Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ant-Task NPE when data directory is empty #2801

Closed
cstsw opened this issue Sep 9, 2020 · 5 comments
Closed

Ant-Task NPE when data directory is empty #2801

cstsw opened this issue Sep 9, 2020 · 5 comments
Labels
bug
Milestone
6.0.1

Comments

@cstsw
Copy link

cstsw commented Sep 9, 2020
edited

Describe the bug
I read about the CVE database incompatibility between 5.3 and 6.0.0, so I purged the dependency-check data directory. Subsequently the dependency-check Ant-Task fails with a NPE as the database-Property of the Engine-class seems to be null (see stacktrace below). If the data directory is populated - e.g. by the Gradle-Plugin 6.0.0 (that does NOT have this issue) - the Ant task works again.

My build uses an explicitly set data directory. However, the problem also occurs when I don't set the data directory.

The entire task definition is as follows:

<dependency-check 
		reportoutputdirectory="${dir.reports.dc}"
		autoupdate="true"
		projectname="my project name"
		reportformat="ALL"
		datadirectory="${dependency-check.datadirectory}"
		failonerror="false">
    <fileset dir="${basedir}/../${dir.libs}" includes="**/*.jar" />
    <fileset dir="${basedir}/.." includes="**/lib/**/*.jar" />
    <fileset dir="${basedir}" includes="**/lib/**/*.jar" />
 </dependency-check>

Version of dependency-check used
The exception occurs using version 6.0.0 of the Ant-Plugin. The Ant build runs with JDK 1.8 and Apache Ant 1.10.8.

Log file
Stacktrace:

 java.lang.NullPointerException
        at org.owasp.dependencycheck.Engine.writeReports(Engine.java:1241)
        at org.owasp.dependencycheck.Engine.writeReports(Engine.java:1195)
        at org.owasp.dependencycheck.taskdefs.Check.execute(Check.java:1645)
        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
        at org.apache.tools.ant.Task.perform(Task.java:350)
        at org.apache.tools.ant.Target.execute(Target.java:449)
        at org.apache.tools.ant.Target.performTasks(Target.java:470)
        at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391)
        at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
        at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
        at org.apache.tools.ant.Project.executeTargets(Project.java:1254)
        at org.apache.tools.ant.Main.runBuild(Main.java:830)
        at org.apache.tools.ant.Main.startAnt(Main.java:223)
        at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284)
        at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101)

To Reproduce
Steps to reproduce the behavior:

  1. Remove all files from the data directory depency check uses.
  2. Run dependency-check Ant Task.
  3. The aforementioned exception occurs.

Expected behavior
The dependency-check Ant tasks is able to downloads all CVE data and populate it's data directory before executing the actual analysis.

