Re: Using Deps/CLI for building mixed Clojure & Java projects

[Alan Thompson]

Since Kaocha already uses a short shell script to kick things off, I just
added a manual Java compile step there.  I saved the results in my Clojure
template project:

https://github.com/io-tupelo/clj-template

I'll still take a closer look at badigeon in the future.  It seems to have
many useful features.

Alan


On Thu, Apr 2, 2020 at 2:32 PM Sean Corfield  wrote:

> And you might look at https://github.com/EwenG/badigeon (which is listed
> on that tools page) since it says it will "Compile java sources"
> according to the readme
>
> On Thu, Apr 2, 2020 at 2:30 PM Sean Corfield  wrote:
>
>> You would need to write a Clojure script with a -main function that would
>> (somehow) compile Java source code according to whatever rules you wanted
>> and then invoke it from the CLI (as an initial step to get the compiled
>> class files onto the classpath that a subsequent CLI invocation could use).
>>
>> It would be just another tool like any of the others listed here:
>> https://github.com/clojure/tools.deps.alpha/wiki/Tools
>>
>> On Thu, Apr 2, 2020 at 2:18 PM Alan Thompson  wrote:
>>
>>> I've seen this conversation:
>>> https://clojureverse.org/t/is-there-a-sales-pitch-for-switching-to-deps-edn-from-lein-in-2020/5367/15
>>>
>>> which seems to say there is no existing way to combine Java & Clojure
>>> source code when building with deps/CLI.  Is this correct?
>>>
>>> If so, what would be entailed in enhancing Deps/CLI to handle Java
>>> source files?
>>>
>>> Thanks,
>>> Alan
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Clojure" group.
>>> To post to this group, send email to clojure@googlegroups.com
>>> Note that posts from new members are moderated - please be patient with
>>> your first post.
>>> To unsubscribe from this group, send email to
>>> clojure+unsubscr...@googlegroups.com
>>> For more options, visit this group at
>>> http://groups.google.com/group/clojure?hl=en
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Clojure" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to clojure+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/clojure/CAN67zA3%3DxtbsaC3iGgBSjPgUjw0LwZp%2Bu6bM54ktr1svgxeESQ%40mail.gmail.com
>>> 
>>> .
>>>
>>
>>
>> --
>> Sean A Corfield -- (904) 302-SEAN
>> An Architect's View -- http://corfield.org/
>> World Singles Networks, LLC. -- https://worldsinglesnetworks.com/
>>
>> "Perfection is the enemy of the good."
>> -- Gustave Flaubert, French realist novelist (1821-1880)
>>
>
>
> --
> Sean A Corfield -- (904) 302-SEAN
> An Architect's View -- http://corfield.org/
> World Singles Networks, LLC. -- https://worldsinglesnetworks.com/
>
> "Perfection is the enemy of the good."
> -- Gustave Flaubert, French realist novelist (1821-1880)
>
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clojure@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to clojure+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/clojure/CAD4thx8pLe4mnDvQyb0Sf%2BfrpHNc_NKA5RO4bFKw69SDvrCuAQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/CAN67zA3csMt8-u%3DxRi-9ndoOf78%2B%2B3ZEinRBq3v_gTQj-_SrZA%40mail.gmail.com.

Re: HP Fortify Security Scanner and Clojure

['Alex Miller' via Clojure]

Most Clojure classes cannot be decompiled to Java (locals clearing is all 
over it and has no Java equivalent, just as one problem, there are others).

Some people have tried this with Fortify and other bytecode oriented 
scanners but I don't know of anyone that's gotten any results that were 
useful.

