steady
steady copied to clipboard
eclipse
Steady maven plugin is throwing UnsupportedOperationException
Describe the bug When running mvn -Dsteady steady:report it throws an UnsupportedOperationException due to an invalid environment variable key
IMPORTANT: please ensure that you do not refer to any internal or confidential information from your company/organization here. Also, please provide only references to public (open-source) projects on which the issue can be reproduced. Please do not include in the issue description any reference or link to non-public or otherwise proprietary information.
To Reproduce Steps to reproduce the behavior:
In case of bugs happening on the client (when performing scans):
- Clone a java repo
- Add profile as per guideline -> https://eclipse.github.io/steady/user/tutorials/java_maven/
- Run plugin mvn -Dsteady steady:report
- See error
Expected behavior No error should be thrown
Steady version
- Steady version 3.2.5
In case of bugs happening on the client (when performing scans)
- OS/version: Windows 10
- Java JVM/version or Python version: JDK 11
- Steady client (Maven plugin, Gradle plugin, CLI, setuptools plugin): Maven plugin
- Console log(s) (with confidential information removed) 2023-04-24 11:27:30,224 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [MapConfiguration] from source [Transient-Config-Layer] 2023-04-24 11:27:30,232 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [SystemConfiguration] from source [System-Properties] 2023-04-24 11:27:30,232 [main] [WARN ] shared.util.VulasConfiguration - Configuration key [ProgramFiles(x86)] removed due to illegal characters [WARNING] Error injecting: org.eclipse.steady.java.mvn.MvnPluginReport com.google.inject.ProvisionException: Unable to provision, see the following errors:
- Error injecting constructor, java.lang.UnsupportedOperationException
at org.eclipse.steady.java.mvn.MvnPluginReport.
(Unknown Source) while locating org.eclipse.steady.java.mvn.MvnPluginReport ... Caused by: java.lang.UnsupportedOperationException at java.util.Collections$UnmodifiableMap.remove (Collections.java:1460) at org.apache.commons.configuration.MapConfiguration.clearPropertyDirect (MapConfiguration.java:218) at org.apache.commons.configuration.AbstractConfiguration.clearProperty (AbstractConfiguration.java:505) at org.eclipse.steady.shared.util.VulasConfiguration.sanitize (VulasConfiguration.java:306) at org.eclipse.steady.shared.util.VulasConfiguration.addConfiguration (VulasConfiguration.java:272) at org.eclipse.steady.shared.util.VulasConfiguration.appendInitialConfigurations (VulasConfiguration.java:219)
- URL of a public repo that can be used for reproducing (minimal example if possible)
Additional context Add any other context about the problem here.
- The problem lies in VulasConfiguration call to System.getenv() which returns an UnmodifiableMap
- sanitize method attempts to clear any unsupported key (e.g., ProgramFiles(x86))
- Additionally, there's a ConcurrentModificationException thrown when deleting and iterating through keys. This may also be replicated in testSanitize unit test by adding a new property at the end. For example pc.setProperty("new invalid key", "bar");
Hi @the-brownstone,
the report goal generates a report based on the application data available in the backend as a result of running the other goals. It looks to me that you run such goal without any other first. The minimal requirement for generating a report is the execution of mvn -Dsteady compile steady:app [1] [2].
[1] https://eclipse.github.io/steady/user/manuals/analysis/#bill-of-material-analysis-app [2] https://eclipse.github.io/steady/user/tutorials/java_maven/#app
@serenaponta thank you for highlighting that. However, upon running command mentioned above, it seems the same error is appearing due to unsupported environment variable key of ProgramFiles(x86).
Here's the shortened and redacted log file: 2023-04-25 09:53:08,598 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [MapConfiguration] from source [Transient-Config-Layer] 2023-04-25 09:53:08,613 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [SystemConfiguration] from source [System-Properties] 2023-04-25 09:53:08,613 [main] [WARN ] shared.util.VulasConfiguration - Configuration key [ProgramFiles(x86)] removed due to illegal characters [WARNING] Error injecting: org.eclipse.steady.java.mvn.MvnPluginBom com.google.inject.ProvisionException: Unable to provision, see the following errors:
- Error injecting constructor, java.lang.UnsupportedOperationException
at org.eclipse.steady.java.mvn.MvnPluginBom.
(Unknown Source) while locating org.eclipse.steady.java.mvn.MvnPluginBom
1 error
at com.google.inject.internal.InternalProvisionException.toProvisionException (InternalProvisionException.java:226)
at com.google.inject.internal.InjectorImpl$1.get (InjectorImpl.java:1053)
at com.google.inject.internal.InjectorImpl.getInstance (InjectorImpl.java:1086)
at org.eclipse.sisu.space.AbstractDeferredClass.get (AbstractDeferredClass.java:48)
...
Caused by: java.lang.UnsupportedOperationException
at java.util.Collections$UnmodifiableMap.remove (Collections.java:1460)
at org.apache.commons.configuration.MapConfiguration.clearPropertyDirect (MapConfiguration.java:218)
at org.apache.commons.configuration.AbstractConfiguration.clearProperty (AbstractConfiguration.java:505)
at org.eclipse.steady.shared.util.VulasConfiguration.sanitize (VulasConfiguration.java:306)
at org.eclipse.steady.shared.util.VulasConfiguration.addConfiguration (VulasConfiguration.java:272)
at org.eclipse.steady.shared.util.VulasConfiguration.appendInitialConfigurations (VulasConfiguration.java:219)
at org.eclipse.steady.shared.util.VulasConfiguration.
@the-brownstone, thanks for reporting and for the detailed description of the issue, i was able to replicate it only on a windows os. This is now fixed in master (version 2.3.6-SNAPSHOT) and will be part of the next release.