Comments (7)
@FnTm : the stacktrace you provided doesn't reflect
NoClassDefFoundError
(as the OP's stacktrace does) so it doesn't look like a related error.
Sorry, my bad for muddying the waters. It actually looks like the issue I had has gone away, and I suspect it having something to do with the NVD database itself.
from nvd-clojure.
Those are the dependencies I'm using in the project that i've encountered the errors
[org.clojure/clojure "1.10.1"]
[nvd-clojure "1.4.2"]
[org.clojure/data.json "1.1.0"]
[com.cognitect.aws/api "0.8.456"]
[com.cognitect.aws/endpoints "1.1.11.789"]
[com.cognitect.aws/s3 "799.2.682.0"]
[leiningen-core "2.9.5"]
[org.jlib/jlib-awslambda-logback "1.0.0" :scope "runtime" :exclusions [org.slf4j/slf4j-api]]
from nvd-clojure.
When running dependency-check
on version 6.0.2
the exception is related to this function
from nvd-clojure.
I'm seeing a very similar error
[..] using nvd-clojure: and dependency-check: 5.3.2
[..]
{:exceptions [#error {
:cause "Invalid CPE (too many components): cpe:2.3:a:cmsmadesimple:bable:multilingual_site:*:*:*:*:*:cms_made_simple:*:*"
:via
[{:type org.owasp.dependencycheck.data.update.exception.UpdateException
:message "org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: cpe:2.3:a:cmsmadesimple:bable:multilingual_site:*:*:*:*:*:cms_made_simple:*:*"
:at [org.owasp.dependencycheck.data.update.nvd.ProcessTask processFiles "ProcessTask.java" 156]}
{:type org.owasp.dependencycheck.data.nvdcve.DatabaseException
:message "Unable to parse CPE: cpe:2.3:a:cmsmadesimple:bable:multilingual_site:*:*:*:*:*:cms_made_simple:*:*"
:at [org.owasp.dependencycheck.data.nvdcve.CveDB parseCpe "CveDB.java" 1341]}
{:type us.springett.parsers.cpe.exceptions.CpeParsingException
:message "Invalid CPE (too many components): cpe:2.3:a:cmsmadesimple:bable:multilingual_site:*:*:*:*:*:cms_made_simple:*:*"
:at [us.springett.parsers.cpe.CpeParser parse23 "CpeParser.java" 225]}]
:trace
[[us.springett.parsers.cpe.CpeParser parse23 "CpeParser.java" 225]
[us.springett.parsers.cpe.CpeParser parse "CpeParser.java" 77]
[org.owasp.dependencycheck.data.nvdcve.CveDB parseCpe "CveDB.java" 1331]
[org.owasp.dependencycheck.data.nvdcve.CveDB lambda$parseCpes$3 "CveDB.java" 1298]
[java.util.ArrayList forEach "ArrayList.java" 1511]
[org.owasp.dependencycheck.data.nvdcve.CveDB parseCpes "CveDB.java" 1297]
[org.owasp.dependencycheck.data.nvdcve.CveDB updateVulnerability "CveDB.java" 880]
[org.owasp.dependencycheck.data.update.nvd.NvdCveParser parse "NvdCveParser.java" 99]
[org.owasp.dependencycheck.data.update.nvd.ProcessTask importJSON "ProcessTask.java" 139]
[org.owasp.dependencycheck.data.update.nvd.ProcessTask processFiles "ProcessTask.java" 152]
[org.owasp.dependencycheck.data.update.nvd.ProcessTask call "ProcessTask.java" 113]
[org.owasp.dependencycheck.data.update.nvd.ProcessTask call "ProcessTask.java" 40]
[java.util.concurrent.FutureTask run "FutureTask.java" 264]
[java.util.concurrent.ThreadPoolExecutor runWorker "ThreadPoolExecutor.java" 1130]
[java.util.concurrent.ThreadPoolExecutor$Worker run "ThreadPoolExecutor.java" 630]
[java.lang.Thread run "Thread.java" 832]]} #error {
:cause "No documents exist"
:via
[{:type org.owasp.dependencycheck.exception.NoDataException
:message "No documents exist"
:at [org.owasp.dependencycheck.Engine ensureDataExists "Engine.java" 1160]}]
:trace
[[org.owasp.dependencycheck.Engine ensureDataExists "Engine.java" 1160]
[org.owasp.dependencycheck.Engine analyzeDependencies "Engine.java" 671]
[nvd.task.check$scan_and_analyze$fn__1410 invoke "check.clj" 50]
[nvd.task.check$scan_and_analyze invokeStatic "check.clj" 49]
[nvd.task.check$scan_and_analyze invoke "check.clj" 44]
[nvd.task.check$_main invokeStatic "check.clj" 74]
[nvd.task.check$_main doInvoke "check.clj" 69]
[clojure.lang.RestFn invoke "RestFn.java" 408]
[leiningen.nvd$nvd invokeStatic "nvd.clj" 70]
[leiningen.nvd$nvd doInvoke "nvd.clj" 35]
[clojure.lang.RestFn invoke "RestFn.java" 425]
[clojure.lang.AFn applyToHelper "AFn.java" 156]
[clojure.lang.RestFn applyTo "RestFn.java" 132]
[clojure.lang.Var applyTo "Var.java" 705]
[clojure.core$apply invokeStatic "core.clj" 667]
[clojure.core$apply invoke "core.clj" 660]
[leiningen.core.main$partial_task$fn__7331 doInvoke "main.clj" 284]
[clojure.lang.RestFn applyTo "RestFn.java" 139]
[clojure.lang.AFunction$1 doInvoke "AFunction.java" 31]
[clojure.lang.RestFn applyTo "RestFn.java" 137]
[clojure.core$apply invokeStatic "core.clj" 667]
[clojure.core$apply invoke "core.clj" 660]
[leiningen.core.main$apply_task invokeStatic "main.clj" 334]
[leiningen.core.main$apply_task invoke "main.clj" 320]
[leiningen.core.main$resolve_and_apply invokeStatic "main.clj" 343]
