Discussion:
OWASP dependency check plugin - resolve java classpath issues
Sathwik B P
2018-09-14 10:33:44 UTC
Permalink
Hi Guys,

Here is the sample OWASP dependecy check plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake

I am encountering a java classpath issue. In the Rakefile when I enable
jetty addon
https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20

We encoutner this error:
E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating
'dependency_check' task: Could not create type dependency_check due to
java.lang.NoSuchMethodError:
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
Buildr aborted!
Java::OrgApacheToolsAnt::BuildException : Could not create type
dependency_check due to java.lang.NoSuchMethodError:
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;

This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java
classpath and the owasp plugin requires SLF4J 1.7.12

I did try to override the version of SLF4j required by jetty in the
Rakefile, but it did not help.
Buildr::Jetty::SLF4J_VERSION="1.7.12"

I could get it working with adding Java.classpath << REQUIRES in owasp.rake
file but when I use this owasp.rake in Apache ODE build, it creates a lot
of other classpath issues.

Any ideas, to get this thing working?

regards,
sathwik
Sathwik B P
2018-09-20 06:23:52 UTC
Permalink
I could not find a way to make this work, beacuse Jetty puts the SLF4J
ahead in the classpath. OWASP Ant task will not work with this :(

I also tried with buildr 1.5.6, but it created more complications in the
ODE build, OPENJPA enhance ant tasks went down :(

Finally I had to look for the command line options of OWASP, runnig an
independent java process in buildr. This works perfectly.
I have replaced the ANT task with CMD plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake

regards,
sathwik
Post by Sathwik B P
Hi Guys,
Here is the sample OWASP dependecy check plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
I am encountering a java classpath issue. In the Rakefile when I enable
jetty addon
https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20
E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating
'dependency_check' task: Could not create type dependency_check due to
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
Buildr aborted!
Java::OrgApacheToolsAnt::BuildException : Could not create type
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java
classpath and the owasp plugin requires SLF4J 1.7.12
I did try to override the version of SLF4j required by jetty in the
Rakefile, but it did not help.
Buildr::Jetty::SLF4J_VERSION="1.7.12"
I could get it working with adding Java.classpath << REQUIRES in
owasp.rake file but when I use this owasp.rake in Apache ODE build, it
creates a lot of other classpath issues.
Any ideas, to get this thing working?
regards,
sathwik
Peter Donald
2018-09-21 00:32:44 UTC
Permalink
Hi,

I missed the original mail but I often find it is better to run these
commands externally regardless so that you release all the memory when
the task is done. The speed up you get for running things inline in
the buildr jvm is usually only an advantage if there is a lot of
classes to load and the task is called multiple times.
Post by Sathwik B P
I could not find a way to make this work, beacuse Jetty puts the SLF4J
ahead in the classpath. OWASP Ant task will not work with this :(
I also tried with buildr 1.5.6, but it created more complications in the
ODE build, OPENJPA enhance ant tasks went down :(
Finally I had to look for the command line options of OWASP, runnig an
independent java process in buildr. This works perfectly.
I have replaced the ANT task with CMD plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
regards,
sathwik
Post by Sathwik B P
Hi Guys,
Here is the sample OWASP dependecy check plugin
https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake
I am encountering a java classpath issue. In the Rakefile when I enable
jetty addon
https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20
E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating
'dependency_check' task: Could not create type dependency_check due to
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
Buildr aborted!
Java::OrgApacheToolsAnt::BuildException : Could not create type
org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder;
This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java
classpath and the owasp plugin requires SLF4J 1.7.12
I did try to override the version of SLF4j required by jetty in the
Rakefile, but it did not help.
Buildr::Jetty::SLF4J_VERSION="1.7.12"
I could get it working with adding Java.classpath << REQUIRES in
owasp.rake file but when I use this owasp.rake in Apache ODE build, it
creates a lot of other classpath issues.
Any ideas, to get this thing working?
regards,
sathwik
--
Cheers,

Peter Donald
Loading...