400 bad request when checking Gopkg.lock (part 2)

[fitzoh]

Deja vu from #9

• What are you trying to do? Scan the Gopkg.lock file for metrictank.

$ nancy Gopkg.lock
2020/01/10 22:43:03 Nancy version: v0.0.40
!!!!! WARNING !!!!!
Scanning cannot be completed on the following package(s) since they do not use semver.
[1/52] pkg:golang/github.com/Dieterbe/artisanalhistogram@master
[2/52] pkg:golang/github.com/Dieterbe/profiletrigger@master
[3/52] pkg:golang/github.com/alyu/configparser@master
[4/52] pkg:golang/github.com/armon/go-metrics@06b60999766278efd6d2b5d8418a58c3d5b99e87
[5/52] pkg:golang/github.com/beorn7/perks@master
[6/52] pkg:golang/github.com/dgryski/go-jump@master
[7/52] pkg:golang/github.com/dgryski/go-linlog@master
[8/52] pkg:golang/github.com/eapache/go-resiliency@b86b1ec0dd4209a588dc1285cdd471e73525c0b3
[9/52] pkg:golang/github.com/eapache/go-xerial-snappy@master
[10/52] pkg:golang/github.com/glacjay/goini@master
[11/52] pkg:golang/github.com/go-macaron/inject@master
[12/52] pkg:golang/github.com/gocql/gocql@1982a06ad6b987c24beec15336019914d71b2e31
[13/52] pkg:golang/github.com/golang/snappy@master
[14/52] pkg:golang/github.com/gopherjs/gopherjs@4b53e1bddba0e2f734514aeb6c02db652f4c6fe8
[15/52] pkg:golang/github.com/grafana/globalconf@master
[16/52] pkg:golang/github.com/hailocab/go-hostpool@master
[17/52] pkg:golang/github.com/hashicorp/errwrap@master
[18/52] pkg:golang/github.com/hashicorp/go-msgpack@master
[19/52] pkg:golang/github.com/hashicorp/go-multierror@d30f09973e19c1dfcd120b2d9c4f168e68d6b5d5
[20/52] pkg:golang/github.com/hashicorp/go-sockaddr@master
[21/52] pkg:golang/github.com/hashicorp/memberlist@master
[22/52] pkg:golang/github.com/jtolds/gls@b4936e06046bbecbb94cae9c18127ebe510a2cb9
[23/52] pkg:golang/github.com/kisielk/whisper-go@master
[24/52] pkg:golang/github.com/klauspost/compress@14c9a76e3c95e47f8ccce949bba2c1101a8b85e6
[25/52] pkg:golang/github.com/klauspost/crc32@6834731faf32e62a2dd809d99fb24d1e4ae5a92d
[26/52] pkg:golang/github.com/kr/logfmt@master
[27/52] pkg:golang/github.com/metrics20/go-metrics20@master
[28/52] pkg:golang/github.com/miekg/dns@48c8acaf0c2dc19fbb4f1b2776c1cee4e6f65aa0
[29/52] pkg:golang/github.com/mitchellh/go-homedir@master
[30/52] pkg:golang/github.com/nightlyone/lockfile@master
[31/52] pkg:golang/github.com/philhofer/fwd@92647f2bd94a89b170c19e96e6456dd64ac37e1a
[32/52] pkg:golang/github.com/prometheus/client_golang@master
[33/52] pkg:golang/github.com/prometheus/client_model@master
[34/52] pkg:golang/github.com/prometheus/common@master
[35/52] pkg:golang/github.com/prometheus/procfs@75f2d6163c7a100bed6e971044ea3de30ee3a678
[36/52] pkg:golang/github.com/prometheus/tsdb@master
[37/52] pkg:golang/github.com/raintank/dur@master
[38/52] pkg:golang/github.com/raintank/gziper@master
[39/52] pkg:golang/github.com/raintank/met@master
[40/52] pkg:golang/github.com/rcrowley/go-metrics@master
[41/52] pkg:golang/github.com/rs/xhandler@.11
[42/52] pkg:golang/github.com/sean-/seed@master
[43/52] pkg:golang/github.com/sirupsen/logrus@08e90462da344fbb3880e8e47a0ddacc37508579
[44/52] pkg:golang/github.com/smartystreets/goconvey@master
[45/52] pkg:golang/golang.org/x/crypto@master
[46/52] pkg:golang/golang.org/x/net@cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb
[47/52] pkg:golang/golang.org/x/oauth2@master
[48/52] pkg:golang/golang.org/x/sync@master
[49/52] pkg:golang/golang.org/x/sys@master
[50/52] pkg:golang/golang.org/x/time@master
[51/52] pkg:golang/google.golang.org/api@master
[52/52] pkg:golang/google.golang.org/genproto@master

Error auditing packages - error: [400 Bad Request] error accessing OSS Index
nancy version: v0.0.40

• What feature or behavior is this required for? Doing that thing that Nancy does

• How could we solve this issue? (Not knowing is okay!) Have Nancy not send an invalid request to OSS Index

• Anything else? Miss you @DarthHater

Also maybe a debug mode that prints OSS Index (and IQ?) payloads/responses?

cc @bhamail / @DarthHater /@nzender

[DarthHater]

I’m out on vacation till the 21st, but I imagine someone like @bhamail will help you out!

