Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing OSV API query result fails with Vaadin 8.27.4 #187

Open
TatuLund opened this issue Dec 27, 2024 · 0 comments
Open

Parsing OSV API query result fails with Vaadin 8.27.4 #187

TatuLund opened this issue Dec 27, 2024 · 0 comments
Assignees
@TatuLund
Labels
bug Something isn't working

Comments

@TatuLund
Copy link

TatuLund commented Dec 27, 2024
edited
Loading

It looks like the data received do not match the excepted enum type we have

2024-12-25 16:52:41 [pool-4-thread-1] ERROR c.v.a.v.s.AppSecServiceInitListener - Error scanning vulnerabilities.
java.util.concurrent.CompletionException: com.vaadin.appsec.backend.AppSecException: Failed to read OSV API query response
        at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:315)
        at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:320)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1770)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)    
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: com.vaadin.appsec.backend.AppSecException: Failed to read OSV API query response    
        at com.vaadin.appsec.backend.OpenSourceVulnerabilityClient.queryVulnerability(OpenSourceVulnerabilityClient.java:102)
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)  
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)  
        at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
        at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
        at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:276)  
        at java.base/java.util.stream.ReferencePipeline$15$1.accept(ReferencePipeline.java:541)
        at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)  
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)  
        at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
        at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
        at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:276)  
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)  
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)  
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)  
        at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)      
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)      
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)    
        at com.vaadin.appsec.backend.OpenSourceVulnerabilityService.getVulnerabilities(OpenSourceVulnerabilityService.java:67)
        at com.vaadin.appsec.backend.VulnerabilityStore.refresh(VulnerabilityStore.java:76)    
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
        ... 6 common frames omitted
Caused by: com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `com.vaadin.appsec.backend.model.osv.response.Severity$Type` from String "CVSS_V4": not one of the values accepted for Enum class: [CVSS_V2, CVSS_V3]
 at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 1979] (through reference chain: com.vaadin.appsec.backend.model.osv.response.OpenSourceVulnerability["severity"]->java.util.ArrayList[1]->com.vaadin.appsec.backend.model.osv.response.Severity["type"])
        at com.fasterxml.jackson.databind.exc.InvalidFormatException.from(InvalidFormatException.java:67)
        at com.fasterxml.jackson.databind.DeserializationContext.weirdStringException(DeserializationContext.java:1958)
        at com.fasterxml.jackson.databind.DeserializationContext.handleWeirdStringValue(DeserializationContext.java:1245)
        at com.fasterxml.jackson.databind.deser.std.EnumDeserializer._deserializeAltString(EnumDeserializer.java:440)
        at com.fasterxml.jackson.databind.deser.std.EnumDeserializer._fromString(EnumDeserializer.java:304)
        at com.fasterxml.jackson.databind.deser.std.EnumDeserializer.deserialize(EnumDeserializer.java:273)
        at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:129)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
        at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray(CollectionDeserializer.java:359)
        at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:244)
        at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:28)
        at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:129)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:310)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
        at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:342)
        at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4899)
        at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3883)        
        at com.vaadin.appsec.backend.OpenSourceVulnerabilityClient.queryVulnerability(OpenSourceVulnerabilityClient.java:100)
        ... 29 common frames omitted
@TatuLund TatuLund changed the title Parsinv OSV API query result fails with Vaadin 8.27.4 Parsing OSV API query result fails with Vaadin 8.27.4 Dec 27, 2024
TatuLund added a commit that referenced this issue Dec 27, 2024
@TatuLund
fix: Add missing enum value
4165e20 
Fixes #187
@TatuLund TatuLund mentioned this issue Dec 27, 2024
Merged
@heruan heruan added the bug Something isn't working label Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TatuLund TatuLund

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heruan @TatuLund