search

mbockus / veracode-scanner

A jenkins plug-in for submitting files for scanning to veracode.
4 stars 17 forks source link

Exception on build #4

Closed Idanatcox closed 10 years ago

Idanatcox commented 10 years ago

Hi,

We are running Jenkins 1.483 with JDK 1.7.40 on a windows 2008 R2. We installed "veracode-scanner" 1.2 on it and configured user/pass. while running build we are getting the following exception. Any help will be very appreciated

Thanks, Idan

Illegal character(s) in message header value: Basic ==

java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ==

FATAL: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ==

org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ==

at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:230)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:143)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:36)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:717)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:692)
at hudson.model.Build$BuildExecution.cleanUp(Build.java:192)
at hudson.model.Run.execute(Run.java:1546)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:236)

Caused by: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic ==

at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:482)
at sun.net.www.protocol.http.HttpURLConnection.isExternalMessageHeaderAllowed(HttpURLConnection.java:434)
at sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:2753)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.setRequestProperty(HttpsURLConnectionImpl.java:316)
at com.veracode.util.http.WebClient.setUpURLConnection(WebClient.java:76)
at com.veracode.util.http.WebClient.downloadString(WebClient.java:29)
at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.getAppList(UploadAPIWrapper.java:560)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:214)
... 10 more
mbockus commented 10 years ago

I think this is an issue with how the Veracode api is authenticating to their service. I remember having a similiar issue, and thinking it was tied to this (Java Bug)[http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6459815]. I'll see if I can find out if Veracode has updated their API to use a Base64Encoder so that the authentication doesn't have this issue. Do you have the option of changing your Veracode password? If so, try changing it to a username:password combo that does not exceed 76 characters.

Idanatcox commented 10 years ago

Thank you so much for the quick informative response, our username:password encoded combo is only 33 characters total. I have noticed the above bug in my google searches, and it seems like it has been issued a fix long time ago. It looks like the HttpURLConnection class is part of rt.jar(JRE it self right) so I tried changing the JDK of the build and it didn't work and the jre of Jenkins with no success. I've tried rebuilding the plugin with pom's parent to our specific version with no success.

mbockus commented 10 years ago

I think I know what the problem is. The Veracode API is encrypting your creditials with the following code:

String credentials = username + ":" + password;
String encodedCredentials = org.apache.commons.codec.binary.Base64.encodeBase64String(credentials.getBytes());
String authorization = "Basic " + encodedCredentials;

If your encrypted Basic header happens to contain a line feed character, then an IllegalArgumentException will be thrown from the HttpURLConnection.checkMessageHeader method. Can you try encoding your username:password combo to confirm a newline character exists? I'm not sure why this would be the case, but it's my best guess right now... :)

mbockus commented 10 years ago

It looks like the Veracode API has been updated to encode the credentials correctly, so I'll work on updating the API and getting an update published.

Idanatcox commented 10 years ago

Yeah, I've tried searching for new line char but there wasn't any. Your help is highly appreciated! Thanks

Idanatcox commented 10 years ago

I've compiled the plugin with the new veracode jar and I can verify it does fixed the issue. Thank you so much for the support.

mbockus commented 10 years ago

Thanks for confirming! I've updated the api and released an updated version of the plugin. The update should be available form within jenkins in ~6 hours.

Idanatcox commented 10 years ago

That’s great! Thank you

From: mbockus [mailto:notifications@github.com] Sent: Tuesday, October 08, 2013 3:14 PM To: mbockus/veracode-scanner Cc: Bidani, Idan Subject: Re: [veracode-scanner] Exception on build (#4)

Thanks for confirming! I've updated the api and released an updated version of the plugin. The update should be available form within jenkins in ~6 hours.

— Reply to this email directly or view it on GitHubhttps://github.com/mbockus/veracode-scanner/issues/4#issuecomment-25918863.