Skip to content

Error org.owasp.dependencycheck.xml.pom.PomParseException with ojdbc7.jar analysis #1439

Closed
Closed
Error org.owasp.dependencycheck.xml.pom.PomParseException with ojdbc7.jar analysis#1439
Labels
bug
@DmitriyStoyanov

Description

@DmitriyStoyanov
DmitriyStoyanov
opened on Aug 11, 2018

After upgrading OWASP Dependency Check CLI 3.2.0 -> 3.3.1 Faced with error:
org.owasp.dependencycheck.xml.pom.PomParseException: Unable to parse pom ...

after adding logs found, that issue with ojdbc7.jar file.
Just for test, I have created directory with only this jar file and started /d/tmp/dependency-check/bin/dependency-check.bat --project "OJDBC" --scan "." --format ALL --log odc.log

...
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (1 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[WARN] Unable to parse pom 'C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml'
[WARN] An error occurred while analyzing 'D:\tmp\git\tmp\owasp-ojdbc-issue\ojdbc7.jar' (Central Analyzer).
[INFO] Finished Central Analyzer (388 seconds)
...
[INFO] Analysis Complete (392 seconds)
[ERROR] org.owasp.dependencycheck.xml.pom.PomParseException: Unable to parse pom 'C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml'

main issue that it cannot find needed lib in Central Repository:

DEBUG - Starting Central Analyzer
2018-08-11 15:42:33,522 org.owasp.dependencycheck.Engine:807
DEBUG - Parallel processing with up to 4 threads: Central Analyzer.
2018-08-11 15:42:33,522 org.owasp.dependencycheck.AnalysisTask:86
DEBUG - Begin Analysis of 'D:\tmp\git\tmp\owasp-ojdbc-issue\ojdbc7.jar' (Central Analyzer)
2018-08-11 15:42:33,523 org.owasp.dependencycheck.data.central.CentralSearch:126
DEBUG - Searching Central url https://search.maven.org/solrsearch/select?q=1:7c9b5984b2c1e32e7c8cf3331df77f31e89e24c2&wt=xml
2018-08-11 15:42:34,355 org.owasp.dependencycheck.analyzer.CentralAnalyzer:227
DEBUG - Central analyzer found artifact (cn.easyproject:ojdbc7:12.1.0.2.0) for dependency (ojdbc7.jar)
2018-08-11 15:42:34,355 org.owasp.dependencycheck.dependency.Dependency:512
DEBUG - Adding new maven identifier cn.easyproject:ojdbc7:12.1.0.2.0
2018-08-11 15:42:34,361 org.owasp.dependencycheck.analyzer.CentralAnalyzer:240
DEBUG - Downloading https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:42:34,361 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:42:36,523 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:42:40,107 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:42:46,725 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:42:59,330 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:43:23,938 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:44:12,559 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:45:49,205 org.owasp.dependencycheck.utils.Downloader:129
DEBUG - Attempting download of https://search.maven.org/remotecontent?filepath=cn/easyproject/ojdbc7/12.1.0.2.0/ojdbc7-12.1.0.2.0.pom
2018-08-11 15:49:02,053 org.owasp.dependencycheck.xml.pom.PomParser:68
DEBUG - 
java.io.FileNotFoundException: C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml (The system cannot find the file specified)
	at java.io.FileInputStream.open0(Native Method)
	at java.io.FileInputStream.open(Unknown Source)
	at java.io.FileInputStream.<init>(Unknown Source)
	at org.owasp.dependencycheck.xml.pom.PomParser.parse(PomParser.java:65)
	at org.owasp.dependencycheck.xml.pom.PomUtils.readPom(PomUtils.java:62)
	at org.owasp.dependencycheck.xml.pom.PomUtils.analyzePOM(PomUtils.java:139)
	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:261)
	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:136)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
2018-08-11 15:49:02,054 org.owasp.dependencycheck.xml.pom.PomUtils:70
WARN  - Unable to parse pom 'C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml'
2018-08-11 15:49:02,054 org.owasp.dependencycheck.xml.pom.PomUtils:81
DEBUG - 
org.owasp.dependencycheck.xml.pom.PomParseException: Unable to parse pom 'C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml'
	at org.owasp.dependencycheck.xml.pom.PomParser.parse(PomParser.java:69)
	at org.owasp.dependencycheck.xml.pom.PomUtils.readPom(PomUtils.java:62)
	at org.owasp.dependencycheck.xml.pom.PomUtils.analyzePOM(PomUtils.java:139)
	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:261)
	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:136)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.io.FileNotFoundException: C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml (The system cannot find the file specified)
	at java.io.FileInputStream.open0(Native Method)
	at java.io.FileInputStream.open(Unknown Source)
	at java.io.FileInputStream.<init>(Unknown Source)
	at org.owasp.dependencycheck.xml.pom.PomParser.parse(PomParser.java:65)
	... 10 common frames omitted
2018-08-11 15:49:02,054 org.owasp.dependencycheck.AnalysisTask:90
WARN  - An error occurred while analyzing 'D:\tmp\git\tmp\owasp-ojdbc-issue\ojdbc7.jar' (Central Analyzer).
2018-08-11 15:49:02,055 org.owasp.dependencycheck.AnalysisTask:91
DEBUG - 
org.owasp.dependencycheck.analyzer.exception.AnalysisException: org.owasp.dependencycheck.xml.pom.PomParseException: Unable to parse pom 'C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml'
	at org.owasp.dependencycheck.xml.pom.PomUtils.readPom(PomUtils.java:82)
	at org.owasp.dependencycheck.xml.pom.PomUtils.analyzePOM(PomUtils.java:139)
	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:261)
	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:136)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: org.owasp.dependencycheck.xml.pom.PomParseException: Unable to parse pom 'C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml'
	at org.owasp.dependencycheck.xml.pom.PomParser.parse(PomParser.java:69)
	at org.owasp.dependencycheck.xml.pom.PomUtils.readPom(PomUtils.java:62)
	... 9 common frames omitted
Caused by: java.io.FileNotFoundException: C:\Users\User\AppData\Local\Temp\dctemp53e4902f-83d6-401c-883c-aaa181a26d9a\pom2726894874192483239.xml (The system cannot find the file specified)
	at java.io.FileInputStream.open0(Native Method)
	at java.io.FileInputStream.open(Unknown Source)
	at java.io.FileInputStream.<init>(Unknown Source)
	at org.owasp.dependencycheck.xml.pom.PomParser.parse(PomParser.java:65)
	... 10 common frames omitted
2018-08-11 15:49:02,055 org.owasp.dependencycheck.Engine:675
INFO  - Finished Central Analyzer (388 seconds)

Full Log of scan you can find here: odc.log

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions