Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
JsonArrayFixingInputStream produces broken output on certain repositories
See original GitHub issueDescribe the bug JsonArrayFixingInputStream produces broken output on certain repositories.
Version of dependency-check used The problem occurs using version 6.1.3 of the cli. The older release 6.1.2 is working.
Log file
2021-03-26 18:19:35,948 org.owasp.dependencycheck.App:208
ERROR - Unexpected exit code from go process; exit code: 141
2021-03-26 18:19:35,949 org.owasp.dependencycheck.App:209
DEBUG - unexpected error
org.owasp.dependencycheck.analyzer.exception.AnalysisException: Unexpected exit code from go process; exit code: 141
at org.owasp.dependencycheck.analyzer.GolangModAnalyzer.analyzeDependency(GolangModAnalyzer.java:295)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
Suppressed: org.owasp.dependencycheck.analyzer.exception.AnalysisException: Error parsing stream
at org.owasp.dependencycheck.data.golang.GoModJsonParser.process(GoModJsonParser.java:86)
at org.owasp.dependencycheck.processing.GoModProcessor.run(GoModProcessor.java:62)
... 1 common frames omitted
Caused by: javax.json.stream.JsonParsingException: Invalid token=COLON at (line no=979, column no=8, offset=36995). Expected tokens are: [COMMA]
at org.glassfish.json.JsonParserImpl.parsingException(JsonParserImpl.java:450)
at org.glassfish.json.JsonParserImpl.access$1100(JsonParserImpl.java:79)
at org.glassfish.json.JsonParserImpl$ArrayContext.getNextEvent(JsonParserImpl.java:557)
at org.glassfish.json.JsonParserImpl.next(JsonParserImpl.java:376)
at org.glassfish.json.JsonParserImpl.getArray(JsonParserImpl.java:324)
at org.glassfish.json.JsonParserImpl.getArray(JsonParserImpl.java:164)
at org.glassfish.json.JsonReaderImpl.readArray(JsonReaderImpl.java:129)
at org.owasp.dependencycheck.data.golang.GoModJsonParser.process(GoModJsonParser.java:71)
... 2 common frames omitted
To Reproduce Steps to reproduce the behavior:
dependency-check -l scan.log --scan go.mod- See error in log
Expected behavior Successful execution.
Additional context As a quick fix I increased the buffer size and I’m able to execute the scanner succesfully (based on git commit b1bbc4469):
diff --git a/utils/src/main/java/org/owasp/dependencycheck/utils/JsonArrayFixingInputStream.java b/utils/src/main/java/org/owasp/dependencycheck/utils/JsonArrayFixingInputStream.java
index c0b253a69..b2a367a48 100644
--- a/utils/src/main/java/org/owasp/dependencycheck/utils/JsonArrayFixingInputStream.java
+++ b/utils/src/main/java/org/owasp/dependencycheck/utils/JsonArrayFixingInputStream.java
@@ -49,7 +49,7 @@ public class JsonArrayFixingInputStream extends InputStream {
/**
* The buffer length.
*/
- private static final int BUFFER_SIZE = 2048;
+ private static final int BUFFER_SIZE = 8192;
/**
* The input stream to be filtered.
*/
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Fix list for IBM WebSphere Application Server traditional V9
IBM WebSphere Application Server traditional provides periodic fixes for the base and Network Deployment editions of release V9. The following is a complete ......
Read more >Java EE 7: Using JAX-RS Client API to consume RESTful Web ...
This section gives a brief introduction to the Java API for RESTful Web Services and the Java API for JSON Processing. JAX-RS (JSR-339)...
Read more >RESTEasy JAX-RS - JBoss.org
A JAXB Provider is selected by RESTEasy when a parameter or return type is an object that is annotated with JAXB annotations (such...
Read more >Jersey 2.37 User Guide - GitHub Pages
There are some restrictions when injecting on to resource classes with a life-cycle of singleton scope. In such cases the class fields or...
Read more >Ubuntu Manpage: jq - Command-line JSON processor
Some filters produce multiple results, for instance there´s one that produces all the elements of its input array. Piping that filter into a...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
With #3599 the primary bug has been resolved. In addition we have improved the error reporting so that if an error occurs analyzing a go.mod in the vendor directory you will be able to tell (i.e. we are better about including the file path in the error message). I’m still debating whether or not we should completely skip any go.mod in the vendor directory…
The repository I’m testing only has one
go.modwith about 18 dependencies, so I don’t think it has something to do withvendorfolders or multiplego.modfiles (at least in my case - it can be a different issue).Tried
and errors with
I’m running 6.2.2 (latest by the time of writing).