diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java index 462049b18..1ab49f346 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java @@ -77,16 +77,10 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { /** * There may be temporary issues when connecting to MavenCentral. * In order to compensate for 99% of the issues, we perform a retry - * before finally raising the {@link #errorFlag}. + * before finally failing the analysis. */ private static final int NUMBER_OF_TRIES = 5; - /** - * The analyzer should be disabled if there are errors, so this is a flag to - * determine if such an error has occurred. - */ - private volatile boolean errorFlag = false; - /** * The searcher itself. */ @@ -200,10 +194,6 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { */ @Override public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { - if (errorFlag) { - return; - } - try { final List mas = fetchMavenArtifacts(dependency); final Confidence confidence = mas.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST; @@ -249,8 +239,9 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { } catch (FileNotFoundException fnfe) { LOGGER.debug("Artifact not found in repository: '{}", dependency.getFileName()); } catch (IOException ioe) { - LOGGER.warn("Could not connect to Central search. Disabling this analyzer.", ioe); - errorFlag = true; + final String message = "Could not connect to Central search. Analysis failed."; + LOGGER.error(message, ioe); + throw new AnalysisException(message, ioe); } } @@ -292,9 +283,8 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer { } } - LOGGER.warn("Finally failed connecting to Central search." + - " Giving up after {} tries. Last exception was: {}", - NUMBER_OF_TRIES, lastException); - throw lastException; + final String message = "Finally failed connecting to Central search." + + " Giving up after " + NUMBER_OF_TRIES + " tries."; + throw new IOException(message, lastException); } } diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java index 7b37864d7..3aace07d4 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java @@ -23,6 +23,7 @@ import mockit.MockUp; import mockit.Mocked; import org.junit.BeforeClass; import org.junit.Test; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.data.central.CentralSearch; import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.dependency.Dependency; @@ -134,6 +135,26 @@ public class CentralAnalyzerTest { instance.fetchMavenArtifacts(dependency); } + @Test(expected = AnalysisException.class) + @SuppressWarnings("PMD.NonStaticInitializer") + public void testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail(@Mocked final CentralSearch centralSearch, + @Mocked final Dependency dependency) + throws AnalysisException, IOException { + + CentralAnalyzer instance = new CentralAnalyzer(); + instance.searcher = centralSearch; + + new Expectations() {{ + dependency.getSha1sum(); + returns(SHA1_SUM); + + centralSearch.searchSha1(SHA1_SUM); + result = new IOException("no internet connection"); + }}; + + instance.analyze(dependency, null); + } + /** * We do not want to waste time in unit tests. */