You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This result in a failure, and this exception is logged:
2023-03-02 19:16:40,531 [ERROR] com.fortify.manager.BLL.impl.FPRBLLImpl - Error parsing issues: results.sarif.zip
com.fortify.manager.exception.FMScanParseException: Cannot process vulnerabilities
at com.fortify.manager.DAL.support.FMDALExceptionTranslationInterceptor.translateException(FMDALExceptionTranslationInterceptor.java:70) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.DAL.support.FMDALExceptionTranslationInterceptor.aroundRepositoryMethod(FMDALExceptionTranslationInterceptor.java:41) ~[ssc-core-22.1.0.0149.jar:?]
at jdk.internal.reflect.GeneratedMethodAccessor158.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) ~[spring-tx-5.3.18.jar:5.3.18]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388) ~[spring-tx-5.3.18.jar:5.3.18]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) ~[spring-tx-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.DAL.impl.ScanManagerImpl$$EnhancerBySpringCGLIB$$99088b66.parseScanIssues(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.parseScanIssues(FPRBLLImpl.java:2240) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.parseIssuesForScans(FPRBLLImpl.java:2194) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl$13.run(FPRBLLImpl.java:1886) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FprProcessingRunner.doRunStep(FprProcessingRunner.java:85) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FprProcessingRunner.runStep(FprProcessingRunner.java:61) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processScansAndIssuesForArtifact(FPRBLLImpl.java:1883) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processArtifact(FPRBLLImpl.java:1856) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processArtifactUpload(FPRBLLImpl.java:1716) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1599) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1581) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl$$FastClassBySpringCGLIB$$686a4cd1.invoke(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.logging.ExceptionInterceptor.aroundBll(ExceptionInterceptor.java:72) ~[ssc-core-22.1.0.0149.jar:?]
at jdk.internal.reflect.GeneratedMethodAccessor262.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) ~[spring-security-core-5.6.2.jar:5.6.2]
at com.fortify.manager.security.FmMethodSecurityInteceptor.invoke(FmMethodSecurityInteceptor.java:46) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.BLL.impl.FPRBLLImpl$$EnhancerBySpringCGLIB$$a4d065aa.uploadArtifactJobCallback(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.jobs.ArtifactUploadJob.executeJob(ArtifactUploadJob.java:102) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.executeJob(SimpleJob.java:90) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.runInternal(SimpleJob.java:65) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.run(SimpleJob.java:42) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SchedulerManagerImpl.lambda$submitJob$3(SchedulerManagerImpl.java:294) ~[ssc-core-22.1.0.0149.jar:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: com.fortify.manager.plugin.parser.exception.PluginParserException: Cannot process vulnerabilities
at com.fortify.manager.plugin.parser.PluginFrameworkAnalysisParser.parseIssueInformation(PluginFrameworkAnalysisParser.java:176) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.DAL.impl.ScanManagerImpl.parseScanIssues(ScanManagerImpl.java:495) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.DAL.impl.ScanManagerImpl$$FastClassBySpringCGLIB$$131bf6cc.invoke(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:137) ~[spring-tx-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.DAL.support.FMDALExceptionTranslationInterceptor.aroundRepositoryMethod(FMDALExceptionTranslationInterceptor.java:39) ~[ssc-core-22.1.0.0149.jar:?]
... 61 more
Caused by: com.fortify.plugin.connector.api.ScanProcessingException: Error calling method setStringCustomAttributeValue; session c0kqtkopmh2bo
at com.fortify.plugin.connector.parser.VulnerabilityProducerImpl.next(VulnerabilityProducerImpl.java:119) ~[plugin-connector-22.1.0.0149.jar:?]
at com.fortify.manager.plugin.parser.PluginIssueProcessor.process(PluginIssueProcessor.java:47) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.plugin.parser.PluginFrameworkAnalysisParser.parseIssueInformation(PluginFrameworkAnalysisParser.java:174) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.DAL.impl.ScanManagerImpl.parseScanIssues(ScanManagerImpl.java:495) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.DAL.impl.ScanManagerImpl$$FastClassBySpringCGLIB$$131bf6cc.invoke(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:137) ~[spring-tx-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.DAL.support.FMDALExceptionTranslationInterceptor.aroundRepositoryMethod(FMDALExceptionTranslationInterceptor.java:39) ~[ssc-core-22.1.0.0149.jar:?]
