mbockus / veracode-scanner Goto Github PK

Veracode scan failed.
FATAL: Veracode scan failed.
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: Veracode scan failed.
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:169)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:772)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:736)
at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.cleanUp(MavenModuleSetBuild.java:1064)
at hudson.model.Run.execute(Run.java:1778)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:234)
Caused by: java.io.FileNotFoundException: /my directory/ (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.(FileInputStream.java:146)
at com.veracode.util.http.ClientHttpRequest.setParameter(ClientHttpRequest.java:356)
at com.veracode.util.http.ClientHttpRequest.setParameter(ClientHttpRequest.java:384)
at com.veracode.util.http.ClientHttpRequest.setParameters(ClientHttpRequest.java:408)
at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:479)
at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:585)
at com.veracode.util.http.WebClient.consumeResponse(WebClient.java:140)
at com.veracode.util.http.WebClient.uploadFile(WebClient.java:35)
at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.uploadFile(UploadAPIWrapper.java:1151)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:152)
... 9 more

I am facing with this problem. As Veracode User and Veracode Password are set globally in Jenkins configuration, it is not possible for me to parameterized jenkins builds based on these settings.

I explain a bit further: Because of different roles in a developer team, not all of users can have Veracode credentials to submitt code for review. It should be necessary that these parameters can be entered programatically for security reasons and also for tracking actions. As they are globally, someone who can run a task in Jenkins can initiate an upload of code for static review with global settings.

Is it possible in newer versions to add these configurations inside Tasks (like actual Files to scan or Application Name)?

Thanks in advance.
Regards

While trying to run previously working Veracode Scanner Plugin jobs, I get an SSLHandshakeException. I was able to test with the Veracode Java API jar (current version) and the request succeeded. Could it be that the current version of the plugin is using an old version of the Java API and needs to be updated?

Jenkins ver. 1.658

java -version
java version "1.7.0_131"
OpenJDK Runtime Environment (IcedTea 2.6.9) (7u131-2.6.9-0ubuntu0.14.04.2)
OpenJDK 64-Bit Server VM (build 24.131-b00, mixed mode)

Veracode Scanner Plugin Version: 1.6

Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
FATAL: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:298)
	at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:164)
	at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:94)
	at org.jenkins_ci.plugins.run_condition.BuildStepRunner$2.run(BuildStepRunner.java:110)
	at org.jenkins_ci.plugins.run_condition.BuildStepRunner$DontRun.conditionalRun(BuildStepRunner.java:264)
	at org.jenkins_ci.plugins.run_condition.BuildStepRunner.perform(BuildStepRunner.java:105)
	at org.jenkins_ci.plugins.flexible_publish.ConditionalPublisher.perform(ConditionalPublisher.java:183)
	at org.jenkins_ci.plugins.flexible_publish.FlexiblePublisher.perform(FlexiblePublisher.java:116)
	at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:782)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:723)
	at hudson.model.Build$BuildExecution.post2(Build.java:185)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:668)
	at hudson.model.Run.execute(Run.java:1763)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1989)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1096)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1139)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
	at com.veracode.util.http.ClientHttpRequest.connect(ClientHttpRequest.java:99)
	at com.veracode.util.http.ClientHttpRequest.write(ClientHttpRequest.java:110)
	at com.veracode.util.http.ClientHttpRequest.boundary(ClientHttpRequest.java:148)
	at com.veracode.util.http.ClientHttpRequest.doPost(ClientHttpRequest.java:445)
	at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:480)
	at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:585)
	at com.veracode.util.http.WebClient.consumeResponse(WebClient.java:140)
	at com.veracode.util.http.WebClient.downloadString(WebClient.java:28)
	at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.getAppList(UploadAPIWrapper.java:539)
	at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:282)
	... 16 more

java -jar VeracodeJavaAPI.jar -vuser USERNAME -vpassword PASSWORD -action getapplist
<?xml version="1.0" encoding="UTF-8"?>

<applist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/applist" xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/applist https://analysiscenter.veracode.com/resource/2.0/applist.xsd" applist_version="1.2" account_id="ID">
<app app_id="ID" app_name="NAME" policy_updated_date="2017-05-08T10:42:51-04:00"/>
...SNIP...
</applist>

I build several applications from one Jenkins server and have the need to upload each application against a separate Veracode AppId. However, the configuration for the Veracode plugin _seems _to be only allow one application id globally. Is there a way to modify the application/veracode user/veracode password on a "per build" basis?

