finished Hint Analyzer (0 seconds) 2023-09-06 15:10:49,186 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Version Filter Analyzer 2023-09-06 15:10:49,186 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Version Filter Analyzer 2023-09-06 15:10:49,186 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: Version Filter Analyzer. 2023-09-06 15:10:49,187 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Version Filter Analyzer) 2023-09-06 15:10:49,188 org.owasp.dependencycheck.Engine:675 INFO - Finished Version Filter Analyzer (0 seconds) 2023-09-06 15:10:49,188 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing NPM CPE Analyzer 2023-09-06 15:10:49,968 org.owasp.dependencycheck.analyzer.NpmCPEAnalyzer:106 INFO - Created CPE Index (0 seconds) 2023-09-06 15:10:49,969 org.owasp.dependencycheck.analyzer.CPEAnalyzer:206 DEBUG - Skipping CPE Analysis for npm 2023-09-06 15:10:50,072 org.owasp.dependencycheck.utils.Settings:1184 DEBUG - Settings.getDataFile() - file: '/Users/PycharmProjects/fossproxy/odc840' 2023-09-06 15:10:50,072 org.owasp.dependencycheck.utils.Settings:1184 DEBUG - Settings.getDataFile() - file: '/Users/PycharmProjects/fossproxy/odc840' 2023-09-06 15:10:50,115 org.owasp.dependencycheck.utils.WriteLock:168 DEBUG - Lock file created (main) 6eba0153191ff61d4c9586634f0116c3 @ 2023-09-06 15:10:50.115 2023-09-06 15:10:50,117 org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer:285 DEBUG - copying hosted suppressions file /Users/PycharmProjects/fossproxy/odc840/publishedSuppressions.xml to /var/folders/vy/dhppcn5d3ws8p8m03kjpt0s1gsp2ts/T/dc-basesuppressions7080265610639252877.xml 2023-09-06 15:10:50,118 org.owasp.dependencycheck.utils.WriteLock:240 DEBUG - Lock released (main) 6eba0153191ff61d4c9586634f0116c3 @ 2023-09-06 15:10:50.118 2023-09-06 15:10:50,130 org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer:160 DEBUG - 0 suppression rules were loaded. 2023-09-06 15:10:50,130 org.owasp.dependencycheck.Engine:760 DEBUG - Starting NPM CPE Analyzer 2023-09-06 15:10:50,130 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: NPM CPE Analyzer. 2023-09-06 15:10:50,131 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (NPM CPE Analyzer) 2023-09-06 15:10:50,131 org.owasp.dependencycheck.Engine:675 INFO - Finished NPM CPE Analyzer (0 seconds) 2023-09-06 15:10:50,131 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing CPE Analyzer 2023-09-06 15:10:52,388 org.owasp.dependencycheck.analyzer.CPEAnalyzer:231 INFO - Created CPE Index (2 seconds) 2023-09-06 15:10:52,389 org.owasp.dependencycheck.analyzer.CPEAnalyzer:206 DEBUG - Skipping CPE Analysis for npm 2023-09-06 15:10:52,389 org.owasp.dependencycheck.Engine:760 DEBUG - Starting CPE Analyzer 2023-09-06 15:10:52,389 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: CPE Analyzer. 2023-09-06 15:10:52,389 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (CPE Analyzer) 2023-09-06 15:10:52,395 org.owasp.dependencycheck.data.cpe.AbstractMemoryIndex:273 DEBUG - product:(1694002246_909691_patchelf) AND vendor:(1694002246_909691_patchelf) 2023-09-06 15:10:52,470 org.owasp.dependencycheck.Engine:675 INFO - Finished CPE Analyzer (2 seconds) 2023-09-06 15:10:52,470 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing False Positive Analyzer 2023-09-06 15:10:52,470 org.owasp.dependencycheck.Engine:760 DEBUG - Starting False Positive Analyzer 2023-09-06 15:10:52,470 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: False Positive Analyzer. 2023-09-06 15:10:52,470 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (False Positive Analyzer) 2023-09-06 15:10:52,474 org.owasp.dependencycheck.Engine:675 INFO - Finished False Positive Analyzer (0 seconds) 2023-09-06 15:10:52,474 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing NVD CVE Analyzer 2023-09-06 15:10:52,474 org.owasp.dependencycheck.Engine:760 DEBUG - Starting NVD CVE Analyzer 2023-09-06 15:10:52,475 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: NVD CVE Analyzer. 