You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@buildr.apache.org by Sathwik B P <sa...@apache.org> on 2018/09/14 10:33:44 UTC
OWASP dependency check plugin - resolve java classpath issues
Hi Guys,
Here is the sample OWASP dependecy check plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
I am encountering a java classpath issue. In the Rakefile when I enable
jetty addon
https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20
We encoutner this error:
E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating
'dependency_check' task: Could not create type dependency_check due to
java.lang.NoSuchMethodError:
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
Buildr aborted!
Java::OrgApacheToolsAnt::BuildException : Could not create type
dependency_check due to java.lang.NoSuchMethodError:
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java
classpath and the owasp plugin requires SLF4J 1.7.12
I did try to override the version of SLF4j required by jetty in the
Rakefile, but it did not help.
Buildr::Jetty::SLF4J_VERSION="1.7.12"
I could get it working with adding Java.classpath << REQUIRES in owasp.rake
file but when I use this owasp.rake in Apache ODE build, it creates a lot
of other classpath issues.
Any ideas, to get this thing working?
regards,
sathwik
Re: OWASP dependency check plugin - resolve java classpath issues
Posted by Peter Donald <pe...@realityforge.org>.
Hi,
I missed the original mail but I often find it is better to run these
commands externally regardless so that you release all the memory when
the task is done. The speed up you get for running things inline in
the buildr jvm is usually only an advantage if there is a lot of
classes to load and the task is called multiple times.
On Thu, Sep 20, 2018 at 4:24 PM Sathwik B P <sa...@apache.org> wrote:
>
> I could not find a way to make this work, beacuse Jetty puts the SLF4J
> ahead in the classpath. OWASP Ant task will not work with this :(
>
> I also tried with buildr 1.5.6, but it created more complications in the
> ODE build, OPENJPA enhance ant tasks went down :(
>
> Finally I had to look for the command line options of OWASP, runnig an
> independent java process in buildr. This works perfectly.
> I have replaced the ANT task with CMD plugin
> https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
>
> regards,
> sathwik
>
>
>
> On Fri, Sep 14, 2018 at 4:03 PM Sathwik B P <sa...@apache.org> wrote:
>
> > Hi Guys,
> >
> > Here is the sample OWASP dependecy check plugin
> > https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
> >
> > I am encountering a java classpath issue. In the Rakefile when I enable
> > jetty addon
> > https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20
> >
> > We encoutner this error:
> > E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating
> > 'dependency_check' task: Could not create type dependency_check due to
> > java.lang.NoSuchMethodError:
> > org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
> > Buildr aborted!
> > Java::OrgApacheToolsAnt::BuildException : Could not create type
> > dependency_check due to java.lang.NoSuchMethodError:
> > org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
> >
> > This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java
> > classpath and the owasp plugin requires SLF4J 1.7.12
> >
> > I did try to override the version of SLF4j required by jetty in the
> > Rakefile, but it did not help.
> > Buildr::Jetty::SLF4J_VERSION="1.7.12"
> >
> > I could get it working with adding Java.classpath << REQUIRES in
> > owasp.rake file but when I use this owasp.rake in Apache ODE build, it
> > creates a lot of other classpath issues.
> >
> > Any ideas, to get this thing working?
> >
> > regards,
> > sathwik
> >
--
Cheers,
Peter Donald
Re: OWASP dependency check plugin - resolve java classpath issues
Posted by Sathwik B P <sa...@apache.org>.
I could not find a way to make this work, beacuse Jetty puts the SLF4J
ahead in the classpath. OWASP Ant task will not work with this :(
I also tried with buildr 1.5.6, but it created more complications in the
ODE build, OPENJPA enhance ant tasks went down :(
Finally I had to look for the command line options of OWASP, runnig an
independent java process in buildr. This works perfectly.
I have replaced the ANT task with CMD plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
regards,
sathwik
On Fri, Sep 14, 2018 at 4:03 PM Sathwik B P <sa...@apache.org> wrote:
> Hi Guys,
>
> Here is the sample OWASP dependecy check plugin
> https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
>
> I am encountering a java classpath issue. In the Rakefile when I enable
> jetty addon
> https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20
>
> We encoutner this error:
> E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating
> 'dependency_check' task: Could not create type dependency_check due to
> java.lang.NoSuchMethodError:
> org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
> Buildr aborted!
> Java::OrgApacheToolsAnt::BuildException : Could not create type
> dependency_check due to java.lang.NoSuchMethodError:
> org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
>
> This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java
> classpath and the owasp plugin requires SLF4J 1.7.12
>
> I did try to override the version of SLF4j required by jetty in the
> Rakefile, but it did not help.
> Buildr::Jetty::SLF4J_VERSION="1.7.12"
>
> I could get it working with adding Java.classpath << REQUIRES in
> owasp.rake file but when I use this owasp.rake in Apache ODE build, it
> creates a lot of other classpath issues.
>
> Any ideas, to get this thing working?
>
> regards,
> sathwik
>