Open expp121 opened 1 year ago
@expp121 thanks for reporting the bug.
Scanning Vulnerability-goapp results in the same error:
sechub | 2023-02-24 11:45:59.745 DEBUG 23 --- [-2ac758fd2084-1] .s.d.s.p.ProductResultTransactionService : persisted result of product id: PDS_CODESCAN , executor config uuid: 396a7458-7a53-4db0-83ec-a06ca865cd9a, product result uuid: d7f77a79-d14b-4ad8-b17d-19b652c163af - traceLogId:__[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__
sechub | 2023-02-24 11:45:59.746 DEBUG 23 --- [-2ac758fd2084-1] .s.d.s.p.AbstractProductExecutionService : __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__ NO execution necessary by WebScanProductExecutionServiceImpl
sechub | 2023-02-24 11:45:59.746 DEBUG 23 --- [-2ac758fd2084-1] .s.d.s.p.AbstractProductExecutionService : __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__ NO execution necessary by InfrastructureScanProductExecutionServiceImpl
sechub | 2023-02-24 11:45:59.746 DEBUG 23 --- [-2ac758fd2084-1] .s.d.s.p.AbstractProductExecutionService : __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__ NO execution necessary by LicenseScanProductExecutionServiceImpl
sechub | 2023-02-24 11:45:59.754 INFO 23 --- [b9-2ac758fd2084] c.m.s.d.scan.InfoLogScanJobListener : Job 779e7a07-1bb1-416f-9cb9-2ac758fd2084 has ended
sechub | 2023-02-24 11:45:59.757 INFO 23 --- [b9-2ac758fd2084] c.m.s.d.s.r.CreateScanReportService : Creating report for __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__, will delete former reports if existing
sechub | 2023-02-24 11:45:59.761 DEBUG 23 --- [b9-2ac758fd2084] .s.d.s.p.AbstractProductExecutionService : search config for project=test-gosec, executor=SERECO, version=1
sechub | 2023-02-24 11:45:59.763 DEBUG 23 --- [b9-2ac758fd2084] .s.d.s.p.AbstractProductExecutionService : no config found for project=test-gosec so skipping executor=SERECO, version=1
sechub | 2023-02-24 11:45:59.763 DEBUG 23 --- [b9-2ac758fd2084] .s.d.s.p.AbstractProductExecutionService : no dedicated configuration for report execution was executed before, so fallback to sereco default behaviour
sechub | 2023-02-24 11:45:59.768 INFO 23 --- [b9-2ac758fd2084] .s.d.s.p.AbstractProductExecutionService : Start executor:SERECO config:null and wait for result. __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__
sechub | 2023-02-24 11:45:59.768 DEBUG 23 --- [b9-2ac758fd2084] .m.s.d.s.p.s.SerecoReportProductExecutor : __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__ start sereco execution
sechub | 2023-02-24 11:45:59.772 DEBUG 23 --- [b9-2ac758fd2084] .m.s.d.s.p.s.SerecoReportProductExecutor : __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__ found product result for 'PDS_CODESCAN'
sechub | 2023-02-24 11:45:59.772 DEBUG 23 --- [b9-2ac758fd2084] .m.s.d.s.p.s.SerecoReportProductExecutor : __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__ start to import result 'd7f77a79-d14b-4ad8-b17d-19b652c163af' from product 'PDS_CODESCAN' , config:396a7458-7a53-4db0-83ec-a06ca865cd9a
sechub | 2023-02-24 11:45:59.773 DEBUG 23 --- [b9-2ac758fd2084] c.mercedesbenz.sechub.sereco.Workspace : Importer NetsparkerV1XMLImporter is NOT able to import d7f77a79-d14b-4ad8-b17d-19b652c163af
sechub | 2023-02-24 11:45:59.773 DEBUG 23 --- [b9-2ac758fd2084] c.mercedesbenz.sechub.sereco.Workspace : Importer CheckmarxV1XMLImporter is NOT able to import d7f77a79-d14b-4ad8-b17d-19b652c163af
sechub | 2023-02-24 11:45:59.773 DEBUG 23 --- [b9-2ac758fd2084] c.mercedesbenz.sechub.sereco.Workspace : Importer NessusV1XMLImporter is NOT able to import d7f77a79-d14b-4ad8-b17d-19b652c163af
sechub | 2023-02-24 11:45:59.799 DEBUG 23 --- [b9-2ac758fd2084] c.mercedesbenz.sechub.sereco.Workspace : Importer SarifV1JSONImporter is able to import d7f77a79-d14b-4ad8-b17d-19b652c163af
sechub | 2023-02-24 11:45:59.808 ERROR 23 --- [b9-2ac758fd2084] .s.d.s.p.AbstractProductExecutionService : Product executor failed:SERECO __[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__
