[jira] [Updated] (MSHARED-1248) maven-dependency-analyzer should log instead of failing when analyzing a corrupted jar file
[ https://issues.apache.org/jira/browse/MSHARED-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1248: - Fix Version/s: maven-dependency-analyzer-1.13.3 (was: maven-dependency-analyzer-next-release) > maven-dependency-analyzer should log instead of failing when analyzing a > corrupted jar file > --- > > Key: MSHARED-1248 > URL: https://issues.apache.org/jira/browse/MSHARED-1248 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-dependency-analyzer >Affects Versions: maven-dependency-analyzer-1.13.1 > Environment: Apache Maven 3.9.1 > (2e178502fcdbffc201671fb2537d0cb4b4cc58f8) > Maven home: C:\java\apache-maven-3.9.1 > Java version: 1.8.0_362, vendor: Temurin, runtime: C:\Program Files\Eclipse > Adoptium\jdk-8.0.362.9-hotspot\jre > Default locale: en_US, platform encoding: Cp1252 > OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows" > Microsoft Windows [Version 10.0.19044.2728] >Reporter: Gary D. Gregory >Assignee: Elliotte Rusty Harold >Priority: Major > Fix For: maven-dependency-analyzer-1.13.3 > > > In Apache Commons BCEL, we include corrupted jar files created by the > oss-fuzz project which causes the build to fail when the CycloneDX plugin > runs to create an SBOM. > This issue happens only after getting past the issue fixed by MSHARED-1247 > {noformat} > [DEBUG] CycloneDX: Calculating Hashes > [INFO] > > [INFO] BUILD FAILURE > [INFO] > > [INFO] Total time: 3.594 s > [INFO] Finished at: 2023-04-29T15:23:05-04:00 > [INFO] > > [ERROR] Failed to execute goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on > project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom > (default-cli) on project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > (MojoExecutor.java:347) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:330) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:213) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:175) > at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 > (MojoExecutor.java:76) > at org.apache.maven.lifecycle.internal.MojoExecutor$1.run > (MojoExecutor.java:163) > at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute > (DefaultMojosExecutionStrategy.java:39) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:160) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:105) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:73) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:53) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:118) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:195) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke
[jira] [Updated] (MSHARED-1248) maven-dependency-analyzer should log instead of failing when analyzing a corrupted jar file
[ https://issues.apache.org/jira/browse/MSHARED-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Elliotte Rusty Harold updated MSHARED-1248: --- Fix Version/s: maven-dependency-analyzer-next-release > maven-dependency-analyzer should log instead of failing when analyzing a > corrupted jar file > --- > > Key: MSHARED-1248 > URL: https://issues.apache.org/jira/browse/MSHARED-1248 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-dependency-analyzer >Affects Versions: maven-dependency-analyzer-1.13.1 > Environment: Apache Maven 3.9.1 > (2e178502fcdbffc201671fb2537d0cb4b4cc58f8) > Maven home: C:\java\apache-maven-3.9.1 > Java version: 1.8.0_362, vendor: Temurin, runtime: C:\Program Files\Eclipse > Adoptium\jdk-8.0.362.9-hotspot\jre > Default locale: en_US, platform encoding: Cp1252 > OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows" > Microsoft Windows [Version 10.0.19044.2728] >Reporter: Gary D. Gregory >Priority: Major > Fix For: maven-dependency-analyzer-next-release > > > In Apache Commons BCEL, we include corrupted jar files created by the > oss-fuzz project which causes the build to fail when the CycloneDX plugin > runs to create an SBOM. > This issue happens only after getting past the issue fixed by MSHARED-1247 > {noformat} > [DEBUG] CycloneDX: Calculating Hashes > [INFO] > > [INFO] BUILD FAILURE > [INFO] > > [INFO] Total time: 3.594 s > [INFO] Finished at: 2023-04-29T15:23:05-04:00 > [INFO] > > [ERROR] Failed to execute goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on > project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom > (default-cli) on project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > (MojoExecutor.java:347) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:330) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:213) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:175) > at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 > (MojoExecutor.java:76) > at org.apache.maven.lifecycle.internal.MojoExecutor$1.run > (MojoExecutor.java:163) > at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute > (DefaultMojosExecutionStrategy.java:39) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:160) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:105) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:73) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:53) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:118) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:195) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:498) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced >
[jira] [Updated] (MSHARED-1248) maven-dependency-analyzer should log instead of failing when analyzing a corrupted jar file
