Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression: segmentation violation when scanning a certain pom.xml #7241

Closed
2 tasks done
nikpivkin opened this issue Jul 26, 2024 Discussed in #7240 · 0 comments · Fixed by #7245
Closed
2 tasks done

Regression: segmentation violation when scanning a certain pom.xml #7241

nikpivkin opened this issue Jul 26, 2024 Discussed in #7240 · 0 comments · Fixed by #7245
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone
v0.54.0

Comments

@nikpivkin
Copy link
Contributor

Discussed in #7240

Originally posted by am97 July 26, 2024

Description

After updating Trivy, we started to get a segmentation violation when analyzing https://gitlab.nuiton.org/chorem/pollen with trivy filesystem

After testing different Trivy versions I found that 0.49.1 is the last working version. The regression was introduced on version 0.50.0.

Desired Behavior

Successful analysis

Actual Behavior

segmentation violation

Reproduction Steps

1.Download and extract https://gitlab.nuiton.org/chorem/pollen/-/archive/3124a3a5e76ab8a2a9f55082261c7b161fe463ba/pollen-3124a3a5e76ab8a2a9f55082261c7b161fe463ba.tar.gz
2. Run `trivy filesystem .` on the extracted directory

Target

Filesystem

Scanner

None

Output Format

None

Mode

Standalone

Debug Output

$ trivy --debug filesystem .
2024-07-26T12:00:42+02:00	DEBUG	Cache dir	dir="/home/am/.cache/trivy"
2024-07-26T12:00:42+02:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-07-26T12:00:42+02:00	DEBUG	Ignore statuses	statuses=[]
2024-07-26T12:00:42+02:00	DEBUG	DB update was skipped because the local DB is the latest
2024-07-26T12:00:42+02:00	DEBUG	DB info	schema=2 updated_at=2024-07-26T06:11:58.006387807Z next_update=2024-07-26T12:11:58.006387446Z downloaded_at=2024-07-26T09:35:41.697718638Z
2024-07-26T12:00:42+02:00	INFO	Vulnerability scanning is enabled
2024-07-26T12:00:42+02:00	DEBUG	Vulnerability type	type=[os library]
2024-07-26T12:00:42+02:00	INFO	Secret scanning is enabled
2024-07-26T12:00:42+02:00	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-26T12:00:42+02:00	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-26T12:00:42+02:00	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-26T12:00:42+02:00	DEBUG	Initializing scan cache...	type="memory"
2024-07-26T12:00:42+02:00	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-07-26T12:00:42+02:00	DEBUG	[nuget] The nuget packages directory couldn't be found. License search disabled
2024-07-26T12:00:42+02:00	DEBUG	Skipping path	path=".git"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.chorem:pollen:3.3.16-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="chorem-group" url="https://nexus.nuiton.org/nexus/content/groups/pollen-group"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="chorem-group" url="https://nexus.nuiton.org/nexus/content/groups/pollen-group"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.chorem:pollen:3.3.16-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.guava" artifact_id="guava" version="32.1.3-jre"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.google.guava:guava-parent:32.1.3-jre"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.google.guava:guava-parent:32.1.3-jre"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-lang3" version="3.13.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:58"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:29"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:29"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:58"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.junit" artifact_id="junit-bom" version="5.9.3"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.nuiton" artifact_id="nuiton-utils" version="3.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:nuitonpom:11.8"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:pom:11.8"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:pom:11.8"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:nuitonpom:11.8"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.nuiton.topia" artifact_id="topia-persistence" version="3.8.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:topia:3.8.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:nuitonpom:11.13"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:pom:11.13"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:pom:11.13"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:nuitonpom:11.13"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:topia:3.8.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.nuiton.topia" artifact_id="topia-service-flyway" version="3.8.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:topia:3.8.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:topia:3.8.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.flywaydb" artifact_id="flyway-core" version="9.22.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.flywaydb:flyway-parent:9.22.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.flywaydb:flyway-parent:9.22.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate" artifact_id="hibernate-core" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="commons-logging" artifact_id="commons-logging" version="1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:34"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:13"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:13"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:34"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.guava" artifact_id="failureaccess" version="1.0.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.google.guava:guava-parent:26.0-android"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.google.guava:guava-parent:26.0-android"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.guava" artifact_id="listenablefuture" version="9999.0-empty-to-avoid-conflict-with-guava"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.google.guava:guava-parent:26.0-android"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.google.guava:guava-parent:26.0-android"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.code.findbugs" artifact_id="jsr305" version="3.0.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.checkerframework" artifact_id="checker-qual" version="3.37.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.errorprone" artifact_id="error_prone_annotations" version="2.21.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.google.errorprone:error_prone_parent:2.21.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.google.errorprone:error_prone_parent:2.21.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.j2objc" artifact_id="j2objc-annotations" version="2.8"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="commons-primitives" artifact_id="commons-primitives" version="1.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-collections4" version="4.4"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:48"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:21"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:21"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:48"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="commons-io" artifact_id="commons-io" version="2.14.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:62"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:30"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:30"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:62"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.junit" artifact_id="junit-bom" version="5.10.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="commons-beanutils" artifact_id="commons-beanutils" version="1.9.4"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:47"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:19"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:19"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:47"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.nuiton.i18n" artifact_id="nuiton-i18n" version="4.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:i18n:4.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:nuitonpom:11.11"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:pom:11.11"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:pom:11.11"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:nuitonpom:11.11"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:i18n:4.2-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.orm" artifact_id="hibernate-core" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.tool" artifact_id="hibernate-tools-ant" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.hibernate.tool:hibernate-tools-parent:6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.jboss:jboss-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.chorem:pollen:3.3.16-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="chorem-group" url="https://nexus.nuiton.org/nexus/content/groups/pollen-group"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="chorem-group" url="https://nexus.nuiton.org/nexus/content/groups/pollen-group"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:mop:0.