Steady maven plugin is throwing UnsupportedOperationException

[the-brownstone]

Describe the bug
When running mvn -Dsteady steady:report it throws an UnsupportedOperationException due to an invalid environment variable key

IMPORTANT: please ensure that you do not refer to any internal or confidential information from your company/organization here. Also, please provide only references to public (open-source) projects on which the issue can be reproduced. Please do not include in the issue description any reference or link to non-public or otherwise proprietary information.

To Reproduce
Steps to reproduce the behavior:

In case of bugs happening on the client (when performing scans):

1. Clone a java repo
2. Add profile as per guideline -> https://eclipse.github.io/steady/user/tutorials/java_maven/
3. Run plugin mvn -Dsteady steady:report
4. See error

Expected behavior
No error should be thrown

Steady version

• Steady version 3.2.5

In case of bugs happening on the client (when performing scans)

• OS/version: Windows 10
• Java JVM/version or Python version: JDK 11
• Steady client (Maven plugin, Gradle plugin, CLI, setuptools plugin): Maven plugin
• Console log(s) (with confidential information removed)
  2023-04-24 11:27:30,224 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [MapConfiguration] from source [Transient-Config-Layer]
  2023-04-24 11:27:30,232 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [SystemConfiguration] from source [System-Properties]
  2023-04-24 11:27:30,232 [main] [WARN ] shared.util.VulasConfiguration - Configuration key [ProgramFiles(x86)] removed due to illegal characters
  [WARNING] Error injecting: org.eclipse.steady.java.mvn.MvnPluginReport
  com.google.inject.ProvisionException: Unable to provision, see the following errors:

1. Error injecting constructor, java.lang.UnsupportedOperationException
   at org.eclipse.steady.java.mvn.MvnPluginReport.(Unknown Source)
   while locating org.eclipse.steady.java.mvn.MvnPluginReport
   ...
   Caused by: java.lang.UnsupportedOperationException
   at java.util.Collections$UnmodifiableMap.remove (Collections.java:1460)
   at org.apache.commons.configuration.MapConfiguration.clearPropertyDirect (MapConfiguration.java:218)
   at org.apache.commons.configuration.AbstractConfiguration.clearProperty (AbstractConfiguration.java:505)
   at org.eclipse.steady.shared.util.VulasConfiguration.sanitize (VulasConfiguration.java:306)
   at org.eclipse.steady.shared.util.VulasConfiguration.addConfiguration (VulasConfiguration.java:272)
   at org.eclipse.steady.shared.util.VulasConfiguration.appendInitialConfigurations (VulasConfiguration.java:219)

• URL of a public repo that can be used for reproducing (minimal example if possible)

Additional context
Add any other context about the problem here.

• The problem lies in VulasConfiguration call to System.getenv() which returns an UnmodifiableMap
• sanitize method attempts to clear any unsupported key (e.g., ProgramFiles(x86))
• Additionally, there's a ConcurrentModificationException thrown when deleting and iterating through keys. This may also be replicated in testSanitize unit test by adding a new property at the end. For example pc.setProperty("new invalid key", "bar");

[serenaponta]

Hi @the-brownstone,

the report goal generates a report based on the application data available in the backend as a result of running the other goals. It looks to me that you run such goal without any other first. The minimal requirement for generating a report is the execution of mvn -Dsteady compile steady:app [1] [2].

[1] https://eclipse.github.io/steady/user/manuals/analysis/#bill-of-material-analysis-app
[2] https://eclipse.github.io/steady/user/tutorials/java_maven/#app

[the-brownstone]

@serenaponta thank you for highlighting that. However, upon running command mentioned above, it seems the same error is appearing due to unsupported environment variable key of ProgramFiles(x86).