When I’m trying to upload file using the Veracode plug-in, the following error occurred:

Connection timed out: connect
java.net.ConnectException: Connection timed out: connect
FATAL: java.net.ConnectException: Connection timed out: connect
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: java.net.ConnectException: Connection timed out: connect
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:230)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:143)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:781)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:753)
….

Proxy is already set in Jenkins. And I'm able to login to veracode site via browser. Is there any additional setting required?

X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.expression-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.security.core-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.web-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.web.servlet-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\ppm.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\simplecaptcha-1.2-jdk1.5.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\suitereporting.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-api-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-core-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-jsp-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-servlet-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-template-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\unboundid-ldapsdk-se.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\user_console.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\wcom.jar -filepath X:\21022017\sam\ppm\build\output\lib\CryptoTool.jar -filepath X:\21022017\sam\ppm\build\output\lib\bc-fips-1.0.0.jar -filepath X:\21022017\sam\ppm\build\output\lib\bcprov-jdk15on-1.56.jar -filepath X:\21022017\sam\ppm\build\output\lib\commons-lang-2.6.jar -filepath X:\21022017\sam\ppm\build\output\lib\esapi-2.0.1.jar -filepath X:\21022017\sam\ppm\build\output\lib\idmutils.jar -filepath X:\21022017\sam\ppm\build\output\lib\ppmService.jar -filepath X:\21022017\sam\ppm\build\output\lib\unboundid-ldapsdk-se.jar -filepath X:\21022017\suitereporting\build\dist\suitereporting.jar -filepath X:\21022017\user_console\build\dist\user_console.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\bc-fips-1.0.0.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\bcprov-jdk15on-1.56.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\commons-lang-2.6.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\user_console.jar -filepath X:\21022017\wcom\build\dist\wcom.jar -useragent "VeracodeJenkinsPlugin/18.2.5.4 (Jenkins/2.7.1; Java/1.8.0_20)"
Cannot run program "java": CreateProcess error=206, The filename or extension is too longBuild step 'Upload and Scan with Veracode' marked build as failure
Notifying upstream projects of job completion
Finished: FAILURE

I see Veracode can generate API keys -- it would be nice if this plugin could authenticate with them (and, as other issues say, do so with different values per-project).

See also: https://analysiscenter.veracode.com/auth/index.jsp#APICredentialsGenerator

I'm uploading about 260MB, and 5 minutes into the job I get:

[18.03.26 15:11:20]
[18.03.26 15:11:20] Connection reset

Error- Returned code from wrapper:2
Build step 'Upload and Scan with Veracode' marked build as failure
Finished: FAILURE`

What do you recommend I do to try to resolve?

Jenkins Console Output:
Build step 'Submit Artifacts For Veracode Scan' marked build as failure
[INFO] HipChat notification sent to the following rooms: [Removed]
Finished: SUCCESS

HipChat Output:
[Removed] Build successful after 11 sec (View build)

veracode-scanner 1.6

Hi,

We are running Jenkins 1.483 with JDK 1.7.40 on a windows 2008 R2.
We installed "veracode-scanner" 1.2 on it and configured user/pass.
while running build we are getting the following exception.
Any help will be very appreciated

Thanks,
Idan

Illegal character(s) in message header value: Basic <base_String>==

java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==

FATAL: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==

org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==

at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:230)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:143)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:36)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:717)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:692)
at hudson.model.Build$BuildExecution.cleanUp(Build.java:192)
at hudson.model.Run.execute(Run.java:1546)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:236)

Caused by: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==

at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:482)
at sun.net.www.protocol.http.HttpURLConnection.isExternalMessageHeaderAllowed(HttpURLConnection.java:434)
at sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:2753)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.setRequestProperty(HttpsURLConnectionImpl.java:316)
at com.veracode.util.http.WebClient.setUpURLConnection(WebClient.java:76)
at com.veracode.util.http.WebClient.downloadString(WebClient.java:29)
at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.getAppList(UploadAPIWrapper.java:560)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:214)
... 10 more

Currently the tmp file used to determine the last upload date is stored in the workspace. This can be an issue when you clear your workspace for your builds to clean up previous artifacts.