Additional context

  • When the dependency-check Ant-Task fails with the NPE it actually writes some small/empty files into the data directory:
odc.mv.db (12KB)
cache/CENTRAL.data (0 Bytes)
cache/CENTRAL.key (0 Bytes)
cache/NODEAUDIT.data (0 Bytes)
cache/NODEAUDIT.key (0 Bytes)
cache/POM.data (0 Bytes)
cache/POM.key (0 Bytes)
  • The exception occurs because the database-instance variable of the Engine-class is null in line 1241. However, it's initialization in the openDatabase-method does not log any error/output, so the actual cause of this problem is not clear from the log.
  • The task's output in it's entirety is as follows:
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.engine.control.CompositeCacheManager getUnconfiguredInstance
[dependency-check] INFORMATION: Instance is null, returning unconfigured instance
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.utils.threadpool.ThreadPoolManager loadConfig
[dependency-check] INFORMATION: thread_pool.default PoolConfiguration = useBoundary = [false] boundarySize = [2000] maximumPoolSize = [150] minimumPoolSize = [4] keepAliveTime = [300000] whenBlockedPolicy = [RUN] startUpSize = [4]
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.engine.control.CompositeCacheManager doConfigure
[dependency-check] INFORMATION: Setting default auxiliaries to ODC
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.engine.control.CompositeCacheManager doConfigure
[dependency-check] INFORMATION: setting defaultCompositeCacheAttributes to [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ]
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.engine.control.CompositeCacheManager doConfigure
[dependency-check] INFORMATION: setting defaultElementAttributes to [ IS_LATERAL = false, IS_SPOOL = true, IS_REMOTE = false, IS_ETERNAL = false, MaxLifeSeconds = 86400, IdleTime = 1800, CreateTime = 1599646918630, LastAccessTime = 1599646918630, getTimeToLiveSeconds() = 86399, createTime = 1599646918630 ]
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.engine.memory.AbstractDoubleLinkedListMemoryCache initialize
[dependency-check] INFORMATION: initialized MemoryCache for POM
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.engine.control.CompositeCache <init>
[dependency-check] INFORMATION: Constructed cache with name [POM] and cache attributes [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ]
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator parseCacheEventLogger
[dependency-check] INFORMATION: No cache event logger defined for auxiliary [jcs.auxiliary.ODC]
[dependency-check] Sep 09, 2020 12:21:58 PM org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator parseElementSerializer
[dependency-check] INFORMATION: Using standard serializer [org.apache.commons.jcs.utils.serialization.StandardSerializer@3d6f0054] for auxiliary [jcs.auxiliary.ODC]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.utils.threadpool.ThreadPoolManager loadConfig
[dependency-check] INFORMATION: thread_pool.disk_cache_event_queue PoolConfiguration = useBoundary = [false] boundarySize = [2000] maximumPoolSize = [150] minimumPoolSize = [4] keepAliveTime = [300000] whenBlockedPolicy = [RUN] startUpSize = [4]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache initializeFileSystem
[dependency-check] INFORMATION: Region [POM] Cache file root directory: D:\cs\profile\dependency-check\cache
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache initializeKeyMap
[dependency-check] INFORMATION: Region [POM] Set maxKeySize to: '1000000'
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache <init>
[dependency-check] INFORMATION: Region [POM] Indexed Disk Cache is alive.
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.engine.memory.AbstractDoubleLinkedListMemoryCache initialize
[dependency-check] INFORMATION: initialized MemoryCache for NODEAUDIT
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.engine.control.CompositeCache <init>
[dependency-check] INFORMATION: Constructed cache with name [NODEAUDIT] and cache attributes [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator parseCacheEventLogger
[dependency-check] INFORMATION: No cache event logger defined for auxiliary [jcs.auxiliary.ODC]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator parseElementSerializer
[dependency-check] INFORMATION: Using standard serializer [org.apache.commons.jcs.utils.serialization.StandardSerializer@66f57048] for auxiliary [jcs.auxiliary.ODC]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache initializeFileSystem
[dependency-check] INFORMATION: Region [NODEAUDIT] Cache file root directory: D:\cs\profile\dependency-check\cache
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache initializeKeyMap
[dependency-check] INFORMATION: Region [NODEAUDIT] Set maxKeySize to: '1000000'
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache <init>
[dependency-check] INFORMATION: Region [NODEAUDIT] Indexed Disk Cache is alive.
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.engine.memory.AbstractDoubleLinkedListMemoryCache initialize
[dependency-check] INFORMATION: initialized MemoryCache for CENTRAL
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.engine.control.CompositeCache <init>
[dependency-check] INFORMATION: Constructed cache with name [CENTRAL] and cache attributes [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator parseCacheEventLogger
[dependency-check] INFORMATION: No cache event logger defined for auxiliary [jcs.auxiliary.ODC]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator parseElementSerializer
