We are using the owasp dependencyCheck plugin in our project.
Version used: 1.4.5
We are facing the following issue in our build jobs on Jenkins:
The build job fails intermittently saying " :dependencyCheck FAILED "
The stacktrace of the error is as follows:
:dependencyCheck
Verifying dependencies for project stock-service
Checking for updates and analyzing vulnerabilities for dependencies
Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
Exception occurred initializing CPE Analyzer.
Generating report for project stock-service
Found 0 vulnerabilities in project stock-service
:dependencyCheck FAILED
Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during dependency-check analysis
org.xml.sax.SAXException: Unable to get primary key for new cpe: cpe:/a:uchida_yoko_co._ltd:assetbase:8.0
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to get primary key for new cpe: cpe:/a:uchida_yoko_co._ltd:assetbase:8.0
An exception occurred accessing the database
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:543)
at org.owasp.dependencycheck.Engine$analyzeDependencies$0.call(Unknown Source)
at org.owasp.dependencycheck.gradle.tasks.Check.check(Check.groovy:86)
... 66 more
If your code has multiple microservices, then all the services create a database locally on Jenkins and update it as part of owasp dependencyCheck task on the following location:
/{your jenkins
directory}/.gradle/caches/modules-2/files-2.1/org.owasp/dependency-check-utils/dependency-check-data/3.0/dc.h2.db
Since this file is shared by all the services, there are locking issues. If any one service fails during build, the lock that it created on the file is not removed and thus the other services would subsequently fail.
Following link describes the issue and suggests a solution:
https://github.com/jeremylong/DependencyCheck/issues/410
This solution was not usable as is, we had to change the "autoUpdate=true" so that the service creates a db file if it does not already exist.
After the above change ( i.e adding "data directory" configuration in dependencyCheck task [visit the above link for this config]),
the issue seems to have been fixed.
Related
We are not able to connect BO server (SAP REPORT).
Java Code.
String USER = "xxxxxxxxxx";
String PASSWORD="yyyyyyy";
String SERVER="zzzzzz:6400";
ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
IEnterpriseSession enterpriseSession;
enterpriseSession = sessionMgr.logon(USER, PASSWORD ,SERVER, "secLDAP");
we are getting below error
com.crystaldecisions.sdk.exception.SDKException$SecurityError: An internal error has occurred in the secLdap plugin.
cause:java.lang.NullPointerException
detail:An internal error has occurred in the secLdap plugin. null
at com.crystaldecisions.sdk.plugin.authentication.ldap.internal.LDAPError.ThrowException(LDAPError.java:69)
at com.crystaldecisions.sdk.plugin.authentication.ldap.internal.LDAPAuthentication.setClientParasSeq(LDAPAuthentication.java:119)
at com.crystaldecisions.sdk.occa.security.internal.PlugInLoader.setParams(PlugInLoader.java:189)
at com.crystaldecisions.sdk.occa.security.internal.LogonService.doLogon(LogonService.java:318)
at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:693)
at com.crystaldecisions.sdk.occa.security.internal.LogonService.userLogon(LogonService.java:295)
at com.crystaldecisions.sdk.occa.security.internal.SecurityMgr.userLogon(SecurityMgr.java:166)
at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:425)
at com.reporting.util.ReportManager.generateTokenBO(ReportManager.java:161)
at com.reporting.util.ReportManager.main(ReportManager.java:144)
Caused by: java.lang.NullPointerException
at com.crystaldecisions.celib.misc.StringPatternHelper.split(StringPatternHelper.java:43)
at com.crystaldecisions.sdk.plugin.authentication.ldap.internal.LDAPHostInfoHelper.findHostElement(LDAPHostInfoHelper.java:132)
at com.crystaldecisions.sdk.plugin.authentication.ldap.internal.LDAPHostInfoHelper.findBestMatch(LDAPHostInfoHelper.java:110)
at com.crystaldecisions.sdk.plugin.authentication.ldap.internal.LDAPAuthentication.ExtractParameters(LDAPAuthentication.java:258)
at com.crystaldecisions.sdk.plugin.authentication.ldap.internal.LDAPAuthentication.setClientParasSeq(LDAPAuthentication.java:113)
... 8 more
kindly help to resolve this issue
I even had the exact issue when migrating from 3.x to 4.2, There are some changes to the Dependent Jar files of BI4.X.
The solution that worked for me is that, I have replaced my old BI jars with the new one and Added Few more jars jcmFIPS.jar,Tracelog.jar, jcm.jar.
These set of jar files can be found in "C:\Program Files (x86)\SAP Business Objects\SAP BusinessObjects Enterprise XI 4.0\java\lib".
I added the required jar files by finding the missing classes from my server error.