[ https://issues.apache.org/jira/browse/MSHARED-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Elliotte Rusty Harold updated MSHARED-1248: --- Issue Type: Bug (was: Improvement) > maven-dependency-analyzer should log instead of failing when analyzing a > corrupted jar file > --- > > Key: MSHARED-1248 > URL: https://issues.apache.org/jira/browse/MSHARED-1248 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-dependency-analyzer >Affects Versions: maven-dependency-analyzer-1.13.1 > Environment: Apache Maven 3.9.1 > (2e178502fcdbffc201671fb2537d0cb4b4cc58f8) > Maven home: C:\java\apache-maven-3.9.1 > Java version: 1.8.0_362, vendor: Temurin, runtime: C:\Program Files\Eclipse > Adoptium\jdk-8.0.362.9-hotspot\jre > Default locale: en_US, platform encoding: Cp1252 > OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows" > Microsoft Windows [Version 10.0.19044.2728] >Reporter: Gary D. Gregory >Priority: Major > > In Apache Commons BCEL, we include corrupted jar files created by the > oss-fuzz project which causes the build to fail when the CycloneDX plugin > runs to create an SBOM. > This issue happens only after getting past the issue fixed by MSHARED-1247 > {noformat} > [DEBUG] CycloneDX: Calculating Hashes > [INFO] > > [INFO] BUILD FAILURE > [INFO] > > [INFO] Total time: 3.594 s > [INFO] Finished at: 2023-04-29T15:23:05-04:00 > [INFO] > > [ERROR] Failed to execute goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on > project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom > (default-cli) on project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > (MojoExecutor.java:347) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:330) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:213) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:175) > at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 > (MojoExecutor.java:76) > at org.apache.maven.lifecycle.internal.MojoExecutor$1.run > (MojoExecutor.java:163) > at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute > (DefaultMojosExecutionStrategy.java:39) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:160) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:105) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:73) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:53) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:118) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:195) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:498) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch
[jira] [Updated] (MSHARED-1248) maven-dependency-analyzer should log instead of failing when analyzing a corrupted jar file
[ https://issues.apache.org/jira/browse/MSHARED-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory updated MSHARED-1248: - Summary: maven-dependency-analyzer should log instead of failing when analyzing a corrupted jar file (was: maven-dependency-analyzer should not log and not fail when analyzing a corrupted jar file) > maven-dependency-analyzer should log instead of failing when analyzing a > corrupted jar file > --- > > Key: MSHARED-1248 > URL: https://issues.apache.org/jira/browse/MSHARED-1248 > Project: Maven Shared Components > Issue Type: Improvement > Components: maven-dependency-analyzer >Affects Versions: maven-dependency-analyzer-1.13.1 > Environment: Apache Maven 3.9.1 > (2e178502fcdbffc201671fb2537d0cb4b4cc58f8) > Maven home: C:\java\apache-maven-3.9.1 > Java version: 1.8.0_362, vendor: Temurin, runtime: C:\Program Files\Eclipse > Adoptium\jdk-8.0.362.9-hotspot\jre > Default locale: en_US, platform encoding: Cp1252 > OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows" > Microsoft Windows [Version 10.0.19044.2728] >Reporter: Gary D. Gregory >Priority: Major > > In Apache Commons BCEL, we include corrupted jar files created by the > oss-fuzz project which causes the build to fail when the CycloneDX plugin > runs to create an SBOM. > This issue happens only after getting past the issue fixed by MSHARED-1247 > {noformat} > [DEBUG] CycloneDX: Calculating Hashes > [INFO] > > [INFO] BUILD FAILURE > [INFO] > > [INFO] Total time: 3.594 s > [INFO] Finished at: 2023-04-29T15:23:05-04:00 > [INFO] > > [ERROR] Failed to execute goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on > project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > -> [Help 1] > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom > (default-cli) on project bcel: Execution default-cli of goal > org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed: > Unsupported class file major version 1025 from directory = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path = > C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 > (MojoExecutor.java:347) > at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute > (MojoExecutor.java:330) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:213) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:175) > at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 > (MojoExecutor.java:76) > at org.apache.maven.lifecycle.internal.MojoExecutor$1.run > (MojoExecutor.java:163) > at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute > (DefaultMojosExecutionStrategy.java:39) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:160) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:105) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:73) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:53) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:118) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:195) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:498) >