Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter #5845

Merged
merged 2 commits into from
Jul 29, 2023
Merged

fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter #5845

merged 2 commits into from
Jul 29, 2023

Conversation

frozenSolid
Copy link
Contributor

Fixes Issue

When OSS Index is down and not responding on its TCP socket, a SocketTimeoutException is thrown by the analyzer regardless of the ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS setting.
I encountered this issue this morning in 8.3.1:

exception: org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:159)
org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
java.base/java.lang.Thread.run(Thread.java:833)

Read timed out
cause: java.net.SocketTimeoutException: Read timed out java.base/sun.nio.ch.NioSocketImpl.timedRead(NioSocketImpl.java:283)
java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:309)
java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
java.base/java.net.Socket$SocketInputStream.read(Socket.java:976)
java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484)
java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478)
java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:70)
java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1465)
java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1069)
java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:284)
java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:343)
java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:824)
java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:759)
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1691)
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1592)
java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:529)
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:308)
[org.sonatype.ossindex.service.client.transport.HttpUrlConnectionTransport.post](http://org.sonatype.ossindex.service.client.transport.httpurlconnectiontransport.post/)(HttpUrlConnectionTransport.java:95)
org.sonatype.ossindex.service.client.internal.OssindexClientImpl.doRequestComponentReports(OssindexClientImpl.java:204)
org.sonatype.ossindex.service.client.internal.OssindexClientImpl.requestComponentReports(OssindexClientImpl.java:170)
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.requestReports(OssIndexAnalyzer.java:219)
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:134)
org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
java.base/java.lang.Thread.run(Thread.java:833)

Description of Change

This PR will use the ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS to determine whether an error or warning should be returned in the event of OSS Index causing a SocketTimeoutException to be raised.

Have test cases been added to cover the new functionality?

yes

Thanks for all of your awesome work on Dependency check!

@frozenSolid
OSS Index sockettimeout handling
a1714ce 
OSS Index sockettimeout handling
@boring-cyborg boring-cyborg bot added core changes to core tests test cases labels Jul 27, 2023
@frozenSolid frozenSolid changed the title OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter Jul 27, 2023
@frozenSolid
Copy link
Contributor Author

added fix: prefix to PR title 👍

@aikebah aikebah changed the title fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter Jul 28, 2023
@aikebah
Copy link
Collaborator

aikebah commented Jul 28, 2023

added fix: prefix to PR title 👍

make sure to not add a leading space in the process next time ;)

@aikebah aikebah added this to the 8.3.2 milestone Jul 28, 2023
@frozenSolid
this.setEnabled(false);
02a3dc5 
this.setEnabled(false);
@frozenSolid frozenSolid mentioned this pull request Jul 28, 2023
Open
aikebah
aikebah approved these changes Jul 29, 2023
View reviewed changes
Copy link
Collaborator

@aikebah aikebah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR

@aikebah aikebah merged commit 3147d91 into jeremylong:main Jul 29, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aikebah aikebah aikebah approved these changes

Assignees
No one assigned
Labels
core changes to core tests test cases
Projects
None yet
Milestone
8.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@frozenSolid @aikebah