On Thursday, April 2, 2020 at 5:33:50 PM UTC-5, Didier wrote:
>
> Reviving an old topic here, does anyone know of a Clojure 1.10 compatible 
> security analysis tool? I too thought of just decompiling the .class to 
> Java. It also appears Fortify can run on bytecode only, so I might give 
> that a try if I can't find anything else.
>
> Regards
>
> On Wednesday, 21 October 2015 15:14:31 UTC-7, Alex Miller wrote:
>>
>> In general, Clojure code cannot be decompiled from .class to .java as the 
>> Clojure generated bytecode does things that cannot be represented in Java. 
>> The particular issue below looks like the local-clearing code. It is 
>> possible to turn that off during compilation, however there are likely 
>> other things as well that cannot be decompiled satisfactorily.
>>
>> FindBugs works directly from bytecode (not source code) so might be more 
>> amenable for this kind of analysis. There is a sonar plugin (
>> https://github.com/zmsp/sonar-clojure) which uses Eastwood and Kibit 
>> that might also be useful.
>>
>> FYI, Clojure is registered in CVE with id CVE-2015-4653 (although there 
>> are no reports registered yet). I gather that it is useful to create at 
>> least one such thing to make it searchable and I have that on my todo list 
>> (although it's not a high priority). 
>>
>> Alex
>>
>>
>> On Wednesday, October 21, 2015 at 3:41:21 PM UTC-5, ryan medlin wrote:
>>>
>>> A customer requires that we scan our clojure projects with this tool:
>>>
>>> http://www8.hp.com/us/en/software-solutions/static-code-analysis-sast/
>>>
>>>
>>> They must get some meaningful report from this.
>>>
>>> So I thought, well why don't I compile and then decompile the class 
>>> files and then scan those to at least give them something.
>>>
>>> However when I do that I get a TON of high security issues in multiple 
>>> dependencies (ring, clojure.core)
>>>
>>> Here is the most prevalent:
>>>
>>> https://cwe.mitre.org/data/definitions/476.html
>>>
>>> /* */ package nio;
>>> /* */ 
>>> /* */ import clojure.lang.AFunction;
>>> /* */ import clojure.lang.IFn;
>>> /* */ import clojure.lang.RT;
>>> /* */ import clojure.lang.Var;
>>> /* */ import java.nio.Buffer;
>>> /* */ import java.nio.ByteBuffer;
>>> /* */ 
>>> /* */ public final class core$fn__1869 extends AFunction
>>> /* */ {
>>> /* 284 */   public static final Var const__0 = 
>>> (Var)RT.var("clojure.core", "make-array");
>>> /* */ 
>>> /* */   public Object invoke(Object x)
>>> /* */   {
>>> /* 297 */ x = null; Object x = ((ByteBuffer)x).duplicate();
>>> /* 298 */ Object array = 
>>> ((IFn)const__0.getRawRoot()).invoke(Byte.TYPE, 
>>> Integer.valueOf(((Buffer)x).remaining()));
>>> /* 299 */ x = null; ((ByteBuffer)x).get((byte[])array); array = 
>>> null; return array;
>>> /* */   }
>>> /* */ }
>>>
>>>
>>> Decompiler:
>>>
>>> http://jd.benow.ca/
>>>
>>> Id the decompiler somehow generating code with these security issues and 
>>> the actual bytecode does not have them maybe?
>>>
>>>
>>> I have no idea how to move forward with this.  We have to "check a box" 
>>> for them in corporate speak yet there is no clear path to run a dependable 
>>> security scan against the codebase.
>>>
>>>
>>> Yes I realize this is silly to demand running this tool.
>>>
>>> Any other tools out there that might be able to scan Clojure code like 
>>> this?
>>>
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/a5df2592-6ade-4503-a58d-9004b901955a%40googlegroups.com.

Re: HP Fortify Security Scanner and Clojure

[Didier]

Reviving an old topic here, does anyone know of a Clojure 1.10 compatible 
security analysis tool? I too thought of just decompiling the .class to 
Java. It also appears Fortify can run on bytecode only, so I might give 
that a try if I can't find anything else.

