Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error "com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ExploitMaturityType, problem: PROOF-OF-CONCEPT" #170

Closed
hewittjRL opened this issue Oct 21, 2024 · 1 comment
Closed

Error "com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ExploitMaturityType, problem: PROOF-OF-CONCEPT" #170

hewittjRL opened this issue Oct 21, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@hewittjRL
Copy link

Describe the bug
After resolving the issue described in dependency-check-build-task@6 fails on windows-latest hosted agent since release of DependencyCheck 11.0.0 I am now running into another issue shown below in my pipeline output below.

To Reproduce
Steps to reproduce the behavior:

  1. Apply fix in other issue linked above
  2. Run the pipeline

Logs

2024-10-21T19:51:51.8639001Z [INFO] Checking for updates
2024-10-21T19:52:10.7453889Z [INFO] NVD API has 266,521 records in this update
2024-10-21T19:52:29.3349476Z [INFO] Downloaded 10,000/266,521 (4%)
2024-10-21T19:52:53.5293972Z [INFO] Downloaded 20,000/266,521 (8%)
2024-10-21T19:52:58.6117120Z [INFO] Downloaded 30,000/266,521 (11%)
2024-10-21T19:53:09.3277431Z [INFO] Downloaded 40,000/266,521 (15%)
2024-10-21T19:53:45.9578275Z [INFO] Downloaded 50,000/266,521 (19%)
2024-10-21T19:53:54.5722382Z [INFO] Downloaded 60,000/266,521 (23%)
2024-10-21T19:54:12.4923502Z [INFO] Downloaded 70,000/266,521 (26%)
2024-10-21T19:54:37.0354285Z [INFO] Downloaded 80,000/266,521 (30%)
2024-10-21T19:54:59.1501372Z [INFO] Downloaded 90,000/266,521 (34%)
2024-10-21T19:55:12.3876409Z [INFO] Downloaded 100,000/266,521 (38%)
2024-10-21T19:55:28.7266189Z [INFO] Downloaded 110,000/266,521 (41%)
2024-10-21T19:55:49.7294468Z [INFO] Downloaded 120,000/266,521 (45%)
2024-10-21T19:56:09.6821444Z [INFO] Downloaded 130,000/266,521 (49%)
2024-10-21T19:56:25.5193578Z [INFO] Downloaded 140,000/266,521 (53%)
2024-10-21T19:56:55.3047775Z [INFO] Downloaded 150,000/266,521 (56%)
2024-10-21T19:57:14.1805920Z [INFO] Downloaded 160,000/266,521 (60%)
2024-10-21T19:57:42.0568598Z [INFO] Downloaded 170,000/266,521 (64%)
2024-10-21T19:58:02.4790096Z [INFO] Downloaded 180,000/266,521 (68%)
2024-10-21T19:58:21.2973406Z [INFO] Downloaded 190,000/266,521 (71%)
2024-10-21T19:58:44.3395324Z [INFO] Downloaded 200,000/266,521 (75%)
2024-10-21T19:58:58.7008532Z [INFO] Downloaded 210,000/266,521 (79%)
2024-10-21T19:59:22.5918182Z [INFO] Downloaded 220,000/266,521 (83%)
2024-10-21T19:59:46.6027938Z [INFO] Downloaded 230,000/266,521 (86%)
2024-10-21T20:00:19.3997058Z [INFO] Downloaded 240,000/266,521 (90%)
2024-10-21T20:00:49.8858206Z [ERROR] Task java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask@7a27e070[Not completed, task = java.util.concurrent.Executors$RunnableAdapter@2d34afbb[Wrapped task = org.apache.hc.client5.http.impl.async.InternalAbstractHttpAsyncClient$ScheduledRequestExecution@1c6b55e9]] rejected from java.util.concurrent.ScheduledThreadPoolExecutor@7698fe2c[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0]
2024-10-21T20:00:49.8860207Z java.util.concurrent.RejectedExecutionException: Task java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask@7a27e070[Not completed, task = java.util.concurrent.Executors$RunnableAdapter@2d34afbb[Wrapped task = org.apache.hc.client5.http.impl.async.InternalAbstractHttpAsyncClient$ScheduledRequestExecution@1c6b55e9]] rejected from java.util.concurrent.ScheduledThreadPoolExecutor@7698fe2c[Terminated, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0]
2024-10-21T20:00:49.8861218Z 	at java.base/java.util.concurrent.ThreadPoolExecutor$AbortPolicy.rejectedExecution(ThreadPoolExecutor.java:2055)
2024-10-21T20:00:49.8861760Z 	at java.base/java.util.concurrent.ThreadPoolExecutor.reject(ThreadPoolExecutor.java:825)
2024-10-21T20:00:49.8862299Z 	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:340)
2024-10-21T20:00:49.8862780Z 	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor.schedule(ScheduledThreadPoolExecutor.java:562)
2024-10-21T20:00:49.8863926Z 	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor.execute(ScheduledThreadPoolExecutor.java:705)
2024-10-21T20:00:49.8864584Z 	at java.base/java.util.concurrent.Executors$DelegatedExecutorService.execute(Executors.java:687)
2024-10-21T20:00:49.8865193Z 	at org.apache.hc.client5.http.impl.async.InternalAbstractHttpAsyncClient.executeScheduled(InternalAbstractHttpAsyncClient.java:393)
2024-10-21T20:00:49.8865823Z 	at org.apache.hc.client5.http.impl.async.InternalAbstractHttpAsyncClient$1.scheduleExecution(InternalAbstractHttpAsyncClient.java:142)