[dependency-check] INFORMATION: Using standard serializer [org.apache.commons.jcs.utils.serialization.StandardSerializer@550dbc7a] for auxiliary [jcs.auxiliary.ODC]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache initializeFileSystem
[dependency-check] INFORMATION: Region [CENTRAL] Cache file root directory: D:\cs\profile\dependency-check\cache
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache initializeKeyMap
[dependency-check] INFORMATION: Region [CENTRAL] Set maxKeySize to: '1000000'
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache <init>
[dependency-check] INFORMATION: Region [CENTRAL] Indexed Disk Cache is alive.
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.engine.control.CompositeCacheConfigurator parseRegions
[dependency-check] INFORMATION: Parsed regions [POM, NODEAUDIT, CENTRAL]
[dependency-check] Sep 09, 2020 12:21:59 PM org.apache.commons.jcs.engine.control.CompositeCacheManager doConfigure
[dependency-check] INFORMATION: Finished configuration in 450 ms.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.event.ElementEventQueue dispose
[dependency-check] INFORMATION: Element event queue destroyed: org.apache.commons.jcs.engine.control.event.ElementEventQueue@25aca718
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [NODEAUDIT] fromRemote [false]
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [NODEAUDIT] auxiliary [NODEAUDIT]
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [NODEAUDIT] put 0 into auxiliary NODEAUDIT
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache run
[dependency-check] INFORMATION: No longer waiting for event queue to finish: Pooled Cache Event Queue
[dependency-check] Working = true
[dependency-check] Alive = false
[dependency-check] Empty = true
[dependency-check] Queue Size = 0
[dependency-check] Queue Capacity = 2147483647
[dependency-check] Pool Size = 0
[dependency-check] Maximum Pool Size = 150
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache dispose
[dependency-check] INFORMATION: In dispose, destroying event queue.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache saveKeys
[dependency-check] INFORMATION: Region [NODEAUDIT] Saving keys to: NODEAUDIT, key count: 0
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache saveKeys
[dependency-check] INFORMATION: Region [NODEAUDIT] Finished saving keys.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache disposeInternal
[dependency-check] INFORMATION: Region [NODEAUDIT] Shutdown complete.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [NODEAUDIT] disposing of memory cache.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.memory.AbstractMemoryCache dispose
[dependency-check] INFORMATION: Memory Cache dispose called.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [CENTRAL] fromRemote [false]
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [CENTRAL] auxiliary [CENTRAL]
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [CENTRAL] put 0 into auxiliary CENTRAL
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache run
[dependency-check] INFORMATION: No longer waiting for event queue to finish: Pooled Cache Event Queue
[dependency-check] Working = true
[dependency-check] Alive = false
[dependency-check] Empty = true
[dependency-check] Queue Size = 0
[dependency-check] Queue Capacity = 2147483647
[dependency-check] Pool Size = 0
[dependency-check] Maximum Pool Size = 150
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache dispose
[dependency-check] INFORMATION: In dispose, destroying event queue.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache saveKeys
[dependency-check] INFORMATION: Region [CENTRAL] Saving keys to: CENTRAL, key count: 0
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache saveKeys
[dependency-check] INFORMATION: Region [CENTRAL] Finished saving keys.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache disposeInternal
[dependency-check] INFORMATION: Region [CENTRAL] Shutdown complete.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [CENTRAL] disposing of memory cache.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.memory.AbstractMemoryCache dispose
[dependency-check] INFORMATION: Memory Cache dispose called.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [POM] fromRemote [false]
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [POM] auxiliary [POM]
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [POM] put 0 into auxiliary POM
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache run
[dependency-check] INFORMATION: No longer waiting for event queue to finish: Pooled Cache Event Queue
[dependency-check] Working = true
[dependency-check] Alive = false
[dependency-check] Empty = true
[dependency-check] Queue Size = 0
[dependency-check] Queue Capacity = 2147483647
[dependency-check] Pool Size = 0
[dependency-check] Maximum Pool Size = 150
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache dispose
[dependency-check] INFORMATION: In dispose, destroying event queue.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache saveKeys
[dependency-check] INFORMATION: Region [POM] Saving keys to: POM, key count: 0
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache saveKeys
[dependency-check] INFORMATION: Region [POM] Finished saving keys.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache disposeInternal
[dependency-check] INFORMATION: Region [POM] Shutdown complete.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.control.CompositeCache dispose
[dependency-check] INFORMATION: In DISPOSE, [POM] disposing of memory cache.
[dependency-check] Sep 09, 2020 12:22:00 PM org.apache.commons.jcs.engine.memory.AbstractMemoryCache dispose
[dependency-check] INFORMATION: Memory Cache dispose called.
@cstsw cstsw added the bug label Sep 9, 2020
@jeremylong
Copy link
Owner

