See
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/43/display/redirect?page=changes>
Changes:
[lukaszlenart] Upgrades OWASP Dependency Check plugin to the latest version and
reduces
------------------------------------------
[...truncated 1.15 MB...]
2018-02-22 22:32:51,091 INFO [main] profiling.UtilTimerStack
(UtilTimerStack.java:385) - [0ms] - execute:
[0ms] - invoke:
[0ms] - interceptorMapping: test
[0ms] - invoke:
[0ms] - invokeAction: TestInterceptorParam
[0ms] - executeResult: error
2018-02-22 22:32:51,116 INFO [main] profiling.UtilTimerStack
(UtilTimerStack.java:385) - [1ms] - create DefaultActionProxy:
[1ms] - actionCreate: Foo
2018-02-22 22:32:51,116 INFO [main] interceptor.LoggingInterceptor
(LoggingInterceptor.java:86) - Starting execution stack for action
/does/not/exist/Foo
2018-02-22 22:32:51,120 INFO [main] interceptor.LoggingInterceptor
(LoggingInterceptor.java:86) - Finishing execution stack for action
/does/not/exist/Foo
2018-02-22 22:32:51,121 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:205) - Executed action [/does/not/exist/Foo!execute]
took 5 ms.
2018-02-22 22:32:51,121 INFO [main] profiling.UtilTimerStack
(UtilTimerStack.java:385) - [5ms] - execute:
[5ms] - invoke:
[5ms] - interceptorMapping: timer
[5ms] - invoke:
[5ms] - interceptorMapping: logger
[4ms] - invoke:
[4ms] - interceptorMapping: staticParams
[1ms] - invoke:
[1ms] - interceptorMapping: modelDriven
[1ms] - invoke:
[1ms] - interceptorMapping: params
[0ms] - invoke:
[0ms] - invokeAction: Foo
[0ms] - executeResult: success
[0ms] - create DefaultActionProxy:
[0ms] - actionCreate: Bar
[0ms] - execute:
[0ms] - invoke:
[0ms] - invokeAction: Bar
[0ms] - executeResult: error
2018-02-22 22:32:51,126 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:205) - Executed action [myAction!execute] took 0 ms.
2018-02-22 22:32:51,131 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:205) - Executed action [myApp/myAction!input] took 0 ms.
2018-02-22 22:32:51,135 WARN [main] interceptor.TimerInterceptor
(TimerInterceptor.java:214) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,139 ERROR [main] interceptor.TimerInterceptor
(TimerInterceptor.java:216) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,151 FATAL [main] interceptor.TimerInterceptor
(TimerInterceptor.java:218) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,155 ERROR [main] interceptor.TimerInterceptor
(TimerInterceptor.java:216) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,159 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:212) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,163 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:205) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,167 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:205) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,175 INFO [main] interceptor.TimerInterceptor
(TimerInterceptor.java:212) - Executed action [myApp/myAction!execute] took 0
ms.
2018-02-22 22:32:51,950 WARN [main] xwork2.DefaultLocaleProvider
(DefaultLocaleProvider.java:53) - Cannot convert [_] to proper locale
java.lang.IllegalArgumentException: Invalid locale format: _
at org.apache.commons.lang3.LocaleUtils.toLocale(LocaleUtils.java:102)
~[commons-lang3-3.6.jar:3.6]
at
com.opensymphony.xwork2.DefaultLocaleProvider.isValidLocaleString(DefaultLocaleProvider.java:51)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptor.getLocaleFromParam(I18nInterceptor.java:166)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptor$SessionLocaleHandler.find(I18nInterceptor.java:276)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:104)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptorTest.testDefaultLocale(I18nInterceptorTest.java:88)
[test-classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_80]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_80]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_80]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80]
at junit.framework.TestCase.runTest(TestCase.java:176)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.runBare(TestCase.java:141)
[junit-4.12.jar:4.12]
at junit.framework.TestResult$1.protect(TestResult.java:122)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.runProtected(TestResult.java:142)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.run(TestResult.java:125)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12]
at junit.framework.TestSuite.runTest(TestSuite.java:252)
[junit-4.12.jar:4.12]
at junit.framework.TestSuite.run(TestSuite.java:247)
[junit-4.12.jar:4.12]
at org.testng.junit.JUnitTestRunner.doRun(JUnitTestRunner.java:250)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211)
[testng-5.14.10.jar:?]
at org.testng.TestRunner$1.run(TestRunner.java:659)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
[testng-5.14.10.jar:?]
at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?]