sechub |
sechub | java.lang.NullPointerException: null
sechub | at com.mercedesbenz.sechub.sereco.importer.SarifV1JSONImporter.resolveTargetInformation(SarifV1JSONImporter.java:296)
sechub | at com.mercedesbenz.sechub.sereco.importer.SarifV1JSONImporter.resolveData(SarifV1JSONImporter.java:255)
sechub | at com.mercedesbenz.sechub.sereco.importer.SarifV1JSONImporter.createSerecoVulnerability(SarifV1JSONImporter.java:113)
sechub | at com.mercedesbenz.sechub.sereco.importer.SarifV1JSONImporter.handleEachRun(SarifV1JSONImporter.java:98)
sechub | at com.mercedesbenz.sechub.sereco.importer.SarifV1JSONImporter.importResult(SarifV1JSONImporter.java:88)
sechub | at com.mercedesbenz.sechub.sereco.Workspace.doImport(Workspace.java:91)
sechub | at com.mercedesbenz.sechub.domain.scan.product.sereco.SerecoReportProductExecutor.importProductResult(SerecoReportProductExecutor.java:128)
sechub | at com.mercedesbenz.sechub.domain.scan.product.sereco.SerecoReportProductExecutor.createReport(SerecoReportProductExecutor.java:99)
sechub | at com.mercedesbenz.sechub.domain.scan.product.sereco.SerecoReportProductExecutor.createReport(SerecoReportProductExecutor.java:91)
sechub | at com.mercedesbenz.sechub.domain.scan.product.sereco.SerecoReportProductExecutor.execute(SerecoReportProductExecutor.java:68)
sechub | at com.mercedesbenz.sechub.domain.scan.product.AbstractProductExecutionService.execute(AbstractProductExecutionService.java:117)
sechub | at com.mercedesbenz.sechub.domain.scan.product.AbstractProductExecutionService.runOnExecutorWithOneConfiguration(AbstractProductExecutionService.java:213)
sechub | at com.mercedesbenz.sechub.domain.scan.product.AbstractProductExecutionService.runOnAllAvailableExecutors(AbstractProductExecutionService.java:188)
sechub | at com.mercedesbenz.sechub.domain.scan.product.AbstractProductExecutionService.executeProductsAndStoreResults(AbstractProductExecutionService.java:94)
sechub | at com.mercedesbenz.sechub.domain.scan.report.CreateScanReportService.createReport(CreateScanReportService.java:71)
sechub | at com.mercedesbenz.sechub.domain.scan.ScanService.startScan(ScanService.java:115)
sechub | at com.mercedesbenz.sechub.domain.scan.ScanService.receiveSynchronMessage(ScanService.java:253)
sechub | at com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService.sendSynchron(DomainMessageService.java:145)
sechub | at com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService$$FastClassBySpringCGLIB$$900824fa.invoke(<generated>)
sechub | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
sechub | at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
sechub | at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
sechub | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
sechub | at com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService$$EnhancerBySpringCGLIB$$fea210df.sendSynchron(<generated>)
sechub | at com.mercedesbenz.sechub.domain.schedule.batch.SynchronSecHubJobExecutor$1.run(SynchronSecHubJobExecutor.java:72)
sechub | at java.base/java.lang.Thread.run(Thread.java:829)
sechub |
sechub | 2023-02-24 11:45:59.809 DEBUG 23 --- [b9-2ac758fd2084] .s.d.s.p.ProductResultTransactionService : persisted result of product id: SERECO , executor config uuid: null, product result uuid: 4d9ddc30-9d4a-4186-bec3-aac9a3cf150c - traceLogId:__[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__
sechub | 2023-02-24 11:45:59.812 DEBUG 23 --- [b9-2ac758fd2084] .s.SecHubReportProductTransformerService : Transformer SerecoProductResultTransformer is used to transform result
sechub | 2023-02-24 11:45:59.812 DEBUG 23 --- [b9-2ac758fd2084] c.m.sechub.commons.model.JSONConverter : JSON conversion failed, origin JSON:
sechub |
sechub | 2023-02-24 11:45:59.813 ERROR 23 --- [b9-2ac758fd2084] c.m.sechub.domain.scan.ScanService : Execution was possible, but report failed.__[SECHUB-UID:779e7a07-1bb1-416f-9cb9-2ac758fd2084]__
sechub |
