steady: GitClient class fails when importing bugs

The following command bash import_vulas_kb.sh http://localhost:8033/backend/ fails with this error.

[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.sign.relaxStripFinals=true
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.sign.saveDecompiledArchive=false
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.sign.saveEditScriptIntersection=false
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.sign.saveEditScripts=false
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.sign.showDecompiledConstruct=false
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.skipKnownArchive=false
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.tenant.token=603EFBA1EA9B98ADB4B548682597E6D0
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.upload.deleteAfterSuccess=true
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.core.verifyJars=true
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.patcha.vcs.clients=[com.sap.psr.vulas.git.GitClient, com.sap.psr.vulas.svn.SvnClient]
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.report.exceptionExcludeUnassessed=all
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.report.exceptionScopeBlacklist=[TEST, PROVIDED]
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.report.exceptionThreshold=dependsOn
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.backend.serviceUrl=http://localhost:8033/backend/
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.buildBranch=UNKNOWN_BRANCH
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.buildTimestamp=2019-06-06T14:28:12Z
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.charset=UTF-8
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.env=[PROCESSOR_IDENTIFIER, NUMBER_OF_PROCESSORS, PROCESSOR_LEVEL, PROCESSOR_ARCHITECTURE, PROCESSOR_REVISION, JAVA_HOME, COMPUTERNAME, MAVEN_PROJECTBASEDIR, MAVEN_HOME, MAVEN_CONFIG, MAVEN_OPTS, BUILD_URL, BUILD_TAG, BUILD_TIMESTAMP, BUILD_DISPLAY_NAME, BUILD_ID, BUILD_NUMBER, BUILD_VERSION]
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.homepage=https://github.com/SAP/vulnerability-assessment-tool
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.sys=[os., java., runtime., maven., sun.]
[main] INFO  com.sap.psr.vulas.shared.util.VulasConfiguration  -     vulas.shared.version=3.0.18
[main] WARN  com.sap.psr.vulas.core.util.CoreConfiguration  - Cannot determine Vulas version from manifest entry [Implementation-Version], check Vulas JAR
[main] INFO  com.sap.psr.vulas.backend.requests.BasicHttpRequest  - HTTP OPTIONS [uri=http://localhost:8033/backend//bugs/CVE-2018-1331]
[main] INFO  com.sap.psr.vulas.backend.requests.BasicHttpRequest  - HTTP OPTIONS completed with response code [404] in [00.078 ms] (proxy=false)
[main] INFO  com.sap.psr.vulas.patcha.VulasProxySelector  - Proxy selector configuration: None
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
[main] INFO  com.sap.psr.vulas.git.GitClient  - Create dir [/tmp/patcha_github.com-apache-storm-] for GIT repo [https://github.com/apache/storm/]
[main] ERROR com.sap.psr.vulas.git.GitClient  - Unknown exception while cloning GIT repository [https://github.com/apache/storm/]: Dangling meta character '*' near index 0
*.169.254/16
^
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0
*.169.254/16
^
	at java.util.regex.Pattern.error(Pattern.java:1957)
	at java.util.regex.Pattern.sequence(Pattern.java:2125)
	at java.util.regex.Pattern.expr(Pattern.java:1998)
	at java.util.regex.Pattern.compile(Pattern.java:1698)
	at java.util.regex.Pattern.<init>(Pattern.java:1351)
	at java.util.regex.Pattern.compile(Pattern.java:1028)
	at java.util.regex.Pattern.matches(Pattern.java:1133)
	at java.lang.String.matches(String.java:2121)
	at com.sap.psr.vulas.shared.util.StringList.contains(StringList.java:128)
	at com.sap.psr.vulas.patcha.VulasProxySelector.select(VulasProxySelector.java:71)
	at org.eclipse.jgit.util.HttpSupport.proxyFor(HttpSupport.java:279)
	at org.eclipse.jgit.transport.TransportHttp.httpOpen(TransportHttp.java:829)
	at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:491)
	at org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:345)
	at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:137)
	at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:123)
	at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1269)
	at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:241)
	at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:306)
	at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:200)
	at com.sap.psr.vulas.git.GitClient.setup(GitClient.java:97)
	at com.sap.psr.vulas.git.GitClient.setRepoUrl(GitClient.java:189)
	at com.sap.psr.vulas.patcha.PatchAnalyzer.createVCSClient(PatchAnalyzer.java:121)
	at com.sap.psr.vulas.patcha.PatchAnalyzer.setRepoURL(PatchAnalyzer.java:85)
	at com.sap.psr.vulas.patcha.PatchAnalyzer.<init>(PatchAnalyzer.java:64)
	at com.sap.psr.vulas.patcha.PatchAnalyzer.main(PatchAnalyzer.java:369)
[main] ERROR com.sap.psr.vulas.patcha.PatchAnalyzer  - VCS client com.sap.psr.vulas.git.GitClient (type GIT) does not match to the repository (if any) at URL https://github.com/apache/storm/
[main] ERROR com.sap.psr.vulas.patcha.PatchAnalyzer  - Root cause: VCS client com.sap.psr.vulas.git.GitClient (type GIT) does not match to the repository (if any) at URL https://github.com/apache/storm/
[main] INFO  com.sap.psr.vulas.svn.SvnClient  - SVNKIT proxy configuration (host:port): null:0
[main] ERROR com.sap.psr.vulas.patcha.PatchAnalyzer  - Error when instantiating VCS client from class [com.sap.psr.vulas.svn.SvnClient]: Dangling meta character '*' near index 0
*.169.254/16
^
[main] ERROR com.sap.psr.vulas.patcha.PatchAnalyzer  - No VCS client found for URL https://github.com/apache/storm/