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
[surefire-booter-2.20.1.jar:2.20.1]
2018-02-22 22:32:51,970 INFO [main] profiling.UtilTimerStack
(UtilTimerStack.java:385) - [0ms] - create DefaultActionProxy:
[0ms] - actionCreate: chainedAction
2018-02-22 22:32:51,977 INFO [main] struts2.TestResult (TestResult.java:74) -
executing TestResult.
2018-02-22 22:32:51,980 INFO [main] profiling.UtilTimerStack
(UtilTimerStack.java:385) - [10ms] - execute:
[10ms] - invoke:
[1ms] - invokeAction: chainedAction
[9ms] - executeResult: error
[0ms] - create DefaultActionProxy:
[0ms] - actionCreate: chaintoAction
[9ms] - execute:
[9ms] - invoke:
[9ms] - interceptorMapping: chainStack
[4ms] - invoke:
[0ms] - invokeAction: chaintoAction
[3ms] - executeResult: success
[INFO] Tests run: 1790, Failures: 0, Errors: 0, Skipped: 0, Time elapsed:
79.677 s - in TestSuite
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1790, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.11:check (default) @ struts2-core ---
[INFO] 51 implicit excludes (use -debug for more details).
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 1580 resources included (use -debug for more details)
[INFO] Rat check: Summary of files. Unapproved: 0 unknown: 0 generated: 0
approved: 1573 licence.
[INFO]
[INFO] --- maven-jar-plugin:3.0.0:jar (default-jar) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.0:jar (attach-sources) > generate-sources @
struts2-core >>>
[INFO]
[INFO] <<< maven-source-plugin:3.0.0:jar (attach-sources) < generate-sources @
struts2-core <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.0:jar (attach-sources) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.5.1:attach-descriptor (attach-descriptor) @
struts2-core ---
[INFO]
[INFO] --- dependency-check-maven:3.1.1:check (default) @ struts2-core ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Check for updates complete (15 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Central Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished Cpe Suppression Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2
Core:
struts-core-1.3.8.jar (org.apache.struts:struts-core:1.3.8,
cpe:/a:apache:struts:1.3.8) : CVE-2016-1181, CVE-2016-1182, CVE-2014-0114,
CVE-2015-0899
struts-tiles-1.3.8.jar (cpe:/a:apache:tiles:1.3.8,
org.apache.struts:struts-tiles:1.3.8, cpe:/a:apache:struts:1.3.8) :
CVE-2016-1181, CVE-2016-1182, CVE-2014-0114, CVE-2015-0899
bsh-2.0b4.jar (org.beanshell:bsh:2.0b4,
cpe:/a:beanshell_project:beanshell:2.0.b4) : CVE-2016-2510
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.449 s]
[INFO] Struts 2 ........................................... SUCCESS [02:42 min]
[INFO] Struts 2 Core ...................................... FAILURE [01:55 min]
[INFO] Struts Plugins ..................................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Embedded JSP Plugin ....................... SKIPPED
[INFO] Struts 2 GXP Plugin ................................ SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 OSGi Plugin ............................... SKIPPED
[INFO] Struts 2 OVal Plugin ............................... SKIPPED
[INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED
[INFO] Struts 2 Plexus Plugin ............................. SKIPPED
[INFO] Struts 2 Portlet Plugin ............................ SKIPPED
[INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts OSGi Bundles ................................ SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:41 min
[INFO] Finished at: 2018-02-22T22:33:02Z
[INFO] Final Memory: 61M/1869M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.1:check
(default) on project struts2-core:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have
a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] struts-core-1.3.8.jar: CVE-2014-0114
[ERROR] struts-tiles-1.3.8.jar: CVE-2014-0114
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-core
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
