Closed Idanatcox closed 10 years ago
I think this is an issue with how the Veracode api is authenticating to their service. I remember having a similiar issue, and thinking it was tied to this (Java Bug)[http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6459815]. I'll see if I can find out if Veracode has updated their API to use a Base64Encoder so that the authentication doesn't have this issue. Do you have the option of changing your Veracode password? If so, try changing it to a username:password combo that does not exceed 76 characters.
Thank you so much for the quick informative response, our username:password encoded combo is only 33 characters total. I have noticed the above bug in my google searches, and it seems like it has been issued a fix long time ago. It looks like the HttpURLConnection class is part of rt.jar(JRE it self right) so I tried changing the JDK of the build and it didn't work and the jre of Jenkins with no success. I've tried rebuilding the plugin with pom's parent to our specific version with no success.
I think I know what the problem is. The Veracode API is encrypting your creditials with the following code:
String credentials = username + ":" + password;
String encodedCredentials = org.apache.commons.codec.binary.Base64.encodeBase64String(credentials.getBytes());
String authorization = "Basic " + encodedCredentials;
If your encrypted Basic header happens to contain a line feed character, then an IllegalArgumentException will be thrown from the HttpURLConnection.checkMessageHeader method. Can you try encoding your username:password combo to confirm a newline character exists? I'm not sure why this would be the case, but it's my best guess right now... :)
It looks like the Veracode API has been updated to encode the credentials correctly, so I'll work on updating the API and getting an update published.
Yeah, I've tried searching for new line char but there wasn't any. Your help is highly appreciated! Thanks
I've compiled the plugin with the new veracode jar and I can verify it does fixed the issue. Thank you so much for the support.
Thanks for confirming! I've updated the api and released an updated version of the plugin. The update should be available form within jenkins in ~6 hours.
That’s great! Thank you
From: mbockus [mailto:notifications@github.com] Sent: Tuesday, October 08, 2013 3:14 PM To: mbockus/veracode-scanner Cc: Bidani, Idan Subject: Re: [veracode-scanner] Exception on build (#4)
Thanks for confirming! I've updated the api and released an updated version of the plugin. The update should be available form within jenkins in ~6 hours.
— Reply to this email directly or view it on GitHubhttps://github.com/mbockus/veracode-scanner/issues/4#issuecomment-25918863.
Hi,
We are running Jenkins 1.483 with JDK 1.7.40 on a windows 2008 R2. We installed "veracode-scanner" 1.2 on it and configured user/pass. while running build we are getting the following exception. Any help will be very appreciated
Thanks, Idan
Illegal character(s) in message header value: Basic==
java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic==
FATAL: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic==
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic==
Caused by: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic==