Regression: problem with some zip : ZipCoder MALFORMED

[eballetbaz]

Describe the bug
A regression with version 8.0.2 has been found. Some zip throws java.lang.IllegalArgumentException: MALFORMED
This is the exact same symptoms than old issue "#12 Problem with some zip-files"
The files in the ZIP contains special characters like é (French accentuated e), ' (single quote) and - (dash)
It was working with version 7.4.4

Version of dependency-check used
The problem occurs using version 8.0.2 of the maven plugin

Log file

[INFO] Analysis Started
[WARNING] An unexpected error occurred during analysis of '/work/jenkins/workspace/****.zip' (Archive Analyzer): MALFORMED
[ERROR] 
java.lang.IllegalArgumentException: MALFORMED
    at java.util.zip.ZipCoder.toString (ZipCoder.java:58)
    at java.util.zip.ZipInputStream.readLOC (ZipInputStream.java:300)
    at java.util.zip.ZipInputStream.getNextEntry (ZipInputStream.java:122)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive (ArchiveAnalyzer.java:582)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles (ArchiveAnalyzer.java:457)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractAndAnalyze (ArchiveAnalyzer.java:295)
    at org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeDependency (ArchiveAnalyzer.java:277)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
    at java.lang.Thread.run (Thread.java:750)
[INFO] Finished Archive Analyzer (2 seconds)

To Reproduce
Steps to reproduce the behavior:

1. Create a ZIP file with files having characters é (French accentuated e), ' (single quote) and - (dash)
2. Run analysis

[aikebah]

More likely you're suffering from an intentional change referenced in the release notes and before you just didn't notice it didn't work?:

ArchiveAnalyzer will now correctly throw an exception if it cannot open an Archive (#5371).

[eballetbaz]

I don't think. I reverted to version 7.4.4 and there is no warning:

15:33:12 [INFO] Analysis Started
15:33:14 [INFO] Finished Archive Analyzer (2 seconds)
15:33:14 [INFO] Finished File Name Analyzer (0 seconds)
15:33:17 [INFO] Finished Jar Analyzer (2 seconds)
....

[jeremylong]

The error would have been in the debug log - not output to the console.

[cmuchinsky]

I'm seeing something similar in the gradle plugin, when scanning a zip file embedded in a war file. Is there a way to suppress this or configure it to ignore the nested zip file so the scan completes and reports other issues it might have discovered?

[jeremylong]

It should still complete scanning. if the plugin is failing the build you can set the failOnError=false.

[jeremylong]

See https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html

[eballetbaz]

The error would have been in the debug log - not output to the console.

Hi,
error still occurs with latest version.
How can I enable the debug log using the maven plugin ?

Thanks