Logging in Nancy could improve in general, probably should start writing to a log file in ~/.ossindex/.nancy.error.log etc....

On Fri, Jan 10, 2020 at 6:51 PM Andrew Fitzgerald notifications@github.com wrote:

Deja vu from #9 https://github.com/sonatype-nexus-community/nancy/issues/9

• What are you trying to do? Scan the Gopkg.lock file https://github.com/grafana/metrictank/blob/master/Gopkg.lock for metrictank https://github.com/grafana/metrictank.

$ nancy Gopkg.lock 2020/01/10 22:43:03 Nancy version: v0.0.40 !!!!! WARNING !!!!! Scanning cannot be completed on the following package(s) since they do not use semver. [1/52] pkg:golang/github.com/Dieterbe/artisanalhistogram@master [2/52 http://github.com/Dieterbe/artisanalhistogram@master%5B2/52] pkg:golang/github.com/Dieterbe/profiletrigger@master [3/52 http://github.com/Dieterbe/profiletrigger@master%5B3/52] pkg:golang/github.com/alyu/configparser@master [4/52 http://github.com/alyu/configparser@master%5B4/52] pkg:golang/github.com/armon/go-metrics@06b60999766278efd6d2b5d8418a58c3d5b99e87 [5/52 http://github.com/armon/go-metrics@06b60999766278efd6d2b5d8418a58c3d5b99e87%5B5/52] pkg:golang/github.com/beorn7/perks@master [6/52 http://github.com/beorn7/perks@master%5B6/52] pkg:golang/github.com/dgryski/go-jump@master [7/52 http://github.com/dgryski/go-jump@master%5B7/52] pkg:golang/github.com/dgryski/go-linlog@master [8/52 http://github.com/dgryski/go-linlog@master%5B8/52] pkg:golang/github.com/eapache/go-resiliency@b86b1ec0dd4209a588dc1285cdd471e73525c0b3 [9/52 http://github.com/eapache/go-resiliency@b86b1ec0dd4209a588dc1285cdd471e73525c0b3%5B9/52] pkg:golang/github.com/eapache/go-xerial-snappy@master [10/52 http://github.com/eapache/go-xerial-snappy@master%5B10/52] pkg:golang/github.com/glacjay/goini@master [11/52 http://github.com/glacjay/goini@master%5B11/52] pkg:golang/github.com/go-macaron/inject@master [12/52 http://github.com/go-macaron/inject@master%5B12/52] pkg:golang/github.com/gocql/gocql@1982a06ad6b987c24beec15336019914d71b2e31 [13/52 http://github.com/gocql/gocql@1982a06ad6b987c24beec15336019914d71b2e31%5B13/52] pkg:golang/github.com/golang/snappy@master [14/52 http://github.com/golang/snappy@master%5B14/52] pkg:golang/github.com/gopherjs/gopherjs@4b53e1bddba0e2f734514aeb6c02db652f4c6fe8 [15/52 http://github.com/gopherjs/gopherjs@4b53e1bddba0e2f734514aeb6c02db652f4c6fe8%5B15/52] pkg:golang/github.com/grafana/globalconf@master [16/52 http://github.com/grafana/globalconf@master%5B16/52] pkg:golang/github.com/hailocab/go-hostpool@master [17/52 http://github.com/hailocab/go-hostpool@master%5B17/52] pkg:golang/github.com/hashicorp/errwrap@master [18/52 http://github.com/hashicorp/errwrap@master%5B18/52] pkg:golang/github.com/hashicorp/go-msgpack@master [19/52 http://github.com/hashicorp/go-msgpack@master%5B19/52] pkg:golang/github.com/hashicorp/go-multierror@d30f09973e19c1dfcd120b2d9c4f168e68d6b5d5 [20/52 http://github.com/hashicorp/go-multierror@d30f09973e19c1dfcd120b2d9c4f168e68d6b5d5%5B20/52] pkg:golang/github.com/hashicorp/go-sockaddr@master [21/52 http://github.com/hashicorp/go-sockaddr@master%5B21/52] pkg:golang/github.com/hashicorp/memberlist@master [22/52 http://github.com/hashicorp/memberlist@master%5B22/52] pkg:golang/github.com/jtolds/gls@b4936e06046bbecbb94cae9c18127ebe510a2cb9 [23/52 http://github.com/jtolds/gls@b4936e06046bbecbb94cae9c18127ebe510a2cb9%5B23/52] pkg:golang/github.com/kisielk/whisper-go@master [24/52 http://github.com/kisielk/whisper-go@master%5B24/52] pkg:golang/github.com/klauspost/compress@14c9a76e3c95e47f8ccce949bba2c1101a8b85e6 [25/52 http://github.com/klauspost/compress@14c9a76e3c95e47f8ccce949bba2c1101a8b85e6%5B25/52] pkg:golang/github.com/klauspost/crc32@6834731faf32e62a2dd809d99fb24d1e4ae5a92d [26/52 http://github.com/klauspost/crc32@6834731faf32e62a2dd809d99fb24d1e4ae5a92d%5B26/52] pkg:golang/github.com/kr/logfmt@master [27/52 http://github.com/kr/logfmt@master%5B27/52] pkg:golang/github.com/metrics20/go-metrics20@master [28/52 