Scanning an application to identify and remediate vulnerabilities is a complex process. It involves building the application, analyzing the source code and binary files to identify vulnerabilities, remediating those vulnerabilities, and generating the remediated, secure source code.
This article explains the errors that might occur during different stages of a scan, and how to resolve them.
Issues that might occur during the Preparing Analysis stage
-
The scan is stuck between 40% and 60% of the Preparing Analysis stage
If dependency analysis is enabled and real-time intelligence is set to basic or advanced, online services are used to discover the dependencies used by an application. If the scan is stuck between 40% and 60% of the Preparing Analysis stage for an extended period of time, the online services might be experiencing issues. Try setting real-time intelligence to off or disabling dependency analysis to see if the scan progresses.
-
The scan is stuck between 60% and 90% of the Preparing Analysis stage
Before analyzing the application, Lucent Sky AVM scans source code files and libraries to understand the application's structure, size, and detect encoding of source code files. If the application has a large amount of source code, it might take a long time to detect source code encoding. If all source code files have the same encoding, specifying its encoding in scan arguments (such as Encoding,Utf8) can reduce the amount of time required for this stage.
Issues that might occur during the Building stage
-
The scan failed due to Ant errors
To resolve Ant errors, view the following article in the Lucent Sky Knowledge Base:
Troubleshoot Ant errors -
The scan failed due to ASP.NET compilation errors
To resolve ASP.NET compilation errors, view the following article in the Lucent Sky Knowledge Base:
Troubleshoot ASP.NET compilation errors -
The scan failed due to Maven errors
To resolve Maven errors, view the following article in the Lucent Sky Knowledge Base:
Troubleshoot Maven errors -
The scan failed due to MSBuild errors
To resolve Ant errors, view the following article in the Lucent Sky Knowledge Base:
Troubleshoot MSBuild errors -
The scan failed due to IL generation errors
To resolve IL generation errors, view the following article in the Lucent Sky Knowledge Base:
Lucent Sky AVM scan result code -
The scan failed due to other errors during the Build stage
The application might not be in a project structure supported by Lucent Sky AVM. To learn more about how to prepare an application for scanning, view the following article in the Lucent Sky Knowledge Base:
Prepare an application for scanning
In addition to resolving build errors, another approach is using direct binary analysis to scan .NET and Java applications without building them on Lucent Sky AVM. To learn more about how to use direct binary analysis, view the following article in the Lucent Sky Knowledge Base:
Scan an application using direct binary analysis
Issues that might occur during the Analysis stages
To resolve issues occurred during the Analysis stages (S-1 to S-5), view the following article in the Lucent Sky Knowledge Base:
Lucent Sky AVM scan result code
Issues with the remediated source code
-
References are missing when building remediated source code
Lucent Sky AVM utilizes the Application Protection Library (APL) to remediate some vulnerabilities. Build errors might occur if APL is not referenced by the project. To learn more about how to use APL in an application, view the following article in the Lucent Sky Knowledge Base:
Using Application Protection Library in an application -
Syntax errors occurred when building remediated source code
Although extremely rare, errors might occur when placing Instant Fixes into the original source code, resulting in syntax errors during compilation.
The resulted syntax error is usually very visible. Follow the syntax rules of the specific language to modify the Instant Fix to resolve the syntax error.
-
Errors about invalid byte order marks (BOM) occurred when building remediated source code
Remediated source code files generated by Lucent Sky AVM follows its original encoding. An exception to this rule is UTF-8 files: when the original encoding of a file is UTF-8 without BOM, the modified file will use UTF-8 with BOM as its encoding. Some compilers require UTF-8 files to be without BOM, and will throw invalid BOM errors when encountering UTF-8 files with BOM.
To make Lucent Sky AVM generate UTF-8 files without BOM, change the value of Utf8EmitBom to false in CLEAR Engine configurations.
-
Errors about an invalid character occurred when building remediated source code
A common cause to this error is due to incorrect encoding. If an encoding was specified in scan arguments, make sure the encoding is correct.
Additionally, CLEAR Engine uses CR LF line endings in remediated source code files. While most build tools and compilers can handle different line endings, some of them might only accept line endings that are the same as the operating system's. On Unix-like systems, use commands such as dos2unix, tr, or sed to convert the line endings of remediated source code files from CR LF to LF.