[BUG] dependency with circular dependencies causes StackOverflowError

[olmansoa]

Describe the bug I you have a dependency which has circular dependencies (e.g. 'org.apache.xmlgraphics:batik-transcoder:1.7') you receive a java.lang.StackOverflowError when running ossIndexAudit

To Reproduce build.gradle

plugins {
    id 'java'
    id 'org.sonatype.gradle.plugins.scan' version '2.0.8' 
}
repositories {
   mavenCentral()
}
dependencies {
    implementation 'org.apache.xmlgraphics:batik-transcoder:1.7'
}

Steps to reproduce the behavior

1. Run ./gradlew ossIndexAudit with attached
2. Get error

   
   > Task :ossIndexAudit FAILED
   Using anonymous request
   POM relocation to an other version number is not fully supported in Gradle : xml-apis:xml-apis:2.0.2 relocated to xml-apis:xml-apis:1.0.b2.
   Please update your dependency to directly use the correct version 'xml-apis:xml-apis:1.0.b2'.
   Resolution will only pick dependencies of the relocated element.  Artifacts and other metadata will be ignored.

FAILURE: Build failed with an exception.

• What went wrong: Execution failed for task ':ossIndexAudit'.

  java.lang.StackOverflowError (no error message)

  
  **Expected behavior**
  Expect to get output from ossIndexAudit

Screenshots N/A

Desktop (please complete the following information):

• OS: window 10
• Gradle Version: 6.8.3
• JVM Version and Flavor: Java 8
• Nexus IQ Server Version: None
• Version 2.0.8

Additional context Moving up to batik 1.8 does work (I'm assuming the circular dependencies were resolved.) Not sure what other project may have this issue.

[guillermo-varela]

Hi @olmansoa,

Does the dependencies Gradle task work ok when you have the circular dependencies issue?

[olmansoa]

Yes, the dependencies task works.

When running ossIndexAudit with --stacktrace

* Exception is:
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':ossIndexAudit'.
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.lambda$executeIfValid$3(ExecuteActionsTaskExecuter.java:186)
        at org.gradle.internal.Try$Failure.ifSuccessfulOrElse(Try.java:268)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:184)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:173)
        at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:109)
        at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46)
        at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:62)
        at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57)
        at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:56)
        at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52)
        at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:200)
        at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:195)
        at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
        at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
        at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
        at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
        at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:62)
        at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$call$2(DefaultBuildOperationExecutor.java:76)
        at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.callWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:54)
        at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:76)
        at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52)
        at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:41)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:411)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:398)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:391)
        at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:377)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.lambda$run$0(DefaultPlanExecutor.java:127)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:191)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.executeNextNode(DefaultPlanExecutor.java:182)
        at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:124)
        at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
        at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
        at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
Caused by: java.lang.StackOverflowError
        at shadow.org.sonatype.goodies.packageurl.PackageUrlValidator.validate(PackageUrlValidator.java:47)
        at shadow.org.sonatype.goodies.packageurl.PackageUrlValidator.validateType(PackageUrlValidator.java:59)
        at shadow.org.sonatype.goodies.packageurl.PackageUrlBuilder.buildAndValidate(PackageUrlBuilder.java:144)
        at shadow.org.sonatype.goodies.packageurl.PackageUrlBuilder.build(PackageUrlBuilder.java:132)
        at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.toPackageUrl(OssIndexAuditTask.java:195)
        at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.toPackageUrl(OssIndexAuditTask.java:186)
        at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.lambda$buildDependenciesMap$1(OssIndexAuditTask.java:162)
        at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.buildDependenciesMap(OssIndexAuditTask.java:161)
        at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.lambda$buildDependenciesMap$1(OssIndexAuditTask.java:163)

And repeats the last to lines a bunch of times.

at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.buildDependenciesMap(OssIndexAuditTask.java:161)
        at org.sonatype.gradle.plugins.scan.ossindex.OssIndexAuditTask.lambda$buildDependenciesMap$1(OssIndexAuditTask.java:163)

[guillermo-varela]

Hi @olmansoa,

A fix is being developed here: https://github.com/sonatype-nexus-community/scan-gradle-plugin/pull/78

Thanks for letting us know about this :)

[guillermo-varela]

Hi @olmansoa,

We found this circular dependencies issue affects not only the OSS Index integration but also the Nexus IQ one as well.

We're in the process of fixing both issues.

Thanks for your patience :)

[guillermo-varela]

Hi @olmansoa,

Version 2.0.11 has been release fixing this issue for both OSS Index and Nexus IQ integrations.

Thank you for sharing the details of this bug with us, it really helped us finding the right approach for each tool we use.