2023-09-06 15:10:52,475 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (NVD CVE Analyzer) 2023-09-06 15:10:52,477 org.owasp.dependencycheck.data.nvdcve.CveDB:622 DEBUG - Cache miss for cpe:2.3:a:patchelf_project:patchelf:0.15.0.1:::::::* 2023-09-06 15:10:52,502 org.owasp.dependencycheck.Engine:675 INFO - Finished NVD CVE Analyzer (0 seconds) 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Node Audit Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Node Audit Analyzer has been disabled 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Node Audit Analyzer (not enabled) 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Yarn Audit Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Yarn Audit Analyzer has been disabled 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Yarn Audit Analyzer (not enabled) 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Pnpm Audit Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Pnpm Audit Analyzer has been disabled 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Pnpm Audit Analyzer (not enabled) 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing RetireJS Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping RetireJS Analyzer (not enabled) 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Sonatype OSS Index Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.analyzer.AbstractAnalyzer:104 DEBUG - Sonatype OSS Index Analyzer has been disabled 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:677 DEBUG - Skipping Sonatype OSS Index Analyzer (not enabled) 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Vulnerability Suppression Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Vulnerability Suppression Analyzer 2023-09-06 15:10:52,503 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: Vulnerability Suppression Analyzer. 2023-09-06 15:10:52,504 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Vulnerability Suppression Analyzer) 2023-09-06 15:10:52,504 org.owasp.dependencycheck.Engine:675 INFO - Finished Vulnerability Suppression Analyzer (0 seconds) 2023-09-06 15:10:52,504 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Known Exploited Vulnerability Analyzer 2023-09-06 15:10:52,576 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Known Exploited Vulnerability Analyzer 2023-09-06 15:10:52,577 org.owasp.dependencycheck.Engine:808 DEBUG - Parallel processing with up to 12 threads: Known Exploited Vulnerability Analyzer. 2023-09-06 15:10:52,577 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Known Exploited Vulnerability Analyzer) 2023-09-06 15:10:52,577 org.owasp.dependencycheck.Engine:675 INFO - Finished Known Exploited Vulnerability Analyzer (0 seconds) 2023-09-06 15:10:52,577 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Dependency Bundling Analyzer 2023-09-06 15:10:52,577 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Dependency Bundling Analyzer 2023-09-06 15:10:52,577 org.owasp.dependencycheck.Engine:811 DEBUG - Parallel processing is not supported: Dependency Bundling Analyzer. 2023-09-06 15:10:52,578 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Dependency Bundling Analyzer) 2023-09-06 15:10:52,578 org.owasp.dependencycheck.Engine:675 INFO - Finished Dependency Bundling Analyzer (0 seconds) 2023-09-06 15:10:52,578 org.owasp.dependencycheck.Engine:825 DEBUG - Initializing Unused Suppression Rule Analyzer 2023-09-06 15:10:52,578 org.owasp.dependencycheck.Engine:760 DEBUG - Starting Unused Suppression Rule Analyzer 2023-09-06 15:10:52,578 org.owasp.dependencycheck.Engine:811 DEBUG - Parallel processing is not supported: Unused Suppression Rule Analyzer. 