GitLab gemnasium-maven analyzer v2.27.3 fails with StackOverflowError exception for gradle projects

GitLab gemnasium-maven analyzer v2.27.2 worked fine with several projects in our pipelines however since yesterday newer version was deployed GitLab gemnasium-maven analyzer v2.27.3 and it started failing with StackOverflowError…

I have called the gemnasium-maven analyzer locally (registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven:2 /analyzer run with debug enabled) and it produced the following error statement:

Starting a Gradle Daemon (subsequent builds will be faster)
> Task :gemnasiumDumpDependencies
> Task :gemnasiumDumpDependencies FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':gemnasiumDumpDependencies'.
> java.lang.StackOverflowError (no error message)

AFAIU it all boils down to gemnasium-gradle-plugin which was recently upgraded to version 1.0.0.
I have confirmed that thesis by adding the plugin in question to failing project:

plugins {
    ...
    id("com.gemnasium.gradle-plugin") version "x.x.x"
}

and calling the following command ./gradlew gemnasiumDumpDependencies and

  • it works fine build/reports/gradle-dependencies.json gets generated when version is 0.3.5
  • it fails with
    2022-03-16T17:31:09.261+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
    2022-03-16T17:31:09.261+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
    FAILURE: Build failed with an exception.
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * 
    What went wrong:
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
    Execution failed for task ':gemnasiumDumpDependencies'.
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > java.lang.StackOverflowError (no error message)
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * 
    Try:
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Run with --stacktrace option to get the stack trace.  Run with --scan to get full insights.
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] 
    2022-03-16T17:31:09.262+0100 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * 
    Get more help at https://help.gradle.org
    2022-03-16T17:31:09.262+0100 [WARN] 
    [org.gradle.internal.featurelifecycle.LoggingDeprecatedFeatureHandler] 
    Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
    
    You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
    
    See https://docs.gradle.org/7.2/userguide/command_line_interface.html#sec:command_line_warnings
    2022-03-16T17:31:09.263+0100 [ERROR] [org.gradle.internal.buildevents.BuildResultLogger] 
    2022-03-16T17:31:09.263+0100 [ERROR] [org.gradle.internal.buildevents.BuildResultLogger] BUILD 
    FAILED in 1s
    
    when version is switched to 1.0.0 (note that logs were generated with --debug switch added)

Is there any way in getting what is the offending project structure? Maybe a list of dos and donts?
Anyone facing the same problem? Any help will be appreciated…

Thanks for reporting this issue @geminica and for providing detailed logs! This bug has now been fixed in gemnasium-maven v2.27.4. Please see this comment for more details.

2 Likes

Yeap, can confirm that it works fine with gemnasium-maven v2.27.4 - thanks for fixing it!

1 Like