Gary D. Gregory created MSHARED-1248:
----------------------------------------
Summary: maven-dependency-analyzer should not log and not fail
when analyzing a corrupted jar file
Key: MSHARED-1248
URL: https://issues.apache.org/jira/browse/MSHARED-1248
Project: Maven Shared Components
Issue Type: Improvement
Reporter: Gary D. Gregory
In Apache Commons BCEL, we include corrupted jar files created by the oss-fuzz
project which causes the build to fail when the CycloneDX plugin runs to create
an SBOM.
This issue happens only after getting past the issue fixed by MSHARED-1247
{noformat}
[DEBUG] CycloneDX: Calculating Hashes
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.594 s
[INFO] Finished at: 2023-04-29T15:23:05-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on
project bcel: Execution default-cli of goal
org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: Unsupported
class file major version 1025 from directory =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
-> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal
org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on
project bcel: Execution default-cli of goal
org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: Unsupported
class file major version 1025 from directory =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:347)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:347)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execution
default-cli of goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom
failed: Unsupported class file major version 1025 from directory =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:133)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:342)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:347)
Caused by: java.lang.RuntimeException: Unsupported class file major version
1025 from directory = C:\Users\ggregory\git\a\commons-bcel\target\test-classes,
path =
C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
at
org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.acceptDirectory
(ClassFileVisitorUtils.java:102)
at org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.accept
(ClassFileVisitorUtils.java:59)
at
org.apache.maven.shared.dependency.analyzer.asm.ASMDependencyAnalyzer.analyze
(ASMDependencyAnalyzer.java:43)
at
org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildDependencyClasses
(DefaultProjectDependencyAnalyzer.java:206)
at
org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildTestDependencyClasses
(DefaultProjectDependencyAnalyzer.java:200)
at
org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.analyze
(DefaultProjectDependencyAnalyzer.java:68)
at org.cyclonedx.maven.CycloneDxMojo.doProjectDependencyAnalysis
(CycloneDxMojo.java:86)
at
org.cyclonedx.maven.CycloneDxAggregateMojo.extractComponentsAndDependencies
(CycloneDxAggregateMojo.java:130)
at org.cyclonedx.maven.BaseCycloneDxMojo.execute
(BaseCycloneDxMojo.java:258)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:342)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:347)
Caused by: java.lang.IllegalArgumentException: Unsupported class file major
version 1025
at org.objectweb.asm.ClassReader.<init> (ClassReader.java:199)
at org.objectweb.asm.ClassReader.<init> (ClassReader.java:180)
at org.objectweb.asm.ClassReader.<init> (ClassReader.java:166)
at
org.apache.maven.shared.dependency.analyzer.asm.DependencyClassFileVisitor.visitClass
(DependencyClassFileVisitor.java:57)
at
org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.visitClass
(ClassFileVisitorUtils.java:120)
at
org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.visitClass
(ClassFileVisitorUtils.java:112)
at
org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.acceptDirectory
(ClassFileVisitorUtils.java:98)
at org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.accept
(ClassFileVisitorUtils.java:59)
at
org.apache.maven.shared.dependency.analyzer.asm.ASMDependencyAnalyzer.analyze
(ASMDependencyAnalyzer.java:43)
at
org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildDependencyClasses
(DefaultProjectDependencyAnalyzer.java:206)
at
org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildTestDependencyClasses
(DefaultProjectDependencyAnalyzer.java:200)
at
org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.analyze
(DefaultProjectDependencyAnalyzer.java:68)
at org.cyclonedx.maven.CycloneDxMojo.doProjectDependencyAnalysis
(CycloneDxMojo.java:86)
at
org.cyclonedx.maven.CycloneDxAggregateMojo.extractComponentsAndDependencies
(CycloneDxAggregateMojo.java:130)
at org.cyclonedx.maven.BaseCycloneDxMojo.execute
(BaseCycloneDxMojo.java:258)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:342)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:347)
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
[DEBUG] Shutting down adapter factory; available factories [file-lock,
rwlock-local, semaphore-local, noop]; available name mappers [discriminating,
file-gav, file-hgav, file-static, gav, static]
[DEBUG] Shutting down 'file-lock' factory
[DEBUG] Shutting down 'rwlock-local' factory
[DEBUG] Shutting down 'semaphore-local' factory
[DEBUG] Shutting down 'noop' factory
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