2023-09-06 15:10:52,579 org.owasp.dependencycheck.AnalysisTask:86 DEBUG - Begin Analysis of '/Users/PycharmProjects/fossproxy/media/scan_files/1694002246_909691_patchelf-0.15.0-1.el9.x86_64.rpm' (Unused Suppression Rule Analyzer) 2023-09-06 15:10:52,579 org.owasp.dependencycheck.Engine:675 INFO - Finished Unused Suppression Rule Analyzer (0 seconds) 2023-09-06 15:10:52,581 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Archive Analyzer' 2023-09-06 15:10:52,581 org.owasp.dependencycheck.analyzer.ArchiveAnalyzer:229 DEBUG - Attempting to delete temporary files from /var/folders/vy/dhppcn5d3ws8p8m03kjpt0s1gsp2ts/T/dctempfc6179e6-1238-4892-ac1e-16b3eda15b82/check6235286564337577621tmp 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Ruby Bundle Audit Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Elixir Mix Audit Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'File Name Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Jar Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Central Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Nexus Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Artifactory Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Nuspec Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Nugetconf Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'MSBuild Project Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Assembly Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Python Distribution Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Python Package Analyzer' 2023-09-06 15:10:52,592 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'pip Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Pipfile Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Pipfile.lock Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Poetry Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Autoconf Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'OpenSSL Source Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'CMake Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Node.js Package Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Golang Mod Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Golang Dep Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Ruby Gemspec Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Ruby Bundler Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Composer.lock analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'CocoaPods Package Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'SWIFT Package Manager Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'SWIFT Package Resolved Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Perl cpanfile Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Pinned Maven install Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Dart Package Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Libman Analyzer' 2023-09-06 15:10:52,593 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'PE Analyzer' 2023-09-06 15:10:52,594 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Dependency Merging Analyzer' 2023-09-06 15:10:52,594 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Hint Analyzer' 2023-09-06 15:10:52,594 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Version Filter Analyzer' 2023-09-06 15:10:52,594 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'NPM CPE Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'CPE Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'False Positive Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'NVD CVE Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Node Audit Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Yarn Audit Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Pnpm Audit Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'RetireJS Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Sonatype OSS Index Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Vulnerability Suppression Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Known Exploited Vulnerability Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Dependency Bundling Analyzer' 2023-09-06 15:10:52,597 org.owasp.dependencycheck.Engine:856 DEBUG - Closing Analyzer 'Unused Suppression Rule Analyzer' 2023-09-06 15:10:52,598 org.owasp.dependencycheck.Engine:685 DEBUG -

