New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NullPointerException during dependency analysis #1603
Comments
Looks like this bug is related to #1577 but the NPE is thrown one line before. |
Does the package.json file you're analyzing not have a version number? |
The package.json file has a name and a version: { |
I'm also running into this NPE at the same line ( |
Hi @jvmccarthy, |
I had this exact issue today. The error is caused by a package-lock.json without name or version. Found this stray package-lock.json in my project. Deleting it fixed the issue.
|
Thanks @lundal, I indeed found a stray package-lock,json like yours. Deleting it fixed the issue for me, too. |
Yeah, looks like I was running into an issue with the old version of lerna where the package lock files ended up missing name and version (lerna/lerna#1454). |
It looks like there are some ways to produce an invalid package-json.lock. Mine was probably created running npm install in the wrong directory. I think the Node Analyser needs a better handling for invalid package-json.lock files. |
I'm running into the same. We use NPM only to include assets during builds and have no plans of publishing any NPM module, so we also don't define any version or name in the package.json file. The npmjs docs says the following:
|
Everytime I try to analyse a project containing an angular 5 frontend and a java 8 backend I get a NPE.
Logfile from Jenkins pipleline
[Pipeline] dependencyCheckAnalyzer
[DependencyCheck] OWASP Dependency-Check Plugin v4.0.0
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck] -name = VAWL_Internet_Rentenrechner
[DependencyCheck] -scanPath = /data/jenkins-home/workspace/*******************************
[DependencyCheck] -outputDirectory = /data/jenkins-home/workspace/*******************************
[DependencyCheck] -dataDirectory = /data/jenkins-settings/owasp/nvd
[DependencyCheck] -suppressionFile = /data/jenkins-home/workspace/******************************* /dependency-check-suppression.xml
[DependencyCheck] -dataMirroringType = none
[DependencyCheck] -isQuickQueryTimestampEnabled = true
[DependencyCheck] -jarAnalyzerEnabled = true
[DependencyCheck] -nodePackageAnalyzerEnabled = true
[DependencyCheck] -nodeAuditAnalyzerEnabled = true
[DependencyCheck] -retireJsAnalyzerEnabled = true
[DependencyCheck] -composerLockAnalyzerEnabled = true
[DependencyCheck] -pythonDistributionAnalyzerEnabled = true
[DependencyCheck] -pythonPackageAnalyzerEnabled = true
[DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = true
[DependencyCheck] -rubyGemAnalyzerEnabled = true
[DependencyCheck] -cocoaPodsAnalyzerEnabled = true
[DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true
[DependencyCheck] -archiveAnalyzerEnabled = true
[DependencyCheck] -assemblyAnalyzerEnabled = true
[DependencyCheck] -msBuildProjectAnalyzerEnabled = true
[DependencyCheck] -nuGetConfigAnalyzerEnabled = true
[DependencyCheck] -nuspecAnalyzerEnabled = true
[DependencyCheck] -centralAnalyzerEnabled = true
[DependencyCheck] -nexusAnalyzerEnabled = false
[DependencyCheck] -artifactoryAnalyzerEnabled = false
[DependencyCheck] -autoconfAnalyzerEnabled = true
[DependencyCheck] -cmakeAnalyzerEnabled = true
[DependencyCheck] -opensslAnalyzerEnabled = true
[DependencyCheck] -showEvidence = true
[DependencyCheck] -formats = XML
[DependencyCheck] -autoUpdate = false
[DependencyCheck] -updateOnly = false
[DependencyCheck] Scanning: /data/jenkins-home/workspace/*******************************
[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: java.lang.NullPointerException
[DependencyCheck] Message: null
[DependencyCheck] java.lang.NullPointerException
[DependencyCheck] at org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl.getString(JsonObjectBuilderImpl.java:199)
[DependencyCheck] at org.owasp.dependencycheck.data.nodeaudit.SanitizePackage.sanitize(SanitizePackage.java:53)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzeDependency(NodeAuditAnalyzer.java:176)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:136)
[DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
[DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
[DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[DependencyCheck] at java.lang.Thread.run(Thread.java:748)
[DependencyCheck]
[Pipeline] }
The text was updated successfully, but these errors were encountered: