Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I still get the following error after executing the command with version 2.7.6: #332

Open
wzd-hash opened this issue Apr 10, 2023 · 11 comments
Open

I still get the following error after executing the command with version 2.7.6: #332

wzd-hash opened this issue Apr 10, 2023 · 11 comments

Comments

@wzd-hash
Copy link

image
@hboutemy
Copy link
Contributor

can you provide us a reproducer project, so we can investigate, please?

@hboutemy hboutemy mentioned this issue Apr 10, 2023
Closed
@wzd-hash
Copy link
Author

can you provide us a reproducer project, so we can investigate, please?

Please give this project a try:https://github.com/YunaiV/yudao-cloud.git

@hboutemy
Copy link
Contributor

I tried, I can't get the error you're getting: what is your build command?

@wzd-hash
Copy link
Author

The command I use is:‘mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -Dfile.encoding=UTF-8 -Dcyclonedx-maven-plugin.version=2.7.6’

@hboutemy
Copy link
Contributor

hboutemy commented Apr 11, 2023
edited

no problem here, and I can see CycloneDX output containing chinese chars

why do you set -Dfile.encoding=UTF-8? is it part of your normal build command?
(and why do you set -Dcyclonedx-maven-plugin.version=2.7.6, given I don't see any property in your pom.xml?)

what is the output of mvn -V?

@wzd-hash
Copy link
Author

-Dfile.encoding=UTF-8

Setting '-Dfile.encoding=UTF-8' is the solution I found online to the above error. My maven version is 3.6.3. What command are you using

@wzd-hash
Copy link
Author

image

@hboutemy
Copy link
Contributor

hboutemy commented Apr 11, 2023
edited

I'm using basic mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.6:makeBom -e (-e to see the stacktrace) to start with the simplest

Given your running environment, I tested with Maven 3.6.3 and 3.8.7 and got your invalid character on yudao-common module

Caused by: javax.xml.parsers.ParserConfigurationException: org.xml.sax.SAXParseException; lineNumber: 35; columnNumber: 14265; Un caractère XML non valide (Unicode : 0xdccc) a été détecté dans le contenu d'élément du document.
    at org.cyclonedx.generators.xml.AbstractBomXmlGenerator.generateDocument (AbstractBomXmlGenerator.java:114)
    at org.cyclonedx.generators.xml.BomXmlGenerator14.generate (BomXmlGenerator14.java:63)
    at org.cyclonedx.maven.BaseCycloneDxMojo.saveBom (BaseCycloneDxMojo.java:658)
    at org.cyclonedx.maven.BaseCycloneDxMojo.generateBom (BaseCycloneDxMojo.java:647)
    at org.cyclonedx.maven.BaseCycloneDxMojo.execute (BaseCycloneDxMojo.java:610)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)

But using Maven 3.9.1 as I was using by default, I don't get the issue (I don't know precisely why, I'm just sharing what I found for now)

Can you confirm that using Maven 3.9.1 avoids the issue?

@wzd-hash
Copy link
Author

I'm using basic mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.6:makeBom -e (-e to see the stacktrace) to start with the simplest

Given your running environment, I tested with Maven 3.6.3 and 3.8.7 and got your invalid character on yudao-common module

Caused by: javax.xml.parsers.ParserConfigurationException: org.xml.sax.SAXParseException; lineNumber: 35; columnNumber: 14265; Un caractère XML non valide (Unicode : 0xdccc) a été détecté dans le contenu d'élément du document.
    at org.cyclonedx.generators.xml.AbstractBomXmlGenerator.generateDocument ([AbstractBomXmlGenerator.java:114](http://AbstractBomXmlGenerator.java:114))
    at org.cyclonedx.generators.xml.BomXmlGenerator14.generate ([BomXmlGenerator14.java:63](http://BomXmlGenerator14.java:63))
    at org.cyclonedx.maven.BaseCycloneDxMojo.saveBom ([BaseCycloneDxMojo.java:658](http://BaseCycloneDxMojo.java:658))
    at org.cyclonedx.maven.BaseCycloneDxMojo.generateBom ([BaseCycloneDxMojo.java:647](http://BaseCycloneDxMojo.java:647))
    at org.cyclonedx.maven.BaseCycloneDxMojo.execute ([BaseCycloneDxMojo.java:610](http://BaseCycloneDxMojo.java:610))
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo ([DefaultBuildPluginManager.java:137](http://DefaultBuildPluginManager.java:137))

But using Maven 3.9.1 as I was using by default, I don't get the issue (I don't know precisely why, I'm just sharing what I found for now)

Can you confirm that using Maven 3.9.1 avoids the issue?

After I used maven3.9.1, executing the command was successful. Does this have anything to do with the maven version? Older versions of maven cannot be used

@hboutemy
Copy link
Contributor

Does this have anything to do with the maven version? Older versions of maven cannot be used

surprisingly, from our common experience here, yes...

Reading the stacktrace, it seems an invalid character is read from POMs that makes the CycloneDX XML writer (from cyclonedx-java) to fail when it tries to save it to a file.

If you don't need the SBOM in XML format, perhaps as a workaround you can try to disable XML output and only keep json: perhaps it won't choke with other Maven versions

@wzd-hash
Copy link
Author

Does this have anything to do with the maven version? Older versions of maven cannot be used

surprisingly, from our common experience here, yes...

Reading the stacktrace, it seems an invalid character is read from POMs that makes the CycloneDX XML writer (from cyclonedx-java) to fail when it tries to save it to a file.

If you don't need the SBOM in XML format, perhaps as a workaround you can try to disable XML output and only keep json: perhaps it won't choke with other Maven versions

OK, thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hboutemy @wzd-hash