MalformedJsonException: Unterminated string

[hohwille]

If you rely on external content that can be invalid it is hard to break the build. On the other hand it is a severe problem if you want to have a guarantee that the build is OK and actually checked that there are no severe vulnerabilities. IMHO you should however add an option to your MOJO that allows to just log a fat ERROR message but proceed the build. Otherwise you allow externals to block your build process what is also a vulnerability. So long I recommend to have victims always in a profile not triggered by default.

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:1.1.1:enforce (enforce-victims-rule) on project ****: Execution enforce-victims-rule of goal org.apache.maven.plugins:maven-enforcer-plugin:1.1.1:enforce failed: com.google.gson.stream.MalformedJsonException: Unterminated string at line 75 column 112806 -> [Help 1]

[hohwille]

As I have this error upfront: Do you verify the JSON before discarding the previously cached one? Then you could at least discard the update and proceed with the previous JSON.

[ashcrow]

@gcmurphy Mind responding to this question?

[gcmurphy]

Regarding the handling of the JSON data, this is done by the vicitms-lib-java project, and is opaque to victims-enforcer.

The database synchronization is what is triggering this problem and is currently configurable with the following options:

• auto: Automatically update the database entries on each build.
• daily: Update the database entries once per day.
• weekly: Update the database entries once per week.
• offline: Disable the synchronization mechanism.

I will look at adding something along the lines of 'Try to update but if that fails keep going but be sure to spit out a warning to let people know you're not running with the latest information'.

Would that be ok?

[abn]

Think warning is a good way forward.