cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
adbuch
Level 2

Scan fail since last electronic update

We use Flexnet Codeinsight 2018 R4 since te last update the scans Fail due to missing CVE id's.

When pushing scanns from jenkins with the pipeline-plugin the scan fails with exception:

 

15:46:00 INFO c.f.c.c.l.RangeCpeStreamer No CVE for id CVE-2017-14062
java.lang.Exception: No CVE for id CVE-2017-14062
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.getFields(SearchCVEApvAnalyzer.java:420)
	at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.indexFile(SearchCVEApvAnalyzer.java:125)
	at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
	at java.lang.Thread.run(Thread.java:745)
15:46:00 INFO c.f.c.c.l.RangeCpeStreamer No CVE for id CVE-2013-3249
java.lang.Exception: No CVE for id CVE-2013-3249
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.getFields(SearchCVEApvAnalyzer.java:420)
	at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.indexFile(SearchCVEApvAnalyzer.java:125)
	at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
	at java.lang.Thread.run(Thread.java:745)
15:46:00 INFO c.f.c.c.l.RangeCpeStreamer No CVE for id CVE-2017-7320
java.lang.Exception: No CVE for id CVE-2017-7320
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.getFields(SearchCVEApvAnalyzer.java:420)
	at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.indexFile(SearchCVEApvAnalyzer.java:125)
	at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
	at java.lang.Thread.run(Thread.java:745)
15:46:00 INFO c.f.c.c.l.RangeCpeStreamer No CVE for id CVE-2017-7322
java.lang.Exception: No CVE for id CVE-2017-7322
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.getFields(SearchCVEApvAnalyzer.java:420)
	at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
	at com.flexnet.codeaware.cve.lucene.SearchCVEApvAnalyzer.indexFile(SearchCVEApvAnalyzer.java:125)
	at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
	at java.lang.Thread.run(Thread.java:745)
15:46:00 INFO c.f.c.c.l.RangeCpeStreamer No CVE for id CVE-2012-4024

and so on... unti at the end it has following exception:

 

15:46:08 INFO c.f.c.c.l.RangeCpeStreamer Invalid component line during create index: dell| data_protection_\|_encryption| data protection \| encryption 
java.lang.Exception: Invalid component line during create index: dell| data_protection_\|_encryption| data protection \| encryption 
	at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.indexLine(SearchCVEComponent.java:189)
	at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.access$100(SearchCVEComponent.java:46)
	at com.flexnet.codeaware.cve.lucene.SearchCVEComponent$T1.run(SearchCVEComponent.java:345)
	at java.lang.Thread.run(Thread.java:745)
15:46:08 INFO c.f.c.c.l.RangeCpeStreamer Invalid component line during create index: diplomat_\|_political_project| diplomat_\|_political| diplomat \| political 
java.lang.Exception: Invalid component line during create index: diplomat_\|_political_project| diplomat_\|_political| diplomat \| political 
	at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.indexLine(SearchCVEComponent.java:189)
	at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.access$100(SearchCVEComponent.java:46)
	at com.flexnet.codeaware.cve.lucene.SearchCVEComponent$T1.run(SearchCVEComponent.java:345)
	at java.lang.Thread.run(Thread.java:745)
Failed to complete scan. 
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.flexnet.codeinsight.plugins.agent.ScanExecutor.scanCodebase(ScanExecutor.java:171)
	at com.flexnet.codeinsight.plugins.codeinsight_plugin.DistributedPipelineExecutor.call(DistributedPipelineExecutor.java:73)
	at com.flexnet.codeinsight.plugins.codeinsight_plugin.DistributedPipelineExecutor.call(DistributedPipelineExecutor.java:21)
	at hudson.remoting.LocalChannel.call(LocalChannel.java:45)
	at com.flexnet.codeinsight.plugins.codeinsight_plugin.CodeinsightPluginStep$CodeinsightPluginStepExecution.run(CodeinsightPluginStep.java:231)
	at com.flexnet.codeinsight.plugins.codeinsight_plugin.CodeinsightPluginStep$CodeinsightPluginStepExecution.run(CodeinsightPluginStep.java:149)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
	at hudson.security.ACL.impersonate(ACL.java:290)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
	at java.util.Hashtable.put(Hashtable.java:459)
	at com.flexnet.codeaware.cve.CVEIndexer2.build(CVEIndexer2.java:249)
	at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.appendCVEsIfFound(SearchCVEAnalyzer.java:265)
	at com.flexnet.codeaware.AnalysisDriver.analyze(AnalysisDriver.java:198)
	at com.flexnet.codeaware.AnalysisDriver.analyze(AnalysisDriver.java:148)
	at com.flexnet.codeaware.embedded.EmbeddedScanner.scan(EmbeddedScanner.java:64)
	... 18 more

Scan results :
FAILURE

 

Labels (1)
0 Kudos
(4) Replies
nagrawal
Level 2 Flexeran
Level 2 Flexeran

Hello @adbuch 

I am from FNCI engineering. Sorry about your scan failure.

We are reviewing your issue and would revert back to you at the earliest (with in a day). 

