error during analysis

[Tim Webster]

Hi,

First of all thanks for this great tool...:-)

We run this daily on our CI server with the Maven plugin.  However, on one of our build agents it always fails with the error below (it has been fine with other machines, including my local PC).

it does find the vulnerabilities and writes the .ser file, but the net result is that it produces a blank HTML report.  Any ideas?

Thanks

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : initialization starting.

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : "velocimacro.library" is not set.  Trying default library: VM_global_library.vm

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : Default library not found.

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : allowInline = true : VMs can be defined inline in templates

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : allowInlineToOverride = false : VMs defined inline may NOT replace previous VM definitions

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : allowInlineLocal = false : VMs defined inline will be global in scope if allowed.

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : autoload off : VM system will not automatically reload global library macros

[16:27:54] : [uk.co.aquilauk:adm-ear] Velocimacro : Velocimacro : initialization complete.

[16:27:54] : [uk.co.aquilauk:adm-ear] RuntimeInstance successfully initialized.

[16:27:54]W: [uk.co.aquilauk:adm-ear] [ERROR] Unexpected exception occurred during analysis; please see the verbose error log for more details.

[16:27:54] : [uk.co.aquilauk:adm-ear] [DEBUG] 

[16:27:54] : [uk.co.aquilauk:adm-ear] org.apache.velocity.exception.MethodInvocationException: Invocation of method 'url' in  class org.owasp.dependencycheck.reporting.EscapeTool threw exception java.lang.NullPointerException at templates/HtmlReport.vsl[line 568, column 122]

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTMethod.handleInvocationException(ASTMethod.java:243)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:187)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:567)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:151)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.directive.Foreach.render(Foreach.java:420)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.RuntimeInstance.render(RuntimeInstance.java:1378)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.RuntimeInstance.evaluate(RuntimeInstance.java:1314)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.app.VelocityEngine.evaluate(VelocityEngine.java:272)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.reporting.ReportGenerator.generateReport(ReportGenerator.java:255)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.reporting.ReportGenerator.generateReport(ReportGenerator.java:307)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.reporting.ReportGenerator.generateReports(ReportGenerator.java:173)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.reporting.ReportGenerator.generateReports(ReportGenerator.java:203)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.writeReports(BaseDependencyCheckMojo.java:817)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.maven.CheckMojo.runCheck(CheckMojo.java:83)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute(BaseDependencyCheckMojo.java:342)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.cli.MavenCli.execute(MavenCli.java:537)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:196)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.maven.cli.MavenCli.main(MavenCli.java:141)

[16:27:54] : [uk.co.aquilauk:adm-ear] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

[16:27:54] : [uk.co.aquilauk:adm-ear] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

[16:27:54] : [uk.co.aquilauk:adm-ear] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[16:27:54] : [uk.co.aquilauk:adm-ear] at java.lang.reflect.Method.invoke(Method.java:606)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:290)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:230)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:409)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:352)

[16:27:54] : [uk.co.aquilauk:adm-ear] Caused by: java.lang.NullPointerException

[16:27:54] : [uk.co.aquilauk:adm-ear] at java.net.URLEncoder.encode(URLEncoder.java:205)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.owasp.dependencycheck.reporting.EscapeTool.url(EscapeTool.java:47)

[16:27:54] : [uk.co.aquilauk:adm-ear] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

[16:27:54] : [uk.co.aquilauk:adm-ear] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

[16:27:54] : [uk.co.aquilauk:adm-ear] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[16:27:54] : [uk.co.aquilauk:adm-ear] at java.lang.reflect.Method.invoke(Method.java:606)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)

[16:27:54] : [uk.co.aquilauk:adm-ear] at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)

[16:27:54] : [uk.co.aquilauk:adm-ear] ... 40 more

[Jeremy Long]

Is it that you have a specific project that works in other CIs and on your local desktop. Then you try to build the project on the failing CI and you get the error message below?

I have added additional null checking in 1.3.1-SNAPSHOT that might resolve the issue... but there is definitely something more then that failing. Is the failing CI able to connect to the Internet?

--Jeremy

[Tim Webster]

Hi,

Yes - it works fine on other build agents and my PC - it's just one particular one that it doesn't work on which produces that error....so it's not the end of the world.  As far as I can tell it can connect to the internet as it was able to download the updates from NVD.  

I just noticed that there was another error when it tried to read the WAR file earlier on:

[16:25:48]W: [uk.co.aquilauk:adm-ear] Caused by: java.lang.OutOfMemoryError: Map failed

[16:25:48]W: [uk.co.aquilauk:adm-ear] at sun.nio.ch.FileChannelImpl.map0(Native Method)

[16:25:48]W: [uk.co.aquilauk:adm-ear] at sun.nio.ch.FileChannelImpl.map(FileChannelImpl.java:885)

[16:25:48]W: [uk.co.aquilauk:adm-ear] ... 30 more

Maybe I'll bump up the JVM memory and try it again - but that would be strange because the same build configuration works on all the other agents...

If you want I can send you the whole build log...let me know..

Thanks,

Tim

[Jeremy Long]

That is odd - unless there is something slightly different about that CI instance having less RAM or its default configuration is different somehow.

--Jeremy

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.