sechub | com.mercedesbenz.sechub.domain.scan.report.ScanReportException: Was not able to build sechub result
sechub | at com.mercedesbenz.sechub.domain.scan.report.CreateScanReportService.createReport(CreateScanReportService.java:85)
sechub | at com.mercedesbenz.sechub.domain.scan.ScanService.startScan(ScanService.java:115)
sechub | at com.mercedesbenz.sechub.domain.scan.ScanService.receiveSynchronMessage(ScanService.java:253)
sechub | at com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService.sendSynchron(DomainMessageService.java:145)
sechub | at com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService$$FastClassBySpringCGLIB$$900824fa.invoke(<generated>)
sechub | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
sechub | at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
sechub | at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
sechub | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
sechub | at com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService$$EnhancerBySpringCGLIB$$fea210df.sendSynchron(<generated>)
sechub | at com.mercedesbenz.sechub.domain.schedule.batch.SynchronSecHubJobExecutor$1.run(SynchronSecHubJobExecutor.java:72)
sechub | at java.base/java.lang.Thread.run(Thread.java:829)
sechub | Caused by: com.mercedesbenz.sechub.commons.model.JSONConverterException: Was not able to convert JSON string to class com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData object
sechub | Content was:
sechub |
sechub | at com.mercedesbenz.sechub.commons.model.JSONConverter.fromJSON(JSONConverter.java:112)
sechub | at com.mercedesbenz.sechub.domain.scan.product.sereco.SerecoProductResultTransformer.transform(SerecoProductResultTransformer.java:67)
sechub | at com.mercedesbenz.sechub.domain.scan.SecHubReportProductTransformerService.createResult(SecHubReportProductTransformerService.java:75)
sechub | at com.mercedesbenz.sechub.domain.scan.SecHubReportProductTransformerService.createResult(SecHubReportProductTransformerService.java:53)
sechub | at com.mercedesbenz.sechub.domain.scan.report.CreateScanReportService.createReport(CreateScanReportService.java:79)
sechub | ... 11 common frames omitted
sechub | Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
sechub | at [Source: (byte[])""; line: 1, column: 0]
sechub | at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:59)
sechub | at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4765)
sechub | at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4667)
sechub | at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3690)
sechub | at com.mercedesbenz.sechub.commons.model.JSONConverter.fromJSON(JSONConverter.java:103)
sechub | ... 15 common frames omitted
sechub |
sechub | 2023-02-24 11:45:59.815 INFO 23 --- [b9-2ac758fd2084] c.m.s.s.s.spring.SharedVolumeJobStorage : deleted all inside /shared_volumes/uploads/jobstorage/test-gosec/779e7a07-1bb1-416f-9cb9-2ac758fd2084
sechub | 2023-02-24 11:45:59.820 DEBUG 23 --- [b9-2ac758fd2084] c.m.s.d.s.b.SynchronSecHubJobExecutor : Will send job done message for: 779e7a07-1bb1-416f-9cb9-2ac758fd2084
sechub | 2023-02-24 11:45:59.821 DEBUG 23 --- [xecutor_thread1] .s.d.a.j.JobAdministrationMessageHandler : received domain request: DomainMessage [id=JOB_DONE, parameters={job.done.data={"jobUUID":"779e7a07-1bb1-416f-9cb9-2ac758fd2084","since":"2023/02/24 11:45:59"}}]
sechub | 2023-02-24 11:45:59.821 DEBUG 23 --- [xecutor_thread1] c.m.s.d.a.j.JobInformationDeleteService : deleting job information for job with uuid:779e7a07-1bb1-416f-9cb9-2ac758fd2084
Situtation
I've started the Sechub and PDS server locally. Sequence of what was started:
And tried to scan both sechub's folder and go-test-bench project. The scan of sechub's folder goes smoothly, but when I scan go-test-bench I get errors (the folder contains the same
sechub.json
)In the console of the sechub server, I get the following output:
Wanted
No Errors when scanning diffrent projects other than sechub itself!