... 61 more
2023-03-02 19:16:40,536 [ERROR] com.fortify.manager.BLL.impl.FPRBLLImpl - Scan processing exception for artifact id 521218
com.fortify.manager.service.parser.checker.ScanProcessException: Processing Messages:
EXCEPTION: An unexpected error occurred during scan processing: com.fortify.manager.exception.FMScanParseException: Cannot process vulnerabilities
at com.fortify.manager.BLL.impl.FPRBLLImpl.newUnexpectedScanProcessingException(FPRBLLImpl.java:2296) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.parseScanIssues(FPRBLLImpl.java:2252) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.parseIssuesForScans(FPRBLLImpl.java:2194) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl$13.run(FPRBLLImpl.java:1886) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FprProcessingRunner.doRunStep(FprProcessingRunner.java:85) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FprProcessingRunner.runStep(FprProcessingRunner.java:61) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processScansAndIssuesForArtifact(FPRBLLImpl.java:1883) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processArtifact(FPRBLLImpl.java:1856) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processArtifactUpload(FPRBLLImpl.java:1716) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1599) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1581) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl$$FastClassBySpringCGLIB$$686a4cd1.invoke(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.logging.ExceptionInterceptor.aroundBll(ExceptionInterceptor.java:72) ~[ssc-core-22.1.0.0149.jar:?]
at jdk.internal.reflect.GeneratedMethodAccessor262.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) ~[spring-security-core-5.6.2.jar:5.6.2]
at com.fortify.manager.security.FmMethodSecurityInteceptor.invoke(FmMethodSecurityInteceptor.java:46) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.BLL.impl.FPRBLLImpl$$EnhancerBySpringCGLIB$$a4d065aa.uploadArtifactJobCallback(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.jobs.ArtifactUploadJob.executeJob(ArtifactUploadJob.java:102) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.executeJob(SimpleJob.java:90) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.runInternal(SimpleJob.java:65) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.run(SimpleJob.java:42) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SchedulerManagerImpl.lambda$submitJob$3(SchedulerManagerImpl.java:294) ~[ssc-core-22.1.0.0149.jar:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
2023-03-02 19:16:40,552 [ERROR] com.fortify.manager.logging.ExceptionInterceptor - Intercepted exception of type [com.fortify.manager.exception.FMDALException] thrown by target class [com.fortify.manager.BLL.impl.FPRBLLImpl] and method [public void com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(java.lang.Long,java.lang.Long,boolean,boolean,com.fortify.manager.BLL.impl.util.ArtifactUploadAdditionalParameters)]
com.fortify.manager.exception.FMDALException: Upload artifact failed for the following reason: Scan processing exception for artifact id 521218
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1644) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1581) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl$$FastClassBySpringCGLIB$$686a4cd1.invoke(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.logging.ExceptionInterceptor.aroundBll(ExceptionInterceptor.java:72) ~[ssc-core-22.1.0.0149.jar:?]
at jdk.internal.reflect.GeneratedMethodAccessor262.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) ~[spring-security-core-5.6.2.jar:5.6.2]
at com.fortify.manager.security.FmMethodSecurityInteceptor.invoke(FmMethodSecurityInteceptor.java:46) ~[ssc-core-22.1.0.0149.jar:?]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753) ~[spring-aop-5.3.18.jar:5.3.18]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698) ~[spring-aop-5.3.18.jar:5.3.18]
at com.fortify.manager.BLL.impl.FPRBLLImpl$$EnhancerBySpringCGLIB$$a4d065aa.uploadArtifactJobCallback(<generated>) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.jobs.ArtifactUploadJob.executeJob(ArtifactUploadJob.java:102) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.executeJob(SimpleJob.java:90) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.runInternal(SimpleJob.java:65) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SimpleJob.run(SimpleJob.java:42) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.service.scheduler.SchedulerManagerImpl.lambda$submitJob$3(SchedulerManagerImpl.java:294) ~[ssc-core-22.1.0.0149.jar:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: com.fortify.manager.service.parser.checker.ScanProcessException: Processing Messages:
EXCEPTION: An unexpected error occurred during scan processing: com.fortify.manager.exception.FMScanParseException: Cannot process vulnerabilities
at com.fortify.manager.BLL.impl.FPRBLLImpl.newUnexpectedScanProcessingException(FPRBLLImpl.java:2296) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.parseScanIssues(FPRBLLImpl.java:2252) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.parseIssuesForScans(FPRBLLImpl.java:2194) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl$13.run(FPRBLLImpl.java:1886) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FprProcessingRunner.doRunStep(FprProcessingRunner.java:85) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FprProcessingRunner.runStep(FprProcessingRunner.java:61) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processScansAndIssuesForArtifact(FPRBLLImpl.java:1883) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processArtifact(FPRBLLImpl.java:1856) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.processArtifactUpload(FPRBLLImpl.java:1716) ~[ssc-core-22.1.0.0149.jar:?]
at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1599) ~[ssc-core-22.1.0.0149.jar:?]
