Fail analysis/build in case of recurring IOExceptions when connecting to MavenCentral

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java

@@ -77,16 +77,10 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
     /**
      * There may be temporary issues when connecting to MavenCentral.
      * In order to compensate for 99% of the issues, we perform a retry
-     * before finally raising the {@link #errorFlag}.
+     * before finally failing the analysis.
      */
     private static final int NUMBER_OF_TRIES = 5;
 
-    /**
-     * The analyzer should be disabled if there are errors, so this is a flag to
-     * determine if such an error has occurred.
-     */
-    private volatile boolean errorFlag = false;
-
     /**
      * The searcher itself.
      */
@@ -200,10 +194,6 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
      */
     @Override
     public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
-        if (errorFlag) {
-            return;
-        }
-
         try {
             final List<MavenArtifact> mas = fetchMavenArtifacts(dependency);
             final Confidence confidence = mas.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST;
@@ -249,8 +239,9 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
         } catch (FileNotFoundException fnfe) {
             LOGGER.debug("Artifact not found in repository: '{}", dependency.getFileName());
         } catch (IOException ioe) {
-            LOGGER.warn("Could not connect to Central search. Disabling this analyzer.", ioe);
+            final String message = "Could not connect to Central search. Analysis failed.";
-            errorFlag = true;
+            LOGGER.error(message, ioe);
+            throw new AnalysisException(message, ioe);
         }
     }
 
@@ -292,9 +283,8 @@ public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
             }
         }
 
-        LOGGER.warn("Finally failed connecting to Central search." +
+        final String message = "Finally failed connecting to Central search." +
-                        " Giving up after {} tries. Last exception was: {}",
+                " Giving up after " + NUMBER_OF_TRIES + " tries.";
-                NUMBER_OF_TRIES, lastException);
+        throw new IOException(message, lastException);
-        throw lastException;
     }
 }

dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CentralAnalyzerTest.java

@@ -23,6 +23,7 @@ import mockit.MockUp;
 import mockit.Mocked;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.data.central.CentralSearch;
 import org.owasp.dependencycheck.data.nexus.MavenArtifact;
 import org.owasp.dependencycheck.dependency.Dependency;
@@ -134,6 +135,26 @@ public class CentralAnalyzerTest {
         instance.fetchMavenArtifacts(dependency);
     }
 
+    @Test(expected = AnalysisException.class)
+    @SuppressWarnings("PMD.NonStaticInitializer")
+    public void testFetchMavenArtifactsAlwaysThrowsIOExceptionLetsTheAnalysisFail(@Mocked final CentralSearch centralSearch,
+                                                                                  @Mocked final Dependency dependency)
+            throws AnalysisException, IOException {
+
+        CentralAnalyzer instance = new CentralAnalyzer();
+        instance.searcher = centralSearch;
+
+        new Expectations() {{
+            dependency.getSha1sum();
+            returns(SHA1_SUM);
+
+            centralSearch.searchSha1(SHA1_SUM);
+            result = new IOException("no internet connection");
+        }};
+
+        instance.analyze(dependency, null);
+    }
+
     /**
      * We do not want to waste time in unit tests.
      */