For more details --> https://help.sap.com/viewer/0225aa3e7b4b4b17b2d4a882e6f2de96/4.2.4/en-US/45f4d9ba6e041014910aba7db0e91070.html
I just upgraded the jenkins from 2.63 to 2.117 (Which I'm regretting now)
Here is the error message I'm getting at the end of all the jobs.
Please help me to understand and resolve this.
FATAL: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class hudson.model.FreeStyleBuild
java.lang.UnsupportedOperationException: Refusing to marshal java.io.PrintStream for security reasons; see https://jenkins.io/redirect/class-filter/
at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:543)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.EnvironmentVarSetter#log for class org.jenkinsci.plugins.EnvironmentVarSetter
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class hudson.model.FreeStyleBuild
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
at hudson.XmlFile.write(XmlFile.java:193)
Caused: java.io.IOException
at hudson.XmlFile.write(XmlFile.java:200)
at hudson.model.Run.save(Run.java:1923)
at hudson.model.Run.setDisplayName(Run.java:803)
at org.jenkinsci.plugins.buildnamesetter.BuildNameSetter.setDisplayName(BuildNameSetter.java:76)
at org.jenkinsci.plugins.buildnamesetter.BuildNameSetter.access$000(BuildNameSetter.java:31)
at org.jenkinsci.plugins.buildnamesetter.BuildNameSetter$1.tearDown(BuildNameSetter.java:64)
at hudson.model.Build$BuildExecution.doRun(Build.java:174)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1727)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Note: Others who are using older version of jenkins, there is a big chance that all your jobs will be messed up. So, Please do not update jenkins as of now. (https://jenkins.io/blog/2018/03/15/jep-200-lts/)
You can try the solution given in the official site of Jenkins
https://issues.jenkins-ci.org/browse/JENKINS-49144
Add the three following entries to whitelisted-classes.txt:
java.util.concurrent.locks.ReentrantLock
java.util.concurrent.locks.ReentrantLock$NonfairSync
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject
It is to do with the two things.
Permission to be updated to the .war file.
Build Pipeline plugin needs to be updated.
This solved my problem.
It's a known security fix in Jenkins https://github.com/jenkinsci/jep/tree/master/jep/200.
You can check list of affected plugins https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200 and upgrade your affected ones to overcome the error.
I installed Liferay on my server, and i get problem of not being able to add, update the site, page, and portlet. Only in View mode.
Just FYI i'm using:
Liferay 7.0 CE GA6
Linux OS v 3.10.0-693.21.1.el7.x86_64
Architecture : amd64
JAVA 1.8.0
The main page of my liferay only displays the Hello World portlet, and the navigation portlet and the configure page displaying message:
This portlet has been undeployed. Please redeploy it or remove it from
the page.
I have read some literature, saying that my liferay bundle is corrupted.
I already downloaded bundle liferay with wget or drag and drop bundle.zip via FTP. But always get the same result.
Resulting errors in tail -f ../logs/catalina.out :
When starting liferay :
Caused by: java.lang.RuntimeException: org.portletbridge.portlet.GUIDException: error - failure to instantiate GUIDGeneratorjava.net.UnknownHostException: portal: portal: Name or service not known
---
ERROR [localhost-startStop-1][com_liferay_portal_osgi_web_portlet_tracker:97] [com.liferay.portal.osgi.web.portlet.tracker.internal.PortletTracker(22)] The activate method has thrown an exception
java.lang.ExceptionInInitializerError
at org.portletbridge.portlet.PortletBridgePortlet.createViewPortlet(PortletBridgePortlet.java:219)
When access navigation portlet or the configure page:
ERROR [http-nio-8080-exec-6][BaseJSPPortletConfigurationIcon:59] Unable to include JSP /configuration/icon/copy_applications.jsp
ERROR [localhost-startStop-1][com_liferay_portal_osgi_web_portlet_tracker:97] [com.liferay.portal.osgi.web.portlet.tracker.internal.PortletTracker(22)] The activate method has thrown an exception
Caused by: java.lang.NullPointerException
at org.apache.jsp.configuration.icon.copy_005fapplications_jsp._jspService(copy_005fapplications_jsp:410)
Does any one know how to fix this?
I mean, Liferay can work normally as usual, as in the myliferay on localhost.
Thank you for your attention.
We faced this issue as well recently. Because of an unsatisfied reference, not all of GroupPagesPortlet's services started. In our case, there were an entry in the release_ table which state_ was not 0, it was 1. Value 1 means a failed upgrade.
In our case the workaround/solution was to change the value to 0 then restart the server.