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.chorem:pollen:3.3.16-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.chorem.pollen" artifact_id="pollen-votecounting-api" version="3.3.16-SNAPSHOT"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.jboss:jboss-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.hibernate.tool:hibernate-tools-parent:6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.orm" artifact_id="hibernate-c3p0" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.orm" artifact_id="hibernate-hikaricp" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.h2database" artifact_id="h2" version="1.4.200"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.fasterxml.jackson.dataformat" artifact_id="jackson-dataformat-toml" version="2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson.dataformat:jackson-dataformats-text:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson:jackson-base:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson:jackson-bom:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml:oss-parent:50"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.chorem:pollen:@pom.version@"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml:oss-parent:50"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson:jackson-bom:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson:jackson-base:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson.dataformat:jackson-dataformats-text:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.code.gson" artifact_id="gson" version="2.10.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="commons-collections" artifact_id="commons-collections" version="3.2.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:16"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:16"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.nuiton" artifact_id="nuiton-converter" version="1.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:nuitonpom:1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.nuiton:pom:1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:pom:1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.nuiton:nuitonpom:1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="io.github.classgraph" artifact_id="classgraph" version="4.8.147"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="jakarta.persistence" artifact_id="jakarta.persistence-api" version="3.1.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="jakarta.transaction" artifact_id="jakarta.transaction-api" version="2.0.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.ee4j:project:1.0.6"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.ee4j:project:1.0.6"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.jboss.logging" artifact_id="jboss-logging" version="3.5.0.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.jboss:jboss-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.jboss:jboss-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.junit" artifact_id="junit-bom" version="5.8.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.common" artifact_id="hibernate-commons-annotations" version="6.0.6.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="io.smallrye" artifact_id="jandex" version="3.1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="io.smallrye:jandex-parent:3.1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="io.smallrye:smallrye-build-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="io.smallrye:smallrye-build-parent:39"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="io.smallrye:jandex-parent:3.1.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.fasterxml" artifact_id="classmate" version="1.5.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml:oss-parent:35"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml:oss-parent:35"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="net.bytebuddy" artifact_id="byte-buddy" version="1.14.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="net.bytebuddy:byte-buddy-parent:1.14.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="net.bytebuddy:byte-buddy-parent:1.14.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="jakarta.xml.bind" artifact_id="jakarta.xml.bind-api" version="4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="jakarta.xml.bind:jakarta.xml.bind-api-parent:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="jakarta.xml.bind:jakarta.xml.bind-api-parent:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.glassfish.jaxb" artifact_id="jaxb-runtime" version="4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.sun.xml.bind.mvn:jaxb-runtime-parent:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.sun.xml.bind.mvn:jaxb-parent:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.sun.xml.bind:jaxb-bom-ext:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.glassfish.jaxb:jaxb-bom:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.glassfish.jaxb:jaxb-bom:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.sun.xml.bind:jaxb-bom-ext:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.sun.xml.bind.mvn:jaxb-parent:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.sun.xml.bind.mvn:jaxb-runtime-parent:4.0.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="jakarta.inject" artifact_id="jakarta.inject-api" version="2.0.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.ee4j:project:1.0.6"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.ee4j:project:1.0.6"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.antlr" artifact_id="antlr4-runtime" version="4.10.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.antlr:antlr4-master:4.10.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.antlr:antlr4-master:4.10.1"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.ant" artifact_id="ant" version="1.10.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.ant:ant-parent:1.10.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.ant:ant-parent:1.10.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.tool" artifact_id="hibernate-tools-orm" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.hibernate.tool:hibernate-tools-parent:6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.hibernate.tool:hibernate-tools-parent:6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.mchange" artifact_id="c3p0" version="0.9.5.5"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.zaxxer" artifact_id="HikariCP" version="3.2.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:9"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.fasterxml.jackson.core" artifact_id="jackson-databind" version="2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson:jackson-base:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson:jackson-base:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.junit" artifact_id="junit-bom" version="5.9.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.fasterxml.jackson.core" artifact_id="jackson-core" version="2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson:jackson-base:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson:jackson-base:2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="jakarta.activation" artifact_id="jakarta.activation-api" version="2.1.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.ee4j:project:1.0.7"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.glassfish.jaxb" artifact_id="jaxb-core" version=""
2024-07-26T12:00:42+02:00	DEBUG	[pom] Repository error	err="Version missing for org.glassfish.jaxb:jaxb-core"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.ant" artifact_id="ant-launcher" version="1.10.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache.ant:ant-parent:1.10.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.ant:ant-parent:1.10.12"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.google.googlejavaformat" artifact_id="google-java-format" version="1.15.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.google.googlejavaformat:google-java-format-parent:1.15.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.google.googlejavaformat:google-java-format-parent:1.15.0"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.freemarker" artifact_id="freemarker" version="2.3.31"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:17"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:17"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.orm" artifact_id="hibernate-ant" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.hibernate.tool" artifact_id="hibernate-tools-utils" version="6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.hibernate.tool:hibernate-tools-parent:6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.hibernate.tool:hibernate-tools-parent:6.3.1.Final"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.mchange" artifact_id="mchange-commons-java" version="0.2.19"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.25"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.25"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.25"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="com.fasterxml.jackson.core" artifact_id="jackson-annotations" version="2.15.2"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Start parent	artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="com.fasterxml.jackson:jackson-parent:2.15"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Failed to fetch	url="https://repo.maven.apache.org/maven2/org/chorem/pollen/@pom.version@/[email protected]@.pom"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Parent POM not found	artifact="org.chorem:pollen:@pom.version@" err="2 errors occurred:\n\t* stat pollen-rest-api/src/it/pom.xml: no such file or directory\n\t* org.chorem:pollen:@pom.version@ was not found in local/remote repositories\n\n"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Exit parent	artifact="org.chorem:pollen:@pom.version@"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.chorem.pollen" artifact_id="pollen-rest-api" version=""
2024-07-26T12:00:42+02:00	DEBUG	[pom] Repository error	err="Version missing for org.chorem.pollen:pollen-rest-api"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="org.mortbay.jetty" artifact_id="jetty-runner" version=""
2024-07-26T12:00:42+02:00	DEBUG	[pom] Repository error	err="Version missing for org.mortbay.jetty:jetty-runner"
2024-07-26T12:00:42+02:00	DEBUG	[pom] Resolving...	group_id="junit" artifact_id="junit" version=""
2024-07-26T12:00:42+02:00	DEBUG	[pom] Repository error	err="Version missing for junit:junit"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x3461c37]