END ANALYSIS

2023-09-06 15:10:52,598 org.owasp.dependencycheck.Engine:687 INFO - Analysis Complete (3 seconds) 2023-09-06 15:10:52,617 org.apache.velocity.runtime.RuntimeInstance:272 DEBUG - Initializing Velocity, Calling init()... 2023-09-06 15:10:52,617 org.apache.velocity.runtime.RuntimeInstance:276 DEBUG - Starting Apache Velocity v2.3 2023-09-06 15:10:52,619 org.apache.velocity.runtime.RuntimeInstance:522 DEBUG - Default Properties resource: org/apache/velocity/runtime/defaults/velocity.properties 2023-09-06 15:10:52,624 org.apache.velocity.runtime.resource.loader.ResourceLoaderFactory:48 DEBUG - ResourceLoader instantiated: org.apache.velocity.runtime.resource.loader.FileResourceLoader 2023-09-06 15:10:52,625 org.apache.velocity.runtime.resource.loader.FileResourceLoader:84 DEBUG - FileResourceLoader: adding path '.' 2023-09-06 15:10:52,626 org.apache.velocity.runtime.resource.ResourceCacheImpl:119 DEBUG - initialized (class org.apache.velocity.runtime.resource.ResourceCacheImpl) with class java.util.Collections$SynchronizedMap cache map. 2023-09-06 15:10:52,627 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Stop 2023-09-06 15:10:52,627 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Define 2023-09-06 15:10:52,628 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Break 2023-09-06 15:10:52,628 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Evaluate 2023-09-06 15:10:52,629 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Macro 2023-09-06 15:10:52,629 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Parse 2023-09-06 15:10:52,630 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Include 2023-09-06 15:10:52,631 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Foreach 2023-09-06 15:10:52,647 org.apache.velocity.runtime.ParserPoolImpl:57 DEBUG - Created '20' parsers. 2023-09-06 15:10:52,663 org.apache.velocity.runtime.VelocimacroFactory:152 DEBUG - "velocimacro.library.path" is not set. Trying default library: velocimacros.vtl 2023-09-06 15:10:52,665 org.apache.velocity.runtime.VelocimacroFactory:162 DEBUG - Default library velocimacros.vtl not found. Trying old default library: VM_global_library.vm 2023-09-06 15:10:52,665 org.apache.velocity.runtime.VelocimacroFactory:169 DEBUG - Old default library VM_global_library.vm not found. 2023-09-06 15:10:52,665 org.apache.velocity.runtime.VelocimacroFactory:253 DEBUG - allowInline = true: VMs can be defined inline in templates 2023-09-06 15:10:52,665 org.apache.velocity.runtime.VelocimacroFactory:274 DEBUG - allowInlineToOverride = false: VMs defined inline may NOT replace previous VM definitions 2023-09-06 15:10:52,665 org.apache.velocity.runtime.VelocimacroFactory:297 DEBUG - allowInlineLocal = false: VMs defined inline will be global in scope if allowed. 2023-09-06 15:10:52,665 org.apache.velocity.runtime.VelocimacroFactory:315 DEBUG - autoload off: VM system will not automatically reload global library macros 2023-09-06 15:10:52,679 org.owasp.dependencycheck.reporting.ReportGenerator:413 INFO - Writing report to: /var/folders/vy/dhppcn5d3ws8p8m03kjpt0s1gsp2ts/T/tmpp3xoc80p/dependency-check-report.json 2023-09-06 15:10:52,722 org.apache.velocity.runtime.VelocimacroFactory:385 DEBUG - added VM writeJsonException: source=org.apache.velocity.Template@743c6ce4 2023-09-06 15:10:52,767 org.apache.velocity.runtime.RuntimeInstance:272 DEBUG - Initializing Velocity, Calling init()... 2023-09-06 15:10:52,767 org.apache.velocity.runtime.RuntimeInstance:276 DEBUG - Starting Apache Velocity v2.3 2023-09-06 15:10:52,768 org.apache.velocity.runtime.RuntimeInstance:522 DEBUG - Default Properties resource: org/apache/velocity/runtime/defaults/velocity.properties 2023-09-06 15:10:52,768 org.apache.velocity.runtime.resource.loader.ResourceLoaderFactory:48 DEBUG - ResourceLoader instantiated: org.apache.velocity.runtime.resource.loader.FileResourceLoader 2023-09-06 15:10:52,768 org.apache.velocity.runtime.resource.loader.FileResourceLoader:84 DEBUG - FileResourceLoader: adding path '.' 2023-09-06 15:10:52,768 org.apache.velocity.runtime.resource.ResourceCacheImpl:119 DEBUG - initialized (class org.apache.velocity.runtime.resource.ResourceCacheImpl) with class java.util.Collections$SynchronizedMap cache map. 