... 34 more
2023-03-02 19:16:40,554 [WARN] com.fortify.manager.service.scheduler.SchedulerManagerImpl - Job JOB_ARTIFACTUPLOAD$610fefed-060d-452d-ae57-9a41cb50f653 failed: Upload artifact failed for the following reason: Scan processing exception for artifact id 521218\n[com.fortify.manager.exception.FMDALException: Upload artifact failed for the following reason: Scan processing exception for artifact id 521218\n at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1644)\n at com.fortify.manager.BLL.impl.FPRBLLImpl.uploadArtifactJobCallback(FPRBLLImpl.java:1581)\n at com.fortify.manager.BLL.impl.FPRBLLImpl$$FastClassBySpringCGLIB$$686a4cd1.invoke(&lt;generated&gt;)\n at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)\n at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)\n at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)\n at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)\n at com.fortify.manager.logging.ExceptionInterceptor.aroundBll(ExceptionInterceptor.java:72)\n at jdk.internal.reflect.GeneratedMethodAccessor262.invoke(Unknown Source)\n at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n at java.base/java.lang.reflect.Method.invoke(Method.java:566)\n at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)\n at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)\n at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)\n at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)\n at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)\n at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)\n at com.fortify.manager.security.FmMethodSecurityInteceptor.invoke(FmMethodSecurityInteceptor.java:46)\n at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)\n at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)\n at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)\n at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)\n at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)\n at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)\n at com.fortify.manager.BLL.impl.FPRBLLImpl$$EnhancerBySpringCGLIB$$a4d065aa.uploadArtifactJobCallback(&lt;generated&gt;)\n at com.fortify.manager.BLL.jobs.ArtifactUploadJob.executeJob(ArtifactUploadJob.java:102)\n at com.fortify.manager.service.scheduler.SimpleJob.executeJob(SimpleJob.java:90)\n at com.fortify.manager.service.scheduler.SimpleJob.runInternal(SimpleJob.java:65)\n at com.fortify.manager.service.scheduler.SimpleJob.run(SimpleJob.java:42)\n at com.fortify.manager.service.scheduler.SchedulerManagerImpl.lambda$submitJob$3(SchedulerManagerImpl.java:294)\n at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\n at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n at java.base/java.lang.Thread.run(Thread.java:829)\n]
To be clear, the fact that Fortify is unable to import this (arguably invalid) SARIF is not the issue being reported.
The issue being reported is that the exception/error information is terrible.
Can Fortify throw an exception with a nice message? For example, if in the implementation of com.fortify.plugin.api.BasicVulnerabilityBuilder.setStringCustomAttributeValue(VulnerabilityAttribute, String) it checked if the attributeValue provided is too long, then threw an IllegalArgumentException which includes the vulnerabilityAttribute and attributeValue, that would make the user experience much better.
The text was updated successfully, but these errors were encountered:
In general, the plugin framework log (<fortify.home>/plugin-framework/logs/plugin-framework.log) usually provides more meaningful information in case of plugin issues; can you please check whether that's also true for this particular issue?
Parser plugins cannot control how errors are being logged by SSC, in particular if the error is thrown by the SSC parser plugin framework rather than the parser itself; improving these log messages will require an SSC enhancement request to be submitted through the support portal.
Parser plugins cannot control how errors are being logged by SSC
I was thinking though... plugins can do more error checking themselves in their tests. Perhaps the StaticVulnerabilityBuilder used by this plugin's tests should be improved to validate the setStringCustomAttributeValue calls' arguments in the same way that Fortify SSC does itself in production?
That would really help with validating that the plugin works correctly for the provided test files.
I'm trying to import this SARIF file: results.sarif
This result in a failure, and this exception is logged:
Digging in, I found that the cause is that
setStringCustomAttributeValue
is called with a value that is too long. The error occurs at this line: https://github.com/fortify/fortify-ssc-parser-sarif/blob/v1.3.0/src/main/java/com/fortify/ssc/parser/sarif/parser/VulnerabilitiesProducer.java#L87 the value used originates at https://github.com/fortify/fortify-ssc-parser-sarif/blob/v1.3.0/src/main/java/com/fortify/ssc/parser/sarif/parser/VulnerabilitiesProducer.java#L169I'm working to fix the root cause of the bad SARIF: microsoft/sarif-sdk#2631
To be clear, the fact that Fortify is unable to import this (arguably invalid) SARIF is not the issue being reported.
The issue being reported is that the exception/error information is terrible.
Can Fortify throw an exception with a nice message? For example, if in the implementation of
com.fortify.plugin.api.BasicVulnerabilityBuilder.setStringCustomAttributeValue(VulnerabilityAttribute, String)
it checked if theattributeValue
provided is too long, then threw anIllegalArgumentException
which includes thevulnerabilityAttribute
andattributeValue
, that would make the user experience much better.The text was updated successfully, but these errors were encountered: