Dependencycheck: Could not execute GrokAssembly Premature end of file
Hi,
I've downloaded the latest version of Dependecy Check (3.3.1) and already tried also with one previous version (3.0.2) after tested with 3.3.1 and I'm getting the error related with GrokAssembly
Log:
https://gist.github.com/razeitona/2b1d4d96d5f68b36756479d3e8aecd35
DEBUG - Initializing Assembly Analyzer
2018-08-28 10:07:55,534 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:223
DEBUG - Extracted GrokAssembly.exe to C:\Users\RICARD~1\AppData\Local\Temp\dctempaf03cfe4-0d44-4885-9f18-3d5515cb646a\GKA11409347276140118492.exe
2018-08-28 10:07:55,535 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:226
DEBUG - Extracted GrokAssembly.exe.config to C:\Users\RICARD~1\AppData\Local\Temp\dctempaf03cfe4-0d44-4885-9f18-3d5515cb646a\GKA11409347276140118492.exe.config
2018-08-28 10:07:55,676 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:273
WARN - An error occurred with the .NET AssemblyAnalyzer;
this can be ignored unless you are scanning .NET DLLs. Please see the log for more details.
2018-08-28 10:07:55,678 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:275
DEBUG - Could not execute GrokAssembly Premature end of file.
2018-08-28 10:07:55,678 org.owasp.dependencycheck.Engine:819
ERROR - Exception occurred initializing Assembly Analyzer.
2018-08-28 10:07:55,682 org.owasp.dependencycheck.Engine:820
DEBUG -
org.owasp.dependencycheck.exception.InitializationException: An error occurred with the .NET AssemblyAnalyzer
at org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.prepareFileTypeAnalyzer(AssemblyAnalyzer.java:277)
at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.prepareAnalyzer(AbstractFileTypeAnalyzer.java:73)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare(AbstractAnalyzer.java:108)
at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:817)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:662)
at org.owasp.dependencycheck.App.runScan(App.java:253)
at org.owasp.dependencycheck.App.run(App.java:184)
at org.owasp.dependencycheck.App.main(App.java:69)
Caused by: org.xml.sax.SAXParseException: Premature end of file.
at java.xml/com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source)
at java.xml/com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at java.xml/javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.prepareFileTypeAnalyzer(AssemblyAnalyzer.java:259)
... 7 common frames omitted
razeitona
All 15 comments
Are you analyzing any DLLs or EXEs?
jeremylong
on 29 Aug 2018
A folder with dll.
It was first time that I used Dependency Check, later I've installed on a different machine (also for the first time) and worked without any problem.
razeitona
on 29 Aug 2018
So can this issue be closed?
jeremylong
on 2 Sep 2018
No, because I still can't run in my machine. In 2 of 3 machines that I tested just run in one.
razeitona
on 3 Sep 2018
On the machine where this fails - is the .NET runtime (or mono) installed? The current dependency-check does not support .NET core yet. We will switch to .NET core in the 4.x release.
What output do you get if you download the GrokAssemble.exe and GrokAssemble.exe.config and run GrokAssembly on itself?
./GrokAssembly.exe ./GrokAssembly.exe
Can you try 5.0.0-M2 - I believe this should be resolved.
jeremylong
on 27 Apr 2019
I have a very similar issue on version 5.2.2 with dotnet core 3.0.100 installed
DEBUG - unexpected error
org.owasp.dependencycheck.exception.InitializationException: An error occurred with the .NET AssemblyAnalyzer
at org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.prepareFileTypeAnalyzer(AssemblyAnalyzer.java:403)
at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.prepareAnalyzer(AbstractFileTypeAnalyzer.java:83)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare(AbstractAnalyzer.java:102)
at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:842)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:678)
at org.owasp.dependencycheck.App.runScan(App.java:251)
at org.owasp.dependencycheck.App.run(App.java:183)
at org.owasp.dependencycheck.App.main(App.java:80)
Caused by: org.owasp.dependencycheck.xml.assembly.GrokParseException: org.xml.sax.SAXException: Line=1, Column=1: Premature end of file.
at org.owasp.dependencycheck.xml.assembly.GrokParser.parse(GrokParser.java:103)
at org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.prepareFileTypeAnalyzer(AssemblyAnalyzer.java:380)
... 7 common frames omitted
Caused by: org.xml.sax.SAXException: Line=1, Column=1: Premature end of file.
at org.owasp.dependencycheck.xml.assembly.GrokErrorHandler.fatalError(GrokErrorHandler.java:71)
at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:181)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1471)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)
at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:888)
at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:824)
at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)
at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)
at org.owasp.dependencycheck.xml.assembly.GrokParser.parse(GrokParser.java:92)
... 8 common frames omitted
metareven
on 22 Oct 2019
Same problem here, do you have a solution for this?
Same Version of dep. check and dotnet core. On Windows 10
gruselglatz
on 23 Oct 2019
@metareven @gruselglatz same here!
stevehipwell
on 4 Nov 2019
At least the docker image works, so use that as a workaround if you need to use this tool
metareven
on 5 Nov 2019
It looks like _DependencyCheck_ requires _DotNet Core_ v2. I don't think this is a bug but I do think that it should be made clearer. If you install the _DotNet Core_ v2 run-time then the scanner should run successfully. I've tested this solution works in a _DotNet Core_ v3 Docker image by installing the _DotNet Core_ v2.2.7 run-time.
stevehipwell
on 5 Nov 2019
Would be great if it worked out of the box with dotnet core 3 as well
RemcoTukker
on 6 Nov 2019
@jeremylong could you confirm which version of dotnet needs to be present as v2.2 is out of support?
stevehipwell
on 2 Apr 2020
I'll re-compile to dotnet 3 with the next release.
jeremylong
on 2 Apr 2020
Thanks @jeremylong I assume you specifically mean .NET Core v3.1 which is the current LTS.
stevehipwell
on 2 Apr 2020
Related issues
javixeneize
路
14Comments
Jayaramvenkat
路
19Comments
MMirabito
路
27Comments
maartengo
路
23Comments
meselfi
路
40Comments
Most helpful comment
It looks like _DependencyCheck_ requires _DotNet Core_ v2. I don't think this is a bug but I do think that it should be made clearer. If you install the _DotNet Core_ v2 run-time then the scanner should run successfully. I've tested this solution works in a _DotNet Core_ v3 Docker image by installing the _DotNet Core_ v2.2.7 run-time.