运行检查依赖关系Maven插件时出现日期解析错误
问题描述 投票:0回答:2
我们最近在 Spring Boot 项目中运行 Maven 检查插件时遇到了一个新错误。
我们的配置如下
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.2.1</version>
<configuration>
<formats>
<format>html</format>
<format>json</format>
</formats>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
运行 Maven 检查依赖关系后,这是错误日志的标题:
2023-12-01T16:59:53.8260662Z [WARNING] A new version of dependency-check is available. Consider updating to version 9.0.2.
2023-12-01T16:59:53.9300519Z [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
2023-12-01T16:59:54.0402611Z [ERROR] Error reading CISA Known Exploited Vulnerabilities JSON data
2023-12-01T16:59:54.0446587Z [ERROR] Unable to find the CISA Known Exploited Vulnerabilities file to parse
2023-12-01T16:59:54.0448462Z org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to find the CISA Known Exploited Vulnerabilities file to parse
2023-12-01T16:59:54.0451357Z at org.owasp.dependencycheck.data.update.cisa.KnownExploitedVulnerabilityParser.parse (KnownExploitedVulnerabilityParser.java:84)
2023-12-01T16:59:54.0452940Z at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update (KnownExploitedDataSource.java:82)
2023-12-01T16:59:54.0453968Z at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:900)
2023-12-01T16:59:54.0454784Z at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:705)
2023-12-01T16:59:54.0455791Z at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:631)
2023-12-01T16:59:54.0456909Z at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1919)
2023-12-01T16:59:54.0458119Z at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1102)
2023-12-01T16:59:54.0459304Z at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
2023-12-01T16:59:54.0460409Z at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
2023-12-01T16:59:54.0461390Z at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
2023-12-01T16:59:54.0462336Z at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2023-12-01T16:59:54.0463286Z at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2023-12-01T16:59:54.0464232Z at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2023-12-01T16:59:54.0465322Z at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
2023-12-01T16:59:54.0466800Z at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
2023-12-01T16:59:54.0468146Z at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
2023-12-01T16:59:54.0469387Z at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
2023-12-01T16:59:54.0470266Z at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
2023-12-01T16:59:54.0471003Z at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
2023-12-01T16:59:54.0471819Z at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
2023-12-01T16:59:54.0472492Z at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
2023-12-01T16:59:54.0473157Z at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
2023-12-01T16:59:54.0473799Z at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
2023-12-01T16:59:54.0474482Z at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
2023-12-01T16:59:54.0475386Z at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
2023-12-01T16:59:54.0476466Z at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
2023-12-01T16:59:54.0477309Z at java.lang.reflect.Method.invoke (Method.java:566)
2023-12-01T16:59:54.0478085Z at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
2023-12-01T16:59:54.0479028Z at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
2023-12-01T16:59:54.0479998Z at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
2023-12-01T16:59:54.0480958Z at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
2023-12-01T16:59:54.0484209Z Caused by: com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `java.util.Date` from String "2023-12-01T15:09:26..642Z": not a valid representation (error: Failed to parse Date value '2023-12-01T15:09:26..642Z': Cannot parse date "2023-12-01T15:09:26..642Z": while it seems to fit format 'yyyy-MM-dd'T'HH:mm:ss.SSSX', parsing fails (leniency? null))
2023-12-01T16:59:54.0487501Z at [Source: (InputStreamReader); line: 4, column: 21] (through reference chain: org.owasp.dependencycheck.data.knownexploited.json.KnownExploitedVulnerabilitiesSchema["dateReleased"])
2023-12-01T16:59:54.0489077Z at com.fasterxml.jackson.databind.exc.InvalidFormatException.from (InvalidFormatException.java:67)
2023-12-01T16:59:54.0490312Z at com.fasterxml.jackson.databind.DeserializationContext.weirdStringException (DeserializationContext.java:1996)
2023-12-01T16:59:54.0491639Z at com.fasterxml.jackson.databind.DeserializationContext.handleWeirdStringValue (DeserializationContext.java:1224)
2023-12-01T16:59:54.0493028Z at com.fasterxml.jackson.databind.deser.std.StdDeserializer._parseDate (StdDeserializer.java:1362)
2023-12-01T16:59:54.0494167Z at com.fasterxml.jackson.databind.deser.std.StdDeserializer._parseDate (StdDeserializer.java:1304)
2023-12-01T16:59:54.0495470Z at com.fasterxml.jackson.databind.deser.std.DateDeserializers$DateBasedDeserializer._parseDate (DateDeserializers.java:201)
2023-12-01T16:59:54.0496879Z at com.fasterxml.jackson.databind.deser.std.DateDeserializers$DateDeserializer.deserialize (DateDeserializers.java:303)
2023-12-01T16:59:54.0498272Z at com.fasterxml.jackson.databind.deser.std.DateDeserializers$DateDeserializer.deserialize (DateDeserializers.java:281)
2023-12-01T16:59:54.0499682Z at com.fasterxml.jackson.module.blackbird.deser.SettableObjectProperty.deserializeAndSet (SettableObjectProperty.java:44)
2023-12-01T16:59:54.0500997Z at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize (BeanDeserializer.java:278)
2023-12-01T16:59:54.0502265Z at com.fasterxml.jackson.module.blackbird.deser.SuperSonicBeanDeserializer.deserialize (SuperSonicBeanDeserializer.java:155)