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Stop 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Define 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Break 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Evaluate 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Macro 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Parse 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Include 2023-09-06 15:10:52,769 org.apache.velocity.runtime.RuntimeInstance:1081 DEBUG - Loaded System Directive: org.apache.velocity.runtime.directive.Foreach 2023-09-06 15:10:52,770 org.apache.velocity.runtime.ParserPoolImpl:57 DEBUG - Created '20' parsers. 2023-09-06 15:10:52,770 org.apache.velocity.runtime.VelocimacroFactory:152 DEBUG - "velocimacro.library.path" is not set. Trying default library: velocimacros.vtl 2023-09-06 15:10:52,770 org.apache.velocity.runtime.VelocimacroFactory:162 DEBUG - Default library velocimacros.vtl not found. Trying old default library: VM_global_library.vm 2023-09-06 15:10:52,770 org.apache.velocity.runtime.VelocimacroFactory:169 DEBUG - Old default library VM_global_library.vm not found. 2023-09-06 15:10:52,771 org.apache.velocity.runtime.VelocimacroFactory:253 DEBUG - allowInline = true: VMs can be defined inline in templates 2023-09-06 15:10:52,771 org.apache.velocity.runtime.VelocimacroFactory:274 DEBUG - allowInlineToOverride = false: VMs defined inline may NOT replace previous VM definitions 2023-09-06 15:10:52,771 org.apache.velocity.runtime.VelocimacroFactory:297 DEBUG - allowInlineLocal = false: VMs defined inline will be global in scope if allowed. 2023-09-06 15:10:52,771 org.apache.velocity.runtime.VelocimacroFactory:315 DEBUG - autoload off: VM system will not automatically reload global library macros 2023-09-06 15:10:52,771 org.owasp.dependencycheck.reporting.ReportGenerator:413 INFO - Writing report to: /var/folders/vy/dhppcn5d3ws8p8m03kjpt0s1gsp2ts/T/tmpp3xoc80p/dependency-check-report.html 2023-09-06 15:10:52,817 org.apache.velocity.runtime.VelocimacroFactory:385 DEBUG - added VM writeHtmlException: source=org.apache.velocity.Template@67594471 2023-09-06 15:10:52,839 org.owasp.dependencycheck.data.nvdcve.CveDB:311 DEBUG - Closing database 2023-09-06 15:10:52,839 org.owasp.dependencycheck.data.nvdcve.CveDB:313 DEBUG - Cache cleared 2023-09-06 15:10:52,840 org.owasp.dependencycheck.data.nvdcve.CveDB:316 DEBUG - Connection closed 2023-09-06 15:10:52,841 org.owasp.dependencycheck.data.nvdcve.CveDB:322 DEBUG - Resources released 2023-09-06 15:10:52,841 org.owasp.dependencycheck.data.nvdcve.DriverLoader:57 DEBUG - Begin deregister driver 2023-09-06 15:10:52,841 org.owasp.dependencycheck.data.nvdcve.DriverLoader:59 DEBUG - End deregister driver 2023-09-06 15:10:53,196 org.owasp.dependencycheck.App:213 ERROR - Zstandard compression is not available 2023-09-06 15:10:53,196 org.owasp.dependencycheck.App:214 DEBUG - unexpected error org.owasp.dependencycheck.analyzer.exception.AnalysisException: Zstandard compression is not available at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:507) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:295) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:277) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832) Caused by: java.io.IOException: Zstandard compression is not available at org.eclipse.packager.rpm.coding.ZstdPayloadCoding.createInputStream(ZstdPayloadCoding.java:45) at org.eclipse.packager.rpm.parse.RpmInputStream.setupPayloadStream(RpmInputStream.java:129) at org.eclipse.packager.rpm.parse.RpmInputStream.ensureInit(RpmInputStream.java:86) at org.eclipse.packager.rpm.parse.RpmInputStream.getPayloadHeader(RpmInputStream.java:147) at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:496) ... 9 common frames omitted 2023-09-06 15:10:53,197 org.owasp.dependencycheck.utils.Settings:895 DEBUG - Deleting ALL temporary files from /var/folders/vy/dhppcn5d3ws8p8m03kjpt0s1gsp2ts/T/dctempfc6179e6-1238-4892-ac1e-16b3eda15b82 2023-09-06 15:10:53,205 org.owasp.dependencycheck.App:87 DEBUG - Exit code: 14 `