2024-10-21T20:00:49.8866390Z 	at org.apache.hc.client5.http.impl.async.AsyncHttpRequestRetryExec$1.failed(AsyncHttpRequestRetryExec.java:186)
2024-10-21T20:00:49.8866939Z 	at org.apache.hc.client5.http.impl.async.AsyncProtocolExec$1.failed(AsyncProtocolExec.java:295)
2024-10-21T20:00:49.8867482Z 	at org.apache.hc.client5.http.impl.async.HttpAsyncMainClientExec$1.failed(HttpAsyncMainClientExec.java:136)
2024-10-21T20:00:49.8868017Z 	at org.apache.hc.core5.http.impl.nio.ClientHttp1StreamHandler.failed(ClientHttp1StreamHandler.java:291)
2024-10-21T20:00:49.8868559Z 	at org.apache.hc.core5.http.impl.nio.ClientHttp1StreamDuplexer.disconnected(ClientHttp1StreamDuplexer.java:220)
2024-10-21T20:00:49.8869117Z 	at org.apache.hc.core5.http.impl.nio.AbstractHttp1StreamDuplexer.onDisconnect(AbstractHttp1StreamDuplexer.java:412)
2024-10-21T20:00:49.8869682Z 	at org.apache.hc.core5.http.impl.nio.AbstractHttp1IOEventHandler.disconnected(AbstractHttp1IOEventHandler.java:95)
2024-10-21T20:00:49.8870314Z 	at org.apache.hc.core5.http.impl.nio.ClientHttp1IOEventHandler.disconnected(ClientHttp1IOEventHandler.java:41)
2024-10-21T20:00:49.8870852Z 	at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.disconnected(SSLIOSession.java:251)
2024-10-21T20:00:49.8871359Z 	at org.apache.hc.core5.reactor.InternalDataChannel.disconnected(InternalDataChannel.java:205)
2024-10-21T20:00:49.8873231Z 	at org.apache.hc.core5.reactor.SingleCoreIOReactor.processClosedSessions(SingleCoreIOReactor.java:229)
2024-10-21T20:00:49.8873744Z 	at org.apache.hc.core5.reactor.SingleCoreIOReactor.doTerminate(SingleCoreIOReactor.java:104)
2024-10-21T20:00:49.8874197Z 	at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:99)
2024-10-21T20:00:49.8874632Z 	at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
2024-10-21T20:00:49.8874956Z 	at java.base/java.lang.Thread.run(Thread.java:829)
2024-10-21T20:00:50.0653767Z [ERROR] Error updating the NVD Data
2024-10-21T20:00:50.0654646Z org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data
2024-10-21T20:00:50.0655274Z 	at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:397)
2024-10-21T20:00:50.0655730Z 	at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:117)
2024-10-21T20:00:50.0656141Z 	at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906)
2024-10-21T20:00:50.0656557Z 	at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711)
2024-10-21T20:00:50.0656928Z 	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637)
2024-10-21T20:00:50.0657289Z 	at org.owasp.dependencycheck.App.runScan(App.java:266)
2024-10-21T20:00:50.0657615Z 	at org.owasp.dependencycheck.App.run(App.java:198)
2024-10-21T20:00:50.0657931Z 	at org.owasp.dependencycheck.App.main(App.java:90)
2024-10-21T20:00:50.0658283Z Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: Failed to parse NVD data
2024-10-21T20:00:50.0658676Z 	at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:363)
2024-10-21T20:00:50.0659119Z 	at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:331)
2024-10-21T20:00:50.0659562Z 	at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:353)
2024-10-21T20:00:50.0659893Z 	... 7 common frames omitted
2024-10-21T20:00:50.0661890Z Caused by: com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of `io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ExploitMaturityType`, problem: PROOF-OF-CONCEPT
2024-10-21T20:00:50.0663507Z  at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 803450] (through reference chain: io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]->java.util.ArrayList[357]->io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]->io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]->io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]->java.util.ArrayList[0]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["exploitMaturity"])
2024-10-21T20:00:50.0664523Z 	at com.fasterxml.jackson.databind.exc.ValueInstantiationException.from(ValueInstantiationException.java:47)
2024-10-21T20:00:50.0665017Z 	at com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:2015)
2024-10-21T20:00:50.0665518Z 	at com.fasterxml.jackson.databind.DeserializationContext.handleInstantiationProblem(DeserializationContext.java:1426)
2024-10-21T20:00:50.0666041Z 	at com.fasterxml.jackson.databind.deser.std.FactoryBasedEnumDeserializer.deserialize(FactoryBasedEnumDeserializer.java:205)
2024-10-21T20:00:50.0666533Z 	at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
