[TOMEE-2957] Fix OWASP Checks on ASF Jenkins Environment - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0.9, 7.1.4, 8.0.5, 8.0.6
Fix Version/s: 7.0.10, 7.1.5, 8.0.7, 8.0.8
Component/s: TomEE Build
Labels:
None
Environment:

Hide
[1mApache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)[m
Maven home: /usr/local/asfpackages/maven/apache-maven-3.6.3
Java version: 1.8.0_252, vendor: Oracle Corporation, runtime: /usr/local/asfpackages/java/openjdk-8u252-b09/jre
Default locale: en_US, platform encoding: ISO-8859-1
OS name: "linux", version: "4.15.0-99-generic", arch: "amd64", family: "unix"

Show
[1mApache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)[m Maven home: /usr/local/asfpackages/maven/apache-maven-3.6.3 Java version: 1.8.0_252, vendor: Oracle Corporation, runtime: /usr/local/asfpackages/java/openjdk-8u252-b09/jre Default locale: en_US, platform encoding: ISO-8859-1 OS name: "linux", version: "4.15.0-99-generic", arch: "amd64", family: "unix"

Description

Jenkins build for the "master-owasp-check" failed due to an unresolveable maven property `maven.multiModuleProjectDirectory` [1].

[ERROR] Unable to create an Input Stream for ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xmljava.io.FileNotFoundException: ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml (No such file or directory)
at java.io.FileInputStream.open0 (Native Method)
at java.io.FileInputStream.open (FileInputStream.java:195)
at java.io.FileInputStream.<init> (FileInputStream.java:138)
at java.io.FileInputStream.<init> (FileInputStream.java:93)
at org.owasp.dependencycheck.utils.FileUtils.getResourceAsStream (FileUtils.java:166)
at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionFile (AbstractSuppressionAnalyzer.java:218)
at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionData (AbstractSuppressionAnalyzer.java:132)
at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:103)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102)
at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:781)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:617)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1620)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:889)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.jvnet.hudson.maven3.launcher.Maven35Launcher.main (Maven35Launcher.java:130)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at jenkins.maven3.agent.Maven35Main.launch (Maven35Main.java:178)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at hudson.maven.Maven3Builder.call (Maven3Builder.java:139)
at hudson.maven.Maven3Builder.call (Maven3Builder.java:70)
at hudson.remoting.UserRequest.perform (UserRequest.java:211)
at hudson.remoting.UserRequest.perform (UserRequest.java:54)
at hudson.remoting.Request$2.run (Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call (InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run (FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
at java.lang.Thread.run (Thread.java:748)[WARNING] Suppression file '${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml' does not exist[ERROR] Exception occurred initializing Vulnerability Suppression Analyzer.[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)

[1] https://ci-builds.apache.org/job/Tomee/job/master-owasp-check/20/console

Attachments

Activity

People

Assignee:: Richard Zowalla

Reporter:: Richard Zowalla

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Jan/21 09:54

Updated:: 12/May/21 14:35

Resolved:: 18/Jan/21 18:05