To Reproduce scan for example https://mirror.yandex.ru/epel/9/Everything/x86_64/Packages/p/patchelf-0.15.0-1.el9.x86_64.rpm

Expected behavior Exit code 0, no error

Additional context No problem when using ODC 7.3.2

[aikebah]

This is intended change in behavior. The same error occurs in 7.3.2, but is 'swallowed' hidden in the debug logs:

2023-09-06 19:13:55,388 org.owasp.dependencycheck.AnalysisTask:86
DEBUG - Begin Analysis of '/Users/aikebah/Downloads/epel/patchelf-0.15.0-1.el9.x86_64.rpm' (Archive Analyzer)
2023-09-06 19:13:55,391 org.eclipse.packager.rpm.parse.RpmInputStream:220
DEBUG - Skipping 4 pad bytes
2023-09-06 19:13:55,396 org.owasp.dependencycheck.analyzer.ArchiveAnalyzer:500
WARN  - Exception reading archive 'patchelf-0.15.0-1.el9.x86_64.rpm'.
2023-09-06 19:13:55,397 org.owasp.dependencycheck.analyzer.ArchiveAnalyzer:501
DEBUG - 
java.io.IOException: Zstandard compression is not available
    at org.eclipse.packager.rpm.coding.ZstdPayloadCoding.createInputStream(ZstdPayloadCoding.java:45)
    at org.eclipse.packager.rpm.parse.RpmInputStream.setupPayloadStream(RpmInputStream.java:129)
    at org.eclipse.packager.rpm.parse.RpmInputStream.ensureInit(RpmInputStream.java:86)
    at org.eclipse.packager.rpm.parse.RpmInputStream.getPayloadHeader(RpmInputStream.java:147)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(ArchiveAnalyzer.java:492)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze(ArchiveAnalyzer.java:293)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency(ArchiveAnalyzer.java:275)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.lang.Thread.run(Thread.java:833)

The hiding of the error during analysis was fixed by #5371

[aikebah]

In order to scan the contents of zstandard compressed RPM archives you would need to obtain the binaries for your platform of the zstd-jni library and add them to the DependencyCheck classpath.

For the CLI that would entail a command-line similar to:

CLASSPATH_PREFIX=~/Downloads/zstd-jni-1.5.5-5.jar:/~/Downloads/zstd-jni-1.5.5-5-darwin_aarch64.jar dependency-check.sh -s .

[31deR]

In order to scan the contents of zstandard compressed RPM archives you would need to obtain the binaries for your platform of the zstd-jni library and add them to the DependencyCheck classpath.

For the CLI that would entail a command-line similar to:

CLASSPATH_PREFIX=~/Downloads/zstd-jni-1.5.5-5.jar:/~/Downloads/zstd-jni-1.5.5-5-darwin_aarch64.jar dependency-check.sh -s .

Downloaded jars, thanx. I`m running dependency-check.sh from python popen. When adding CLASSPATH_PREFIX getting error No such file or directory: 'CLASSPATH_PREFIX=~/Downloads/zstd-jni-1.5.5-5.jar:/~/Downloads/zstd-jni-1.5.5-5-darwin_aarch64.jar /Users/PycharmProjects/fossproxy/odc840/bin/dependency-check.sh': 'CLASSPATH_PREFIX=~/Downloads/zstd-jni-1.5.5-5.jar:/~/Downloads/zstd-jni-1.5.5-5-darwin_aarch64.jar /Users/PycharmProjects/fossproxy/odc840/bin/dependency-check.sh

Is there some other way to add CLASSPATH_PREFIX? Maybe in custom properties file?

[aikebah]

The idea behind the CLASSPATH_PREFIX as part of the command line is setting an environment variable for just that invocation (dependency-check.sh uses that environment variable to prepend user-controlled libraries to the classpath that it builds for the distribution's libraries)

So use whatever way is appropriate for python's popen to set an environment variable for the popen call

and make sure to put the proper path for the jars for your environment (and make sure that you either are on an Apple M1/M2 system, or swap out the zstd-jni-1.5.5-5-darwin_aarch64.jar with the similar binary of the platform that you run it on (that jar holds the native C library compiled for the Apple Arm64 architecture as indicated by the darwin_aarch64 suffix in the filename)

[31deR]

The idea behind the CLASSPATH_PREFIX as part of the command line is setting an environment variable for just that invocation (dependency-check.sh uses that environment variable to prepend user-controlled libraries to the classpath that it builds for the distribution's libraries)

So use whatever way is appropriate for python's popen to set an environment variable for the popen call

and make sure to put the proper path for the jars for your environment (and make sure that you either are on an Apple M1/M2 system, or swap out the zstd-jni-1.5.5-5-darwin_aarch64.jar with the similar binary of the platform that you run it on (that jar holds the native C library compiled for the Apple Arm64 architecture as indicated by the darwin_aarch64 suffix in the filename)

Thank you very much! It`s working!