2023-12-01T16:59:54.0503802Z at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue (DefaultDeserializationContext.java:323)
2023-12-01T16:59:54.0504966Z at com.fasterxml.jackson.databind.ObjectReader._bind (ObjectReader.java:2079)
2023-12-01T16:59:54.0505839Z at com.fasterxml.jackson.databind.ObjectReader.readValue (ObjectReader.java:1229)
2023-12-01T16:59:54.0507065Z at org.owasp.dependencycheck.data.update.cisa.KnownExploitedVulnerabilityParser.parse (KnownExploitedVulnerabilityParser.java:77)
2023-12-01T16:59:54.0508510Z at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update (KnownExploitedDataSource.java:82)
2023-12-01T16:59:54.0509481Z at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:900)
2023-12-01T16:59:54.0510266Z at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:705)
2023-12-01T16:59:54.0511139Z at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:631)
2023-12-01T16:59:54.0512138Z at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1919)
2023-12-01T16:59:54.0513306Z at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1102)
2023-12-01T16:59:54.0514477Z at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
2023-12-01T16:59:54.0515544Z at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
2023-12-01T16:59:54.0516502Z at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
2023-12-01T16:59:54.0517456Z at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2023-12-01T16:59:54.0518392Z at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2023-12-01T16:59:54.0519329Z at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2023-12-01T16:59:54.0520415Z at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
2023-12-01T16:59:54.0521701Z at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
2023-12-01T16:59:54.0523048Z at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
2023-12-01T16:59:54.0524269Z at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
2023-12-01T16:59:54.0525159Z at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
2023-12-01T16:59:54.0525890Z at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
2023-12-01T16:59:54.0526611Z at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
2023-12-01T16:59:54.0527277Z at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
2023-12-01T16:59:54.0527929Z at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
2023-12-01T16:59:54.0528562Z at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
2023-12-01T16:59:54.0529234Z at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
2023-12-01T16:59:54.0530125Z at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
2023-12-01T16:59:54.0531196Z at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
2023-12-01T16:59:54.0532030Z at java.lang.reflect.Method.invoke (Method.java:566)
2023-12-01T16:59:54.0532802Z at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
2023-12-01T16:59:54.0533736Z at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
2023-12-01T16:59:54.0534667Z at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
2023-12-01T16:59:54.0535662Z at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
2023-12-01T16:59:54.0536296Z [INFO] Begin database defrag
2023-12-01T17:00:01.6980202Z [INFO] End database defrag (7661 ms)
2023-12-01T17:00:01.7008453Z [WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
2023-12-01T17:00:01.7010049Z [ERROR] Unable to continue dependency-check analysis.
2023-12-01T17:00:02.0368360Z [INFO] ------------------------------------------------------------------------
2023-12-01T17:00:02.0378862Z [INFO] BUILD FAILURE
2023-12-01T17:00:02.0381631Z [INFO] ------------------------------------------------------------------------
2023-12-01T17:00:02.0382344Z [INFO] Total time: 06:37 min
2023-12-01T17:00:02.0382810Z [INFO] Finished at: 2023-12-01T17:00:02Z
2023-12-01T17:00:02.0383496Z [INFO] ------------------------------------------------------------------------
2023-12-01T17:00:02.0385139Z [ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.2.1:check (default) on project acet-api: Fatal exception(s) analyzing acet-api: One or more exceptions occurred during analysis:
2023-12-01T17:00:02.0386722Z [ERROR] UpdateException: Unable to find the CISA Known Exploited Vulnerabilities file to parse
2023-12-01T17:00:02.0389667Z [ERROR] caused by InvalidFormatException: Cannot deserialize value of type `java.util.Date` from String "2023-12-01T15:09:26..642Z": not a valid representation (error: Failed to parse Date value '2023-12-01T15:09:26..642Z': Cannot parse date "2023-12-01T15:09:26..642Z": while it seems to fit format 'yyyy-MM-dd'T'HH:mm:ss.SSSX', parsing fails (leniency? null))
2023-12-01T17:00:02.0392812Z [ERROR] at [Source: (InputStreamReader); line: 4, column: 21] (through reference chain: org.owasp.dependencycheck.data.knownexploited.json.KnownExploitedVulnerabilitiesSchema["dateReleased"])
2023-12-01T17:00:02.0394086Z [ERROR] NoDataException: No documents exist
我们尝试将插件版本升级到9.0.0,但总是出现同样的错误。
经过第一次日志分析,问题是由 cisa.gov json 文件引起的,因为属性 dateReleased 格式错误。
https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
有谁知道如何绕过这个错误,或者我们应该等待 cisa.org 修改文件吗?
2个回答
最新问题
- 方解石中无法解析TO_TIMESTAMP函数
- 是否可以在另一个 AWS 账户(在账户 2 中创建)的一个 S3 存储桶中创建成本和使用情况报告(在账户 1 中生成)?
- 使用 MP4 文件块作为缩略图
- Nginx 配置支持 HTTP/3
- Helm Index 不使用默认值
- NodeJS-无法安装nodemon
- 双图像旋转卡片效果(翻转卡)
- 室内导航信标
- Dart 投掷和重投有什么区别?
- Vuejs 2 多级下拉菜单
- Python TypeError:“fp”不是类文件对象,或者它不占用字节:“int”对象没有属性“strip”
- 定时器#scheduleAtFixedRate 的替换无法按预期工作
- 尝试实现 Comparable 并重写compareTo,但在测试时得到奇怪的结果
- 导入资源名称中包含 CIDR 的 terraform AWS VPC 子网
- 如何在 Rails Graphql 中对类型对象进行单元测试
- 如何在asp.net core razor和blazor页面中启用通过url和cookie选择文化?
- 适用于 IOS/android 的室内地图
- 无法关闭/隐藏 Jupyter Lab 中的任何文件夹
- 从解决方案资源管理器打开的选项卡中自动选择文件
- 卡彭特整合发生在非预定时间
© www.soinside.com 2019 - 2024. All rights reserved.