goroutine 432 [running]:
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language/java/pom.pomAnalyzer.Analyze({}, {0xc001e99860?, 0x0?}, {{0x7ffc359fbc18, 0x1}, {0xc000986300, 0x22}, {0x54544c8, 0xc00210a4e0}, {0x54370a0, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/java/pom/pom.go:36 +0x137
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x5449930?, 0x79d31c0}, {0x5447988?, 0xc00014a0c0?})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:432 +0x245
created by github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile in goroutine 1
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:427 +0x52e

Operating System

Fedora 40

Version

$ trivy --version
Version: 0.53.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-07-26 06:11:58.006387807 +0000 UTC
  NextUpdate: 2024-07-26 12:11:58.006387446 +0000 UTC
  DownloadedAt: 2024-07-26 09:35:41.697718638 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-02-12 00:45:04.687521318 +0000 UTC
  NextUpdate: 2024-02-15 00:45:04.687521198 +0000 UTC
  DownloadedAt: 2024-02-14 23:28:24.141107882 +0000 UTC
Check Bundle:
  Digest: sha256:ef2d9ad4fce0f933b20a662004d7e55bf200987c180e7f2cd531af631f408bb3
  DownloadedAt: 2024-07-26 10:10:34.989910951 +0000 UTC

Checklist
@nikpivkin nikpivkin added the kind/bug Categorizes issue or PR as related to a bug. label Jul 26, 2024
@DmitriyLewen DmitriyLewen mentioned this issue Jul 29, 2024
Merged
6 tasks
@DmitriyLewen DmitriyLewen added this to the v0.54.0 milestone Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
v0.54.0
Development

Successfully merging a pull request may close this issue.

fix(java): avoid panic if deps from pom in it dir are not found DmitriyLewen/trivy
2 participants
@DmitriyLewen @nikpivkin