Regards

-Nitin Agrawal

 

0 Kudos
ssomasundar
Level 3 Flexeran
Level 3 Flexeran

The issue is due to new NVD feed which came around 17th/18th of october.
2018 R4 plugin scans are failing due to this.

We recommend to migrate to latest build 2019 R3 and corresponding latest plugins (Flexnet Codeinsight 2019 R1 Plugins).
In this build we have a workable solution to go ahead.
Plugin scans would work fine in the latest release.

0 Kudos

I'm seeing the same issue with "FlexNet Code Insight 2019 R3 (Build 93)"

Log files can be found under "Case# 01938593"

Thanks,

2019-10-29 17:48:00 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.RangeCpeStreamer - No CVE for id CVE-2010-1449
java.lang.Exception: No CVE for id CVE-2010-1449
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.getFields(SearchCVEAnalyzer.java:345)
at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.indexFile(SearchCVEAnalyzer.java:125)
at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
at java.lang.Thread.run(Thread.java:748)
2019-10-29 17:48:00 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.RangeCpeStreamer - No CVE for id CVE-2009-4134
java.lang.Exception: No CVE for id CVE-2009-4134
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.getFields(SearchCVEAnalyzer.java:345)
at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.indexFile(SearchCVEAnalyzer.java:125)
at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
at java.lang.Thread.run(Thread.java:748)
2019-10-29 17:48:00 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.RangeCpeStreamer - No CVE for id CVE-2010-5278
java.lang.Exception: No CVE for id CVE-2010-5278
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.getFields(SearchCVEAnalyzer.java:345)
at com.flexnet.codeaware.lucene.Index.storeDocument(Index.java:237)
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.indexFile(SearchCVEAnalyzer.java:125)
at com.flexnet.codeaware.lucene.T2.run(T2.java:68)
at java.lang.Thread.run(Thread.java:748)
2019-10-29 17:48:00 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.SearchCVEVendor - Created index /opt/palamida/CodeInsight/config/.codeaware/cves/vendor_index, 21302 files indexed, 0 not indexed, 0 files had exceptions, 4 threads
2019-10-29 17:48:01 [Thread-75] WARN c.f.c.cve.lucene.SearchCVEComponent - Invalid component line during create index: diplomat_\|_political_project| diplomat_\|_political| diplomat \| political
2019-10-29 17:48:01 [Thread-77] WARN c.f.c.cve.lucene.SearchCVEComponent - Invalid component line during create index: dell| data_protection_\|_encryption| data protection \| encryption
2019-10-29 17:48:01 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.SearchCVEComponent - Created index /opt/palamida/CodeInsight/config/.codeaware/cves/component_index, 65513 files indexed, 2 not indexed, 2 files had exceptions, 8 threads
2019-10-29 17:48:01 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.RangeCpeStreamer - Invalid component line during create index: diplomat_\|_political_project| diplomat_\|_political| diplomat \| political
java.lang.Exception: Invalid component line during create index: diplomat_\|_political_project| diplomat_\|_political| diplomat \| political
at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.indexLine(SearchCVEComponent.java:189)
at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.access$100(SearchCVEComponent.java:46)
at com.flexnet.codeaware.cve.lucene.SearchCVEComponent$T1.run(SearchCVEComponent.java:345)
at java.lang.Thread.run(Thread.java:748)
2019-10-29 17:48:01 [http-nio-8888-exec-8] INFO c.f.c.cve.lucene.RangeCpeStreamer - Invalid component line during create index: dell| data_protection_\|_encryption| data protection \| encryption
java.lang.Exception: Invalid component line during create index: dell| data_protection_\|_encryption| data protection \| encryption
at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.indexLine(SearchCVEComponent.java:189)
at com.flexnet.codeaware.cve.lucene.SearchCVEComponent.access$100(SearchCVEComponent.java:46)
at com.flexnet.codeaware.cve.lucene.SearchCVEComponent$T1.run(SearchCVEComponent.java:345)
at java.lang.Thread.run(Thread.java:748)
2019-10-29 17:48:01 [http-nio-8888-exec-8] ERROR c.f.codeaware.spring.AnalysisService - Error creating CVE indexes:
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:460)
at com.flexnet.codeaware.cve.CVEIndexer2.build(CVEIndexer2.java:266)
at com.flexnet.codeaware.cve.lucene.SearchCVEAnalyzer.createCVEIndexes(SearchCVEAnalyzer.java:100)
at com.flexnet.codeaware.AnalysisDriver.createCVEIndexes(AnalysisDriver.java:113)
at com.flexnet.codeaware.spring.AnalysisService.createCVEIndexes(AnalysisService.java:281)
at com.flexnet.codeaware.spring.AnalysisController.createCVEIndexes(AnalysisController.java:280)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:849)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:760)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130)
at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66)
at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2019-10-29 17:48:01 [http-nio-8888-exec-8] ERROR c.f.c.spring.AnalysisController - Failed indexing CVEs

0 Kudos

Hi,

Could you please confirm whether you are using latest plugins build, post migrating FNCI to 2019 R3 (Build 93).
The Plugins build you should be using is latest plugins Flexnet Codeinsight 2019 R1 Plugins.

0 Kudos