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 2
  • Comments: 16 (11 by maintainers)

Most upvoted comments

the version of my git is 2.17.2 I follow the “Batch Import from Knowledge Base” of the document (https://sap.github.io/vulnerability-assessment-tool/vuln_db/tutorials/vuln_db_tutorial/#batch-import-from-knowledge-base)
run bash import_vulas_kb.sh http://localhost:8033/backend/ can see the error @Naramsim

+2
jingxinp on Jun 7, 2019

Hi,

I switched to Ubuntu and vulnerability data import works. (I have only checked importing single CVEs. now trying the batch import)

Seems like this issue is exclusive to Mac where I was getting this error was unable to resolve it. my system details:

platform x86_64-apple-darwin15.6.0
arch x86_64
os darwin15.6.0
system x86_64, darwin15.6.0
status
major 3
minor 6.2
year 2019
month 12
day 12
svn rev 77560
language R
version.string R version 3.6.2 (2019-12-12)
nickname Dark and Stormy Night
+1
nasifimtiazohi on Mar 25, 2020

@Naramsim

Quick question: does the above error occur while importing every single vulnerability? Or only for CVE-2018-8013?

For others as well. I have tested quie a few manually (the subsequent ones in the knowledge import script)

are you using a proxy? Because the error about the dangling character comes out from our class for selecting the right proxy.

Did you set http_proxy env variables in your shell?

My http_proxy variable is empty and I am not using any proxy (at least knowingly, I did a quick proxy check on google as well, and it shows no proxy detected)

+1
nasifimtiazohi on Dec 16, 2019

Hi @nasifimtiazohi,

If you want to spin up multiple containers, you can use this docker-compose.

Then you need to rename the env.sample to .env and run docker-compose up to spin every thing up with the right env variables. Then you can use the vulas/vulnerability-assessment-tool-patch-analyzer Docker image using the following command:

docker run -e vulas.shared.backend.serviceUrl=http://localhost:8033/backend vulas/vulnerability-assessment-tool-patch-analyzer com.sap.psr.vulas.PatchAnalyzer -b CVE-2018-8013 -r https://github.com/apache/batik/ -e f91125b26a6ca2b7a1195f1842360bed03629839:master -descr "" -links "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-8013,https://xmlgraphics.apache.org/security.html" -sie -u

Using this, I am not able to reproduce your error, so I suspect it might be an error with your environment as the Git/VCS clients are merely wrappers around those components.

+1
ichbinfrog on Dec 16, 2019
Read more comments on GitHub
← rdf4j: LuceneSailConnection is not threadsafe
theia: Activating extension rust-analyzer failed: vscode.languages.registerDocumentSemanticTokensProvider is not a function. →