In more details:
1) Connected to Gogo shell
2) Ran scr:list
Found:
[ 389] com.liferay.layout.admin.web.internal.portlet.GroupPagesPortlet enabled
[2746] [unsatisfied reference]
3) Running scr:info on the component ID (2746 in the above output), it reported the following unsatisfied references:
UnsatisfiedReference: MDRActionLocalService
Target: null
(no target services)
UnsatisfiedReference: MDRActionService
Target: null
(no target services)
UnsatisfiedReference: MDRRuleGroupInstanceLocalService
Target: null
(no target services)
UnsatisfiedReference: MDRRuleGroupInstanceService
Target: null
(no target services)
4) Ran dm wtf and it reported that com.liferay.mobile.device.rules.service doesn't have a proper release state, or is at the wrong version:
com.liferay.portal.kernel.model.Release (&(release.bundle.symbolic.name=com.liferay.mobile.device.rules.service)(&(release.schema.version>=1.0.0)(!(release.schema.version>=1.1.0)))(|(!(release.state=*))(release.state=0))) is not found in the service registry
So to summarize, com.liferay.mobile.device.rules.service failed to upgrade, which resulted in all of its transitive dependencies failing to start. GroupPagesPortlet happens to be one of those dependencies.
I'm currently wasting my time trying to figure out why WAS won't load my EAR and why said EAR have problem.
Context:
One of my colleague updated a version of a jar and then my m2e seem to have not picked up and was giving thousand of error (was working fine before)
I tried to check if it was Nexus (work fine). My encrypted password in the setting.xml (work fine).
I decided to try maven from the command line, everything worked fine there to.
When I tried again in RAD (IBM eclipse) everything was now ok, no more error.
I then proceeded to put the generated EAR in my websphere server via add and remove project and I get multiple error when I try to start the server with that ear. (see below)
I though that because it was compiled via maven cmd prompt, I might have compiled with the wrong jvm or something so I deleted my maven repo (.m2 in the user) and try to get the jar via m2e in RAD only.
It's worked until I started the server with the new EAR and got the same set of error.
Any idea on what to do to get rid of these error and have a healthy server.
Here some of the error:
[11/10/17 12:08:51:994 EST] 00000075 annotation W
com.ibm.ws.webcontainer.annotation.WASAnnotationHelper collectClasses
SRVE8000W: Skipped class that failed to initialize for annotation
scanning.
java.lang.ClassNotFoundException: org.springframework.web.servlet.tags.form.SelectTag at
java.lang.Class.forNameImpl(Native Method) at
java.lang.Class.forName(Class.java:219) ...
[11/10/17 12:09:00:282 EST] 00000075 wtp W
org.eclipse.jst.j2ee.commonarchivecore.internal.strategy.TempZipFile
clearTempFile Failed to delete temporary file [
C:\IBM\WebSphere\AppServer-x86\profiles\chris_pro\wstemp\appdepl15fa68a2a21\AuthRenfClientWeb-2.0.26.war2406380505527260260.tmp
] [11/10/17 12:09:00:433 EST] 00000075 SinglePathCla E WSVR0120E: An
error occurred processing com.mycom.bla.testalive.TestAliveServlet
java.io.FileNotFoundException:
C:\IBM\WebSphere\AppServer-x86\profiles\chris_pro\wstemp\appdepl15fa68a2a21\Client-1.61.5-SNAPSHOT.jar6655053587500024283.tmp
(The system cannot find the file specified.) ...
SRVE0266E: Error occured while initializing servlets: {0}
javax.servlet.UnavailableException: SRVE0203E: Servlet [SecurityManager]:
com.mycom.bla.pres.request.http.HttpSecurityManagerServlet was found,
but is missing another required class. SRVE0206E: This error typically
implies that the servlet was originally compiled with classes which
cannot be located by the server. SRVE0187E: Check your class path to
ensure that all classes required by the servlet are present.SRVE0210I:
This problem can be debugged by recompiling the servlet using only the
classes in the application's runtime class path SRVE0234I: Application
class
i tried an update of the sonarqube Server.
Now i get an error when i'm trying to scan my project with the ant task.
The error is "java.lang.IllegalStateException: Scanner engine is not started. Unable to execute task."
The Ant Task was succesful on my old Server (6.1), on the new one (6.5) it failed. So i tried to downgrade to 6.4, but the error still remains.
So i downgraded to 6.3 and the error disappears.
My question is, does anyone know about this error? And how can i solve it?
This is a misleading error message. I faced this error when I added Authentication to my server i.e. force authentication for every user.
If you have added authentication recently too, then you need to make sure that you are passing the sonar.login property through your scanner.
You may create a "build" user, generate its token and pass it to the sonar job.
This is how a token can be generated.