[leiningen.core.main$resolve_and_apply invoke "main.clj" 336]
[leiningen.core.main$_main$fn__7420 invoke "main.clj" 453]
[leiningen.core.main$_main invokeStatic "main.clj" 442]
[leiningen.core.main$_main doInvoke "main.clj" 439]
[clojure.lang.RestFn applyTo "RestFn.java" 137]
[clojure.lang.Var applyTo "Var.java" 705]
[clojure.core$apply invokeStatic "core.clj" 665]
[clojure.main$main_opt invokeStatic "main.clj" 514]
[clojure.main$main_opt invoke "main.clj" 510]
[clojure.main$main invokeStatic "main.clj" 664]
[clojure.main$main doInvoke "main.clj" 616]
[clojure.lang.RestFn applyTo "RestFn.java" 137]
[clojure.lang.Var applyTo "Var.java" 705]
[clojure.main main "main.java" 40]]}]}
at nvd.task.check$scan_and_analyze$fn__1410.invoke (check.clj:55)
nvd.task.check$scan_and_analyze.invokeStatic (check.clj:49)
nvd.task.check$scan_and_analyze.invoke (check.clj:44)
nvd.task.check$_main.invokeStatic (check.clj:74)
nvd.task.check$_main.doInvoke (check.clj:69)
clojure.lang.RestFn.invoke (RestFn.java:408)
leiningen.nvd$nvd.invokeStatic (nvd.clj:70)
leiningen.nvd$nvd.doInvoke (nvd.clj:35)
clojure.lang.RestFn.invoke (RestFn.java:425)
clojure.lang.AFn.applyToHelper (AFn.java:156)
clojure.lang.RestFn.applyTo (RestFn.java:132)
clojure.lang.Var.applyTo (Var.java:705)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$apply.invoke (core.clj:660)
leiningen.core.main$partial_task$fn__7331.doInvoke (main.clj:284)
clojure.lang.RestFn.applyTo (RestFn.java:139)
clojure.lang.AFunction$1.doInvoke (AFunction.java:31)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$apply.invoke (core.clj:660)
leiningen.core.main$apply_task.invokeStatic (main.clj:334)
leiningen.core.main$apply_task.invoke (main.clj:320)
leiningen.core.main$resolve_and_apply.invokeStatic (main.clj:343)
leiningen.core.main$resolve_and_apply.invoke (main.clj:336)
leiningen.core.main$_main$fn__7420.invoke (main.clj:453)
leiningen.core.main$_main.invokeStatic (main.clj:442)
leiningen.core.main$_main.doInvoke (main.clj:439)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.lang.Var.applyTo (Var.java:705)
clojure.core$apply.invokeStatic (core.clj:665)
clojure.main$main_opt.invokeStatic (main.clj:514)
clojure.main$main_opt.invoke (main.clj:510)
clojure.main$main.invokeStatic (main.clj:664)
clojure.main$main.doInvoke (main.clj:616)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.lang.Var.applyTo (Var.java:705)
clojure.main.main (main.java:40)
[..]
It looks to me like the DB that is being downloaded has changed, and that has caused something to break.
from nvd-clojure.
@FnTm : the stacktrace you provided doesn't reflect NoClassDefFoundError
(as the OP's stacktrace does) so it doesn't look like a related error.
from nvd-clojure.
@machadogab : the error one can see is:
java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/deser/SettableBeanProperty$Delegating`
it's a pretty vanilla error and not necessarily related to lein-nvd. It relates more to dependency tree management.
lein-nvd depends (transitively) on Jackson. That one is known to be a sensitive dependency: if some other dep changes its version number, then things can easily break.
Checking out https://mvnrepository.com/artifact/org.owasp/dependency-check-core/6.0.5 (lein-nvd's dependency as of today), you can see that com.fasterxml.jackson.core/jackson-databind 2.12.0
is assumed.
I'd check out that all jackson-related dependencies consistently have 2.12.0
as their version.
One technique I've come to find handy is to preventively place a 'wall' of jackson deps, so that no transitive dep can change one of those:
from nvd-clojure.
lein-nvd 1.5.0 in conjunction with the following guide https://github.com/rm-hull/lein-nvd#avoiding-classpath-interference should make these issues go away.
Would love to hear an experience report.
from nvd-clojure.
Related Issues (20)
- Disable irrelevant analyzers
- Accept config as .edn
- FAQ
- cli: print location of html report
- Can't run 2.2.0 HOT 6
- Remove documentation relative to Leiningen config HOT 5
- Using nvd-clojure for JS dependencies, too HOT 2
- Add JDK 17 to the CI matrix
- Output a sarif file HOT 4
- CVE-2021-43138 and org.clojure/core.async HOT 3
- nvd-clojure incorrectly flags core.async with a CVE HOT 1
- Running from Clojure CLI gives java.lang.NoSuchMethodError HOT 4
- Issue template (or form)
- 2.6.0 release HOT 2
- Continuation of discussion from issue #142... HOT 2
- lein - Could not find artifact HOT 1
- Easier template/setup HOT 1
- Error for all users due to insufficient column width in the database HOT 6
- Does not work on Windows HOT 4
- Option to only fill the DB without analysing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nvd-clojure.