Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

null return value of "org.eclipse.aether.graph.DependencyNode.getArtifact()" #3706

Closed
superkoni opened this issue Oct 7, 2021 · 2 comments
Closed

null return value of "org.eclipse.aether.graph.DependencyNode.getArtifact()" #3706

superkoni opened this issue Oct 7, 2021 · 2 comments
Labels
bug

Comments

@superkoni
Copy link

Given that minimal pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project>
    <modelVersion>4.0.0</modelVersion>
    <groupId>what.ever</groupId>
    <artifactId>test</artifactId>
    <version>1</version>
    <name>test</name>
    <description>Bug springboot webflux ?</description>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
            <version>2.5.5</version>
        </dependency>
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
                <version>6.3.2</version>
            </plugin>
        </plugins>
    </build>
</project>

invoked via:
mvn dependency-check:check

I get the error message:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  10.070 s
[INFO] Finished at: 2021-10-07T16:47:03+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.2:check (default-cli) on project test: Execution default-cli of goal org.owasp:dependency-check-maven:6.3.2:check failed: Cannot invoke "org.eclipse.aether.artifact.Artifact.getClassifier()" because the return value of "org.eclipse.aether.graph.DependencyNode.getArtifact()" is null -> [Help 1]

The problem does not occur with other springboot starters I tried.

Version of dependency-check used
The problem occurs using version 6.3.2 of the maven plugin and openjdk-17 (ubuntu 20.04.3)

Log file
Sample stack trace generated with mvn -X dependency-check:check :

...
Caused by: java.lang.NullPointerException: Cannot invoke "org.eclipse.aether.artifact.Artifact.getClassifier()" because the return value of "org.eclipse.aether.graph.DependencyNode.getArtifact()" is null
    at org.apache.maven.shared.artifact.filter.resolve.transform.EclipseAetherFilterTransformer$2.accept (EclipseAetherFilterTransformer.java:152)
    at org.eclipse.aether.util.filter.AndDependencyFilter.accept (AndDependencyFilter.java:83)
    at org.eclipse.aether.util.filter.OrDependencyFilter.accept (OrDependencyFilter.java:81)
    at org.eclipse.aether.util.graph.visitor.FilteringDependencyVisitor.visitEnter (FilteringDependencyVisitor.java:80)
    at org.eclipse.aether.util.graph.visitor.TreeDependencyVisitor.visitEnter (TreeDependencyVisitor.java:67)
    at org.eclipse.aether.graph.DefaultDependencyNode.accept (DefaultDependencyNode.java:343)
    at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies (DefaultRepositorySystem.java:332)
    at org.apache.maven.shared.transfer.dependencies.resolve.internal.Maven31DependencyResolver.resolveDependencies (Maven31DependencyResolver.java:216)
    at org.apache.maven.shared.transfer.dependencies.resolve.internal.Maven31DependencyResolver.resolveDependencies (Maven31DependencyResolver.java:198)
    at org.apache.maven.shared.transfer.dependencies.resolve.internal.DefaultDependencyResolver.resolveDependencies (DefaultDependencyResolver.java:60)
    at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.collectMavenDependencies (BaseDependencyCheckMojo.java:1328)

To Reproduce
Steps to reproduce the behavior:

  1. copy the given pom.xml
  2. launch 'mvn clean dependency:check
  3. See error

Expected behavior
If I set another dependency, spring-boot-web-starter, the plugin runs until the end and generates a report.

Additional context

$ mvn --version
Apache Maven 3.8.3 (ff8e977a158738155dc465c6a97ffaf31982d739)
Maven home: /opt/maven
Java version: 17, vendor: Private Build, runtime: /usr/lib/jvm/java-17-openjdk-amd64
Default locale: fr_FR, platform encoding: UTF-8
OS name: "linux", version: "5.4.0-88-generic", arch: "amd64", family: "unix"
@superkoni superkoni added the bug label Oct 7, 2021
@superkoni
Copy link
Author

Sorry, duplicate of #3679

@jeremylong
Copy link
Owner

no worries - 6.4.1 was just released and should resolve this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeremylong @superkoni