2024-10-21T20:00:50.0666995Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
2024-10-21T20:00:50.0667420Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
2024-10-21T20:00:50.0668018Z 	at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
2024-10-21T20:00:50.0668478Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
2024-10-21T20:00:50.0668934Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
2024-10-21T20:00:50.0669421Z 	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray(CollectionDeserializer.java:361)
2024-10-21T20:00:50.0669920Z 	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:246)
2024-10-21T20:00:50.0671447Z 	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:30)
2024-10-21T20:00:50.0671922Z 	at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
2024-10-21T20:00:50.0672439Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
2024-10-21T20:00:50.0672902Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
2024-10-21T20:00:50.0673349Z 	at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
2024-10-21T20:00:50.0673806Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
2024-10-21T20:00:50.0674254Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
2024-10-21T20:00:50.0674682Z 	at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
2024-10-21T20:00:50.0675190Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
2024-10-21T20:00:50.0675639Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
2024-10-21T20:00:50.0676118Z 	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray(CollectionDeserializer.java:361)
2024-10-21T20:00:50.0676627Z 	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:246)
2024-10-21T20:00:50.0677116Z 	at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:30)
2024-10-21T20:00:50.0677587Z 	at com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:138)
2024-10-21T20:00:50.0678051Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
2024-10-21T20:00:50.0678481Z 	at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
2024-10-21T20:00:50.0678966Z 	at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:342)
2024-10-21T20:00:50.0679440Z 	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4917)
2024-10-21T20:00:50.0679852Z 	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3860)
2024-10-21T20:00:50.0680252Z 	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3828)
2024-10-21T20:00:50.0680699Z 	at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:358)
2024-10-21T20:00:50.0681007Z 	... 9 common frames omitted
2024-10-21T20:00:50.0681450Z Caused by: java.lang.IllegalArgumentException: PROOF-OF-CONCEPT
2024-10-21T20:00:50.0681874Z 	at io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ExploitMaturityType.fromValue(CvssV4Data.java:974)
2024-10-21T20:00:50.0682308Z 	at jdk.internal.reflect.GeneratedMethodAccessor174.invoke(Unknown Source)
2024-10-21T20:00:50.0682723Z 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2024-10-21T20:00:50.0683139Z 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
2024-10-21T20:00:50.0683616Z 	at com.fasterxml.jackson.databind.introspect.AnnotatedMethod.callOnWith(AnnotatedMethod.java:118)
2024-10-21T20:00:50.0684119Z 	at com.fasterxml.jackson.databind.deser.std.FactoryBasedEnumDeserializer.deserialize(FactoryBasedEnumDeserializer.java:194)
2024-10-21T20:00:50.0684510Z 	... 38 common frames omitted
2024-10-21T20:00:50.7396464Z [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
2024-10-21T20:00:51.5210364Z [INFO] Begin database defrag
2024-10-21T20:00:58.1511699Z [INFO] End database defrag (6659 ms)
2024-10-21T20:00:58.1530737Z [WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
2024-10-21T20:00:58.1532006Z [ERROR] Unable to continue dependency-check analysis.
2024-10-21T20:00:58.1648553Z [ERROR] One or more fatal errors occurred
2024-10-21T20:00:58.1648906Z [ERROR] Error updating the NVD Data
2024-10-21T20:00:58.1649159Z [ERROR] No documents exist
2024-10-21T20:00:58.5061126Z Dependency Check completed with exit code 13.
2024-10-21T20:00:58.5061647Z Dependency Check reports:
2024-10-21T20:00:58.5105538Z []
2024-10-21T20:00:58.5108814Z Dependency Check failed with message "Dependency Check exited with an error code (exit code: 13)."
2024-10-21T20:00:58.5161743Z ##[error]Dependency Check exited with an error code (exit code: 13).
@hewittjRL hewittjRL added the bug Something isn't working label Oct 21, 2024
@hewittjRL
Copy link
Author

Actually found related issue here closing this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hewittjRL