http://github.com/metrics20/go-metrics20@master%5B28/52] pkg:golang/github.com/miekg/dns@48c8acaf0c2dc19fbb4f1b2776c1cee4e6f65aa0 [29/52 http://github.com/miekg/dns@48c8acaf0c2dc19fbb4f1b2776c1cee4e6f65aa0%5B29/52] pkg:golang/github.com/mitchellh/go-homedir@master [30/52 http://github.com/mitchellh/go-homedir@master%5B30/52] pkg:golang/github.com/nightlyone/lockfile@master [31/52 http://github.com/nightlyone/lockfile@master%5B31/52] pkg:golang/github.com/philhofer/fwd@92647f2bd94a89b170c19e96e6456dd64ac37e1a [32/52 http://github.com/philhofer/fwd@92647f2bd94a89b170c19e96e6456dd64ac37e1a%5B32/52] pkg:golang/github.com/prometheus/client_golang@master [33/52 http://github.com/prometheus/client_golang@master%5B33/52] pkg:golang/github.com/prometheus/client_model@master [34/52 http://github.com/prometheus/client_model@master%5B34/52] pkg:golang/github.com/prometheus/common@master [35/52 http://github.com/prometheus/common@master%5B35/52] pkg:golang/github.com/prometheus/procfs@75f2d6163c7a100bed6e971044ea3de30ee3a678 [36/52 http://github.com/prometheus/procfs@75f2d6163c7a100bed6e971044ea3de30ee3a678%5B36/52] pkg:golang/github.com/prometheus/tsdb@master [37/52 http://github.com/prometheus/tsdb@master%5B37/52] pkg:golang/github.com/raintank/dur@master [38/52 http://github.com/raintank/dur@master%5B38/52] pkg:golang/github.com/raintank/gziper@master [39/52 http://github.com/raintank/gziper@master%5B39/52] pkg:golang/github.com/raintank/met@master [40/52 http://github.com/raintank/met@master%5B40/52] pkg:golang/github.com/rcrowley/go-metrics@master [41/52 http://github.com/rcrowley/go-metrics@master%5B41/52] pkg:golang/github.com/rs/xhandler@.11 [42/52 http://github.com/rs/xhandler@.11%5B42/52] pkg:golang/github.com/sean-/seed@master [43/52 http://github.com/sean-/seed@master%5B43/52] pkg:golang/github.com/sirupsen/logrus@08e90462da344fbb3880e8e47a0ddacc37508579 [44/52 http://github.com/sirupsen/logrus@08e90462da344fbb3880e8e47a0ddacc37508579%5B44/52] pkg:golang/github.com/smartystreets/goconvey@master [45/52 http://github.com/smartystreets/goconvey@master%5B45/52] pkg:golang/golang.org/x/crypto@master [46/52 http://golang.org/x/crypto@master%5B46/52] pkg:golang/golang.org/x/net@cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb [47/52 http://golang.org/x/net@cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb%5B47/52] pkg:golang/golang.org/x/oauth2@master [48/52 http://golang.org/x/oauth2@master%5B48/52] pkg:golang/golang.org/x/sync@master [49/52 http://golang.org/x/sync@master%5B49/52] pkg:golang/golang.org/x/sys@master [50/52 http://golang.org/x/sys@master%5B50/52] pkg:golang/golang.org/x/time@master [51/52 http://golang.org/x/time@master%5B51/52] pkg:golang/google.golang.org/api@master [52/52 http://google.golang.org/api@master%5B52/52] pkg:golang/google.golang.org/genproto@master

Error auditing packages - error: [400 Bad Request] error accessing OSS Index nancy version: v0.0.40

-

What feature or behavior is this required for? Doing that thing that Nancy does

How could we solve this issue? (Not knowing is okay!) Have Nancy not send an invalid request to OSS Index

Anything else? Miss you @DarthHater https://github.com/DarthHater

Also maybe a debug mode that prints OSS Index (and IQ?) payloads/responses?

cc @bhamail https://github.com/bhamail / @DarthHater https://github.com/DarthHater /@nzender

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sonatype-nexus-community/nancy/issues/71?email_source=notifications&email_token=ABKJTBV2QRSHCXWITNBFLODQ5E62TA5CNFSM4KFP35PKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IFPRYZA, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABKJTBVF3PLNZ456T4GLLE3Q5E62TANCNFSM4KFP35PA .

[DarthHater]

@fitzoh I'll take a crack at logging today and see if we can get some more beefed up logs which might help solve this!

[DarthHater]

@fitzoh now that logging is a bit better, wanna take a gander again?

[fitzoh]

Super verbose logs for ya @DarthHater (not seeing anything obvious): nancy.combined.log