Here's the shortened and redacted log file:
2023-04-25 09:53:08,598 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [MapConfiguration] from source [Transient-Config-Layer]
2023-04-25 09:53:08,613 [main] [INFO ] shared.util.VulasConfiguration - Added configuration [SystemConfiguration] from source [System-Properties]
2023-04-25 09:53:08,613 [main] [WARN ] shared.util.VulasConfiguration - Configuration key [ProgramFiles(x86)] removed due to illegal characters
[WARNING] Error injecting: org.eclipse.steady.java.mvn.MvnPluginBom
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1. Error injecting constructor, java.lang.UnsupportedOperationException
   at org.eclipse.steady.java.mvn.MvnPluginBom.(Unknown Source)
   while locating org.eclipse.steady.java.mvn.MvnPluginBom

1 error
at com.google.inject.internal.InternalProvisionException.toProvisionException (InternalProvisionException.java:226)
at com.google.inject.internal.InjectorImpl$1.get (InjectorImpl.java:1053)
at com.google.inject.internal.InjectorImpl.getInstance (InjectorImpl.java:1086)
at org.eclipse.sisu.space.AbstractDeferredClass.get (AbstractDeferredClass.java:48)
...
Caused by: java.lang.UnsupportedOperationException
at java.util.Collections$UnmodifiableMap.remove (Collections.java:1460)
at org.apache.commons.configuration.MapConfiguration.clearPropertyDirect (MapConfiguration.java:218)
at org.apache.commons.configuration.AbstractConfiguration.clearProperty (AbstractConfiguration.java:505)
at org.eclipse.steady.shared.util.VulasConfiguration.sanitize (VulasConfiguration.java:306)
at org.eclipse.steady.shared.util.VulasConfiguration.addConfiguration (VulasConfiguration.java:272)
at org.eclipse.steady.shared.util.VulasConfiguration.appendInitialConfigurations (VulasConfiguration.java:219)
at org.eclipse.steady.shared.util.VulasConfiguration. (VulasConfiguration.java:140)
at org.eclipse.steady.java.mvn.AbstractVulasMojo. (AbstractVulasMojo.java:91)
at org.eclipse.steady.java.mvn.MvnPluginBom. (MvnPluginBom.java:35)
...
[IJ]-1-MojoFailed-[IJ]-source=CLI-[IJ]-goal=app-[IJ]-id=:🫙1.0.0-[IJ]-error=Failed to execute goal org.eclipse.steady:plugin-maven:3.2.5:app (default-cli) on project : Execution default-cli of goal org.eclipse.steady:plugin-maven:3.2.5:app failed: Unable to load the mojo 'app' (or one of its required components) from the plugin 'org.eclipse.steady:plugin-maven:3.2.5'
[IJ]-1-ProjectFailed-[IJ]-id=:🫙1.0.0
[IJ]-1-SessionEnded-[IJ]-id=unknown
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 7.801 s
[INFO] Finished at: 2023-04-25T09:53:08+08:00
[INFO] ------------------------------------------------------------------------
[IJ]-1-Unknown-[IJ]-event=org.apache.maven.execution.DefaultMavenExecutionResult@2d07aacc
[ERROR] Failed to execute goal org.eclipse.steady:plugin-maven:3.2.5:app (default-cli) on project : Execution default-cli of goal org.eclipse.steady:plugin-maven:3.2.5:app failed: Unable to load the mojo 'app' (or one of its required components) from the plugin 'org.eclipse.steady:plugin-maven:3.2.5': com.google.inject.ProvisionException: Unable to provision, see the following errors:
[ERROR]
[ERROR] 1) Error injecting constructor, java.lang.UnsupportedOperationException
[ERROR] at org.eclipse.steady.java.mvn.MvnPluginBom.(Unknown Source)
[ERROR] while locating org.eclipse.steady.java.mvn.MvnPluginBom
[ERROR] at ClassRealm[plugin>org.eclipse.steady:plugin-maven:3.2.5, parent: jdk.internal.loader.ClassLoaders$AppClassLoader@512ddf17] (via modules: org.eclipse.sisu.wire.WireModule -> org.eclipse.sisu.plexus.PlexusBindingModule)
[ERROR] while locating org.apache.maven.plugin.Mojo annotated with @com.google.inject.name.Named(value="org.eclipse.steady:plugin-maven:3.2.5:app")
[ERROR]
[ERROR] 1 error
[ERROR] role: org.apache.maven.plugin.Mojo
[ERROR] roleHint: org.eclipse.steady:plugin-maven:3.2.5:app
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginContainerException

[serenaponta]

@the-brownstone, thanks for reporting and for the detailed description of the issue, i was able to replicate it only on a windows os. This is now fixed in master (version 2.3.6-SNAPSHOT) and will be part of the next release.