org.owasp.dependencycheck.Engine: Unexpected exception occurred initializing CPE Analyzer. about nvd-clojure HOT 11 CLOSED

I hope this helps. Thanks for working on this library!

Exceptions

I had similar issues with monger library. The exception seems to be caused by guava library version 18.0. In monger's case guava comes from clojurewerkz/support:

$ lein deps :tree
...
[com.novemberain/monger "3.5.0"]
   [clojurewerkz/support "1.1.0"]
     [com.google.guava/guava "18.0"]
...

The exception can be avoided by using the latest support library version as it uses a different version of guava:

- [com.novemberain/monger "3.5.0"]
+ [com.novemberain/monger "3.5.0" :exclusions [clojurewerkz/support]]
+ [clojurewerkz/support "1.5.0"] ;this overrides the problematic monger dependency

After the change:

$ lein deps :tree
...
[clojurewerkz/support "1.5.0"]
   [com.google.guava/guava "21.0"]
...

I stopped here and didn't look further on why older guava version causes the exceptions.

Elastisch

@Juholei clojurewerkz/elastisch also uses the support library but it actually excludes the guava dependency for it already. The guava (version 18) dependency comes from org.elasticsearch/elasticsearch. This old guava version might be the issue for you also.

Even latest elastisch seems to use an old version of elasticsearch. Might be worth a try to override it or guava.

from nvd-clojure.

Can you create a dummy project.clj which has the same dependencies as your project so we can try and reproduce this issue?

from nvd-clojure.

Also, do you have any extra nvd config flags set in either your user profile or project.clj ?

from nvd-clojure.

There isn't any configuration done. In a fresh project with the same dependencies it seems to end up in the same error as in #33. I figured out that I'd start stripping away some dependencies to see if it is some of them causing it and it seems now if I remove [clojurewerkz/elastisch "2.2.2"] from the dependencies, the analysis succeeds.

project.clj containing only this

(defproject dummy-project "1.0.0"
  :dependencies [[clojurewerkz/elastisch "2.2.2"]]
:plugins [[lein-nvd "1.0.0"]])

ends with the error

Exception in thread "main" org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during dependency-check analysis
	Unexpected Exception, compiling:(/private/var/folders/zs/xwx9c01d2nd_40fjjk9f_b4c0000gp/T/form-init824973952916588961.clj:1:124)
	at clojure.lang.Compiler.load(Compiler.java:7239)
	at clojure.lang.Compiler.loadFile(Compiler.java:7165)
	at clojure.main$load_script.invoke(main.clj:275)
	at clojure.main$init_opt.invoke(main.clj:280)
	at clojure.main$initialize.invoke(main.clj:308)
	at clojure.main$null_opt.invoke(main.clj:343)
	at clojure.main$main.doInvoke(main.clj:421)
	at clojure.lang.RestFn.invoke(RestFn.java:421)
	at clojure.lang.Var.invoke(Var.java:383)
	at clojure.lang.AFn.applyToHelper(AFn.java:156)
	at clojure.lang.Var.applyTo(Var.java:700)
	at clojure.main.main(main.java:37)
Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during dependency-check analysis
	Unexpected Exception
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:693)
	at nvd.task.check$scan_and_analyze.invoke(check.clj:43)
	at nvd.task.check$_main.invoke(check.clj:54)
	at user$eval516.invoke(form-init824973952916588961.clj:1)
	at clojure.lang.Compiler.eval(Compiler.java:6782)
	at clojure.lang.Compiler.eval(Compiler.java:6772)
	at clojure.lang.Compiler.load(Compiler.java:7227)
	... 11 more

from nvd-clojure.

Thanks for the reproducible test case ... I will investigate further

from nvd-clojure.

Experiencing this one as well, it's frustrating that no useful info is printed.

@rm-hull: I would suggest that you specifically catch ExceptionCollection, accessing its getExceptions() method, so each of the actual exceptions get printed.

You could compose those into an ex-info's data and throw that.

from nvd-clojure.

I would suggest that you specifically catch ExceptionCollection, accessing its getExceptions() method, so each of the actual exceptions get printed.

Any luck with this? I could contribute a PR.

from nvd-clojure.

Happy to accept PRs - Im not going to be able to look at this until late August - on vacation at the moment

from nvd-clojure.

Note that #42 was merged as 1.3.0, so if this issue is still valid, it can be reproduced far more cleanly now.

from nvd-clojure.

This doesn't seem to happen anymore on 1.3.1.

from nvd-clojure.

[closing as per @Juholei's last comment]

Please re-open if you affected by this

from nvd-clojure.