search

rm-hull / nvd-clojure

National Vulnerability Database dependency checker for Clojure projects
MIT License
275 stars 36 forks source link

lein nvd 1.2.0 not working #89

Closed cksharma11 closed 3 years ago

cksharma11 commented 3 years ago

Hi,

I'm getting error while running lein nvd check 

Syntax error (ExceptionInfo) compiling at (/tmp/form-init14862117128822202941.clj:1:74).
org.owasp.dependencycheck.exception.ExceptionCollection

The error only happens when it runs in ci env interestingly it works fine when I run it in my local

Any idea?

vemv commented 3 years ago

Hi!

please run the task with the following Lein option so that you get a stacktrace:

:jvm-opts ["-Dclojure.main.report=stderr"]

then post it here

Cheers - V

cksharma11 commented 3 years ago

Hi @vemv

Thanks for the quick reply the problem happens only in the pipeline agent,

will need to get logs from the same, but I'll share the logs

cksharma11 commented 3 years ago

I did upgraded the version to use the latest one and now getting error with strace

using nvd-clojure:  and dependency-check: 5.3.2
Encountered errors while analyzing: One or more exceptions occurred during analysis:
    'void com.google.common.base.Preconditions.checkState(boolean, java.lang.String, java.lang.Object)'
    'void com.google.common.base.Preconditions.checkState(boolean, java.lang.String, java.lang.Object)'
    'void com.google.common.base.Preconditions.checkState(boolean, java.lang.String, java.lang.Object)'
    'void com.google.common.base.Preconditions.checkState(boolean, java.lang.String, java.lang.Object)'
....
....
...
vemv commented 3 years ago

Please post a complete stacktrace - there should be plenty of filenames involved, an exception name etc

Cheers - V

cksharma11 commented 3 years ago

Please post a complete stacktrace - there should be plenty of filenames involved, an exception name etc

Cheers - V

I've the same issue mentioned over - https://www.gitmemory.com/issue/rm-hull/lein-nvd/73/805055117

Stacktrace is also similar

vemv commented 3 years ago

Please post it over here for posterity

cksharma11 commented 3 years ago

Please post a complete stacktrace - there should be plenty of filenames involved, an exception name etc Cheers - V

I've the same issue mentioned over - https://www.gitmemory.com/issue/rm-hull/lein-nvd/73/805055117

Stacktrace is also similar

Trace - 

#error {
 :cause 'void com.google.common.base.Preconditions.checkState(boolean, java.lang.String, java.lang.Object)'
 :via
 [{:type java.lang.NoSuchMethodError
   :message 'void com.google.common.base.Preconditions.checkState(boolean, java.lang.String, java.lang.Object)'
   :at [org.sonatype.ossindex.service.client.cache.DirectoryCache <init> DirectoryCache.java 84]}]
 :trace
 [[org.sonatype.ossindex.service.client.cache.DirectoryCache <init> DirectoryCache.java 84]
  [org.sonatype.ossindex.service.client.cache.DirectoryCache$Configuration create DirectoryCache.java 328]
  [org.sonatype.ossindex.service.client.internal.OssindexClientImpl <init> OssindexClientImpl.java 96]
  [org.owasp.dependencycheck.data.ossindex.OssindexClientFactory create OssindexClientFactory.java 119]
  [org.owasp.dependencycheck.analyzer.OssIndexAnalyzer requestReports OssIndexAnalyzer.java 196]
  [org.owasp.dependencycheck.analyzer.OssIndexAnalyzer analyzeDependency OssIndexAnalyzer.java 138]
  [org.owasp.dependencycheck.analyzer.AbstractAnalyzer analyze AbstractAnalyzer.java 131]
  [org.owasp.dependencycheck.AnalysisTask call AnalysisTask.java 88]
  [org.owasp.dependencycheck.AnalysisTask call AnalysisTask.java 37]
  [java.util.concurrent.FutureTask run FutureTask.java 264]
  [java.util.concurrent.ThreadPoolExecutor runWorker ThreadPoolExecutor.java 1128]
  [java.util.concurrent.ThreadPoolExecutor$Worker run ThreadPoolExecutor.java 628]
  [java.lang.Thread run Thread.java 829]]}
#error {
vemv commented 3 years ago

FWIW that stacktrace is not complete, as #error { in the last line hints. Please be considerate of collaborator time - if you're asked for a stacktrace, provide the full stacktrace! :)

(You can always change names if there are private files)

Anyway, it's enough info for the time being. java.lang.NoSuchMethodError tells us that it's a problem related to dependency management / classpath computation.

That's a quite frequent problem when using lein-nvd. Accordingly we created this guide and related API:

https://github.com/rm-hull/lein-nvd#avoiding-classpath-interference

The first suggested command over there (Lein example) might just work.

If the problem persists, you might have to follow the next piece of advice For extra isolation, it is recommended that you invoke nvd.task.check from outside your project

Hope it helps!

cksharma11 commented 3 years ago

Hi @vemv apologies for that and thank you so much for quick support

cksharma11 commented 3 years ago

Hi @vemv apologies for that and thank you so much for quick support

Yes that fixed the issue, thank you :)

vemv commented 3 years ago

Cheers 🍻