Any chance you could run with the Ant -debug flag and post the section from the dependency-check task. It prints out the all of the properties near the top of the execution and I'm curious, for the case when the directory is empty, what the value is for data.directory (it may print twice). If you can please post as much of the debug log file when the data directory has been purged.

@cstsw
Copy link
Author

cstsw commented Sep 11, 2020
edited

Sure! You find the full debug log attached [Removed as no longer necessary].

data.directory occurs three times:

[...]
data.directory='[JAR]/data'
[...]
data.directory='data/4.0'
[...]
data.directory='D:/cs/profile/dependency-check'
[...]

Of course the last one is the one I intended to use (and purged before running the build).

My wild guess would be that the data.directory is not the problem but the root cause of the problem can be found in line 4118ff ("resource data/initialize.sql not found"):

DatabaseException: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to create database schema
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.createTables(ConnectionFactory.java:332)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:182)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection(ConnectionFactory.java:230)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.open(CveDB.java:266)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.<init>(CveDB.java:236)
	at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:1047)
	at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:923)
	at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:740)
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:670)
	at org.owasp.dependencycheck.taskdefs.Check.callExecuteAnalysis(Check.java:1685)
	at org.owasp.dependencycheck.taskdefs.Check.execute(Check.java:1642)
	at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
	at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
	at org.apache.tools.ant.Task.perform(Task.java:350)
	at org.apache.tools.ant.Target.execute(Target.java:449)
	at org.apache.tools.ant.Target.performTasks(Target.java:470)
	at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391)
	at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
	at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
	at org.apache.tools.ant.Project.executeTargets(Project.java:1254)
	at org.apache.tools.ant.Main.runBuild(Main.java:830)
	at org.apache.tools.ant.Main.startAnt(Main.java:223)
	at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284)
	at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101)
Caused by: java.lang.IllegalArgumentException: resource data/initialize.sql not found.
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:217)
	at com.google.common.io.Resources.getResource(Resources.java:195)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.createTables(ConnectionFactory.java:319)
	... 26 more

@jeremylong
Copy link
Owner

And that would be the problem - I missed an update. I'll release 6.0.1 shortly.

@jeremylong jeremylong added this to the 6.0.1 milestone Sep 13, 2020
jeremylong added a commit that referenced this issue Sep 13, 2020
@jeremylong
fix for #2801
5f73ded
@cstsw
Copy link
Author

cstsw commented Sep 14, 2020

Thanks, Jeremy!

@cstsw
Copy link
Author

cstsw commented Sep 14, 2020

I just tried the 6.0.1 release and the problem persists for me.

It also fails if I don't purge my data.dir but let the database produced by 5.3.2 remain in that directory. Then dependency-check tries to load an upgrade sql file (resource data/upgrade_4.1.sql) which also can't be loaded (though contained in the depedency-check-core-6.0.1.jar); see stacktrace below.

Has anything changed with classloaders or classpaths (apart from library-version changes) between 5.3 and 6.0?

Another detail: I have only put the files from the distribtion's dependency-check-ant/lib/ directory into the runtime classpath of the ant-task. The dependency-check-ant.jar from the dependency-check-ant/ directory is not present there. Should it be?

DatabaseException: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Upgrade SQL file does not exist: data/upgrade_4.1.sql
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.updateSchema(ConnectionFactory.java:374)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.ensureSchemaVersion(ConnectionFactory.java:426)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:189)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection(ConnectionFactory.java:230)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.open(CveDB.java:266)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.<init>(CveDB.java:236)
	at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:1047)
	at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:923)
	at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:740)
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:670)
	at org.owasp.dependencycheck.taskdefs.Check.callExecuteAnalysis(Check.java:1685)
	at org.owasp.dependencycheck.taskdefs.Check.execute(Check.java:1642)
	at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
	at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
	at org.apache.tools.ant.Task.perform(Task.java:350)
	at org.apache.tools.ant.Target.execute(Target.java:449)
	at org.apache.tools.ant.Target.performTasks(Target.java:470)
	at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391)
	at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
	at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
	at org.apache.tools.ant.Project.executeTargets(Project.java:1254)
	at org.apache.tools.ant.Main.runBuild(Main.java:830)
	at org.apache.tools.ant.Main.startAnt(Main.java:223)
	at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284)
	at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101)
Caused by: java.lang.IllegalArgumentException: resource data/upgrade_4.1.sql not found.
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:217)
	at com.google.common.io.Resources.getResource(Resources.java:195)
	at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.updateSchema(ConnectionFactory.java:358)
	... 27 more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
6.0.1
Development

No branches or pull requests
2 participants
@jeremylong @cstsw