Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"failed to request component-reports" should include the failure #205

Closed
hakanai opened this issue Oct 27, 2020 · 5 comments
Closed

"failed to request component-reports" should include the failure #205

hakanai opened this issue Oct 27, 2020 · 5 comments
Labels
question

Comments

@hakanai
Copy link
Contributor

hakanai commented Oct 27, 2020

I have a number of PRs blocked by this:

Caused by: org.owasp.dependencycheck.exception.ExceptionCollection
    Failed to request component-reports
    at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:719)
    at org.owasp.dependencycheck.Engine$analyzeDependencies$0.call(Unknown source)
    at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:88)
    ... 170 more

But it doesn't include the actual exception, so it's impossible to act on the error.

The actual cause for an exception should always be included when throwing your own exception.

Versions:

  • dependency-check-gradle 5.3.2.1
  • Gradle 5.2.1
  • Java 11
@jeremylong
Copy link
Collaborator

I'd start by enabling debug logging. There is an issue with the stack traces sometimes with gradle that we are working on. However, enabling debug logging will get you the info you need as the actual exception is logged:

https://github.com/jeremylong/DependencyCheck/blob/ee08a7c4764e90537ac9d412c52e9a6fc09c10f2/core/src/main/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzer.java#L144-L147

@hakanai
Copy link
Contributor Author

hakanai commented Oct 27, 2020

Hmm, that shows throwing an AnalysisException, but the exception I'm getting is an ExceptionCollection. Could there be a place where the AnalysisException is caught and aggregated ionto an ExceptionCollection, but the stack track isn't included at that point?

With current versions of Java it's possible to attach multiple causes to an exception via addSuppressed, so maybe it's possible to do that here?

@hakanai
Copy link
Contributor Author

hakanai commented Oct 27, 2020
edited

Culprit:

https://github.com/jeremylong/DependencyCheck/blob/dbaac076a182bb8fe45872459990f3b309138f9e/core/src/main/java/org/owasp/dependencycheck/exception/ExceptionCollection.java#L59

Code here could possibly put the first exception in the list as the cause and then the rest as suppressed exceptions, so we'd get all the stack traces.

@jeremylong
Copy link
Collaborator

See the discussion here: jeremylong/DependencyCheck#2416

@hakanai
Copy link
Contributor Author

hakanai commented Oct 30, 2020

Ack, at the very least my issue is a duplicate of that one so I'll close this one I guess, and watch that one.

@hakanai hakanai closed this as completed Oct 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hakanai @jeremylong