Giters

albuch / sbt-dependency-check

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Log the full stack trace for ExceptionCollection

nigredo-tori opened this issue · comments

commented

Is your feature request related to a problem? Please describe.

ExceptionCollection is a dirty trick to pass multiple exceptions as one. It includes custom logic in printStackTrace to display all of them. However, SBT doesn't call printStackTrace (to support this feature). As a result, in case of an error, the output is frustratingly unhelpful. For example, this, as far as I can tell, means some issues with OSSIndex:

[error] org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis:
[error] 	Failed to request component-reports
[error] 	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:705)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.createReport(DependencyCheckPlugin.scala:543)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.$anonfun$checkTask$9(DependencyCheckPlugin.scala:304)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.withEngine(DependencyCheckPlugin.scala:563)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.$anonfun$checkTask$2(DependencyCheckPlugin.scala:302)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.$anonfun$checkTask$2$adapted(DependencyCheckPlugin.scala:261)
[error] 	at scala.Function1.$anonfun$compose$1(Function1.scala:49)
[error] 	at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:62)
[error] 	at sbt.std.Transform$$anon$4.work(Transform.scala:67)
[error] 	at sbt.Execute.$anonfun$submit$2(Execute.scala:281)
[error] 	at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:19)
[error] 	at sbt.Execute.work(Execute.scala:290)
[error] 	at sbt.Execute.$anonfun$submit$1(Execute.scala:281)
[error] 	at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:178)
[error] 	at sbt.CompletionService$$anon$2.call(CompletionService.scala:37)
[error] 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[error] 	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
[error] 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[error] 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[error] 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[error] 	at java.base/java.lang.Thread.run(Thread.java:834)

When a problem like this pops up in CI, I can only restart the pipeline and hope for the best - I can't diagnose or report the issue, because all the information I have is that "something's wrong".

Describe the solution you'd like

If we catch an ExceptionCollection, we should printStackTrace to a string, and log that.

Describe alternatives you've considered

  • We could hide this behavior behind a flag to preserve "pretty" error messages. However I don't think anyone cares about those enough to deal with losing error information like this.
  • There might be some way to make SBT call printStackTrace (or we could add one). But I don't think we should rely on that just to support a hack like this. Not to mention that this pushes the burden onto the users of the plugin.