Skip to content

Commit eaa76f9

Browse files
jeremylongchadlwilson
jeremylong
and
chadlwilson
authored
fix: improve OSS Index Error Reporting (#7977)
Co-authored-by: Chad Wilson <[email protected]>
1 parent a98db25 commit eaa76f9

File tree

3 files changed

+61
-22
lines changed

3 files changed

+61
-22
lines changed

core/src/main/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzer.java

Lines changed: 27 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -148,40 +148,45 @@ protected void analyzeDependency(final Dependency dependency, final Engine engin
148148
try {
149149
requestDelay();
150150
reports = requestReports(engine.getDependencies());
151-
} catch (TransportException ex) {
151+
} catch (SocketTimeoutException e) {
152+
final boolean warnOnly = getSettings().getBoolean(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, false);
153+
this.setEnabled(false);
154+
if (warnOnly) {
155+
LOG.warn("OSS Index socket timeout, disabling the analyzer", e);
156+
} else {
157+
LOG.debug("OSS Index socket timeout", e);
158+
throw new AnalysisException("Failed to establish socket to OSS Index", e);
159+
}
160+
} catch (Exception ex) {
152161
final String message = ex.getMessage();
153162
final boolean warnOnly = getSettings().getBoolean(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, false);
154163
this.setEnabled(false);
155-
if (StringUtils.endsWith(message, "401")) {
156-
LOG.error("Invalid credentials for the OSS Index, disabling the analyzer");
157-
throw new AnalysisException("Invalid credentials provided for OSS Index", ex);
158-
} else if (StringUtils.endsWith(message, "403")) {
159-
LOG.error("OSS Index access forbidden, disabling the analyzer");
160-
throw new AnalysisException("OSS Index access forbidden", ex);
161-
} else if (StringUtils.endsWith(message, "429")) {
164+
if (StringUtils.contains(message, "401")) {
165+
if (warnOnly) {
166+
LOG.warn("Invalid credentials for the OSS Index, disabling the analyzer");
167+
} else {
168+
LOG.error("Invalid credentials for the OSS Index, disabling the analyzer");
169+
throw new AnalysisException("Invalid credentials provided for OSS Index", ex);
170+
}
171+
} else if (StringUtils.contains(message, "403")) {
172+
if (warnOnly) {
173+
LOG.warn("OSS Index access forbidden, disabling the analyzer");
174+
} else {
175+
LOG.error("OSS Index access forbidden, disabling the analyzer");
176+
throw new AnalysisException("OSS Index access forbidden", ex);
177+
}
178+
} else if (StringUtils.contains(message, "429")) {
162179
if (warnOnly) {
163180
LOG.warn("OSS Index rate limit exceeded, disabling the analyzer", ex);
164181
} else {
165182
throw new AnalysisException("OSS Index rate limit exceeded, disabling the analyzer", ex);
166183
}
167184
} else if (warnOnly) {
168-
LOG.warn("Error requesting component reports, disabling the analyzer", ex);
185+
LOG.warn("Error requesting component reports, disabling the analyzer. " + ex.getMessage(), ex);
169186
} else {
170187
LOG.debug("Error requesting component reports, disabling the analyzer", ex);
171-
throw new AnalysisException("Failed to request component-reports", ex);
172-
}
173-
} catch (SocketTimeoutException e) {
174-
final boolean warnOnly = getSettings().getBoolean(Settings.KEYS.ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS, false);
175-
this.setEnabled(false);
176-
if (warnOnly) {
177-
LOG.warn("OSS Index socket timeout, disabling the analyzer", e);
178-
} else {
179-
LOG.debug("OSS Index socket timeout", e);
180-
throw new AnalysisException("Failed to establish socket to OSS Index", e);
188+
throw new AnalysisException("Failed to request component-reports. " + ex.getMessage(), ex);
181189
}
182-
} catch (Exception e) {
183-
LOG.debug("Error requesting component reports", e);
184-
throw new AnalysisException("Failed to request component-reports", e);
185190
}
186191
}
187192

core/src/test/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest.java

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,39 @@ public void close() {
129129
}
130130
}
131131

132+
@Test
133+
void should_analyzeDependency_return_a_dedicated_error_message_when_401_response_from_sonatype() throws Exception {
134+
// Given
135+
OssIndexAnalyzer analyzer = new OssIndexAnalyzer();
136+
Settings settings = getSettings();
137+
setCredentials(settings);
138+
settings.setBoolean(KEYS.ANALYZER_OSSINDEX_USE_CACHE, false);
139+
try (Engine engine = new Engine(settings)) {
140+
141+
analyzer.initialize(settings);
142+
analyzer.prepareAnalyzer(engine);
143+
144+
Identifier identifier = new PurlIdentifier("maven", "test", "test", "1.0",
145+
Confidence.HIGHEST);
146+
147+
Dependency dependency = new Dependency();
148+
dependency.addSoftwareIdentifier(identifier);
149+
engine.setDependencies(Collections.singletonList(dependency));
150+
151+
// When
152+
AnalysisException output = new AnalysisException();
153+
try {
154+
analyzer.analyzeDependency(dependency, engine);
155+
} catch (AnalysisException e) {
156+
output = e;
157+
}
158+
159+
// Then
160+
assertEquals("Invalid credentials provided for OSS Index", output.getMessage());
161+
analyzer.close();
162+
}
163+
}
164+
132165
@Test
133166
void should_analyzeDependency_return_a_dedicated_error_message_when_403_response_from_sonatype() throws Exception {
134167
// Given

pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -625,6 +625,7 @@ Copyright (c) 2012 - Jeremy Long
625625
<artifactId>maven-surefire-plugin</artifactId>
626626
<configuration>
627627
<argLine>@{surefireArgLine} -Dfile.encoding=UTF-8</argLine>
628+
<failIfNoTests>false</failIfNoTests>
628629
<systemPropertyVariables>
629630
<data.directory>${project.build.directory}/data</data.directory>
630631
<temp.directory>${project.build.directory}/temp</temp.directory>

0 commit comments

Comments
 (0)