Regards

On Wednesday, 21 October 2015 15:14:31 UTC-7, Alex Miller wrote:
>
> In general, Clojure code cannot be decompiled from .class to .java as the 
> Clojure generated bytecode does things that cannot be represented in Java. 
> The particular issue below looks like the local-clearing code. It is 
> possible to turn that off during compilation, however there are likely 
> other things as well that cannot be decompiled satisfactorily.
>
> FindBugs works directly from bytecode (not source code) so might be more 
> amenable for this kind of analysis. There is a sonar plugin (
> https://github.com/zmsp/sonar-clojure) which uses Eastwood and Kibit that 
> might also be useful.
>
> FYI, Clojure is registered in CVE with id CVE-2015-4653 (although there 
> are no reports registered yet). I gather that it is useful to create at 
> least one such thing to make it searchable and I have that on my todo list 
> (although it's not a high priority). 
>
> Alex
>
>
> On Wednesday, October 21, 2015 at 3:41:21 PM UTC-5, ryan medlin wrote:
>>
>> A customer requires that we scan our clojure projects with this tool:
>>
>> http://www8.hp.com/us/en/software-solutions/static-code-analysis-sast/
>>
>>
>> They must get some meaningful report from this.
>>
>> So I thought, well why don't I compile and then decompile the class files 
>> and then scan those to at least give them something.
>>
>> However when I do that I get a TON of high security issues in multiple 
>> dependencies (ring, clojure.core)
>>
>> Here is the most prevalent:
>>
>> https://cwe.mitre.org/data/definitions/476.html
>>
>> /* */ package nio;
>> /* */ 
>> /* */ import clojure.lang.AFunction;
>> /* */ import clojure.lang.IFn;
>> /* */ import clojure.lang.RT;
>> /* */ import clojure.lang.Var;
>> /* */ import java.nio.Buffer;
>> /* */ import java.nio.ByteBuffer;
>> /* */ 
>> /* */ public final class core$fn__1869 extends AFunction
>> /* */ {
>> /* 284 */   public static final Var const__0 = 
>> (Var)RT.var("clojure.core", "make-array");
>> /* */ 
>> /* */   public Object invoke(Object x)
>> /* */   {
>> /* 297 */ x = null; Object x = ((ByteBuffer)x).duplicate();
>> /* 298 */ Object array = 
>> ((IFn)const__0.getRawRoot()).invoke(Byte.TYPE, 
>> Integer.valueOf(((Buffer)x).remaining()));
>> /* 299 */ x = null; ((ByteBuffer)x).get((byte[])array); array = null; 
>> return array;
>> /* */   }
>> /* */ }
>>
>>
>> Decompiler:
>>
>> http://jd.benow.ca/
>>
>> Id the decompiler somehow generating code with these security issues and 
>> the actual bytecode does not have them maybe?
>>
>>
>> I have no idea how to move forward with this.  We have to "check a box" 
>> for them in corporate speak yet there is no clear path to run a dependable 
>> security scan against the codebase.
>>
>>
>> Yes I realize this is silly to demand running this tool.
>>
>> Any other tools out there that might be able to scan Clojure code like 
>> this?
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/e8a5a6f9-3a0f-4431-80ba-2138ee0f8d75%40googlegroups.com.

Re: Using Deps/CLI for building mixed Clojure & Java projects

[Sean Corfield]

And you might look at https://github.com/EwenG/badigeon (which is listed on
that tools page) since it says it will "Compile java sources" according to
the readme

On Thu, Apr 2, 2020 at 2:30 PM Sean Corfield  wrote:

> You would need to write a Clojure script with a -main function that would
> (somehow) compile Java source code according to whatever rules you wanted
> and then invoke it from the CLI (as an initial step to get the compiled
> class files onto the classpath that a subsequent CLI invocation could use).
>
> It would be just another tool like any of the others listed here:
> https://github.com/clojure/tools.deps.alpha/wiki/Tools
>
> On Thu, Apr 2, 2020 at 2:18 PM Alan Thompson  wrote:
>
>> I've seen this conversation:
>> https://clojureverse.org/t/is-there-a-sales-pitch-for-switching-to-deps-edn-from-lein-in-2020/5367/15
>>
>> which seems to say there is no existing way to combine Java & Clojure
>> source code when building with deps/CLI.  Is this correct?
>>
>> If so, what would be entailed in enhancing Deps/CLI to handle Java source
>> files?
>>
>> Thanks,
>> Alan
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Clojure" group.
>> To post to this group, send email to clojure@googlegroups.com
>> Note that posts from new members are moderated - please be patient with
>> your first post.
>> To unsubscribe from this group, send email to
>> clojure+unsubscr...@googlegroups.com
>> For more options, visit this group at
>> http://groups.google.com/group/clojure?hl=en
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Clojure" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to clojure+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/clojure/CAN67zA3%3DxtbsaC3iGgBSjPgUjw0LwZp%2Bu6bM54ktr1svgxeESQ%40mail.gmail.com
>> 
>> .
>>
>
>
> --
> Sean A Corfield -- (904) 302-SEAN
> An Architect's View -- http://corfield.org/
> World Singles Networks, LLC. -- https://worldsinglesnetworks.com/
>
> "Perfection is the enemy of the good."
> -- Gustave Flaubert, French realist novelist (1821-1880)
>


-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/
World Singles Networks, LLC. -- https://worldsinglesnetworks.com/

"Perfection is the enemy of the good."
-- Gustave Flaubert, French realist novelist (1821-1880)

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/CAD4thx8pLe4mnDvQyb0Sf%2BfrpHNc_NKA5RO4bFKw69SDvrCuAQ%40mail.gmail.com.

Re: Using Deps/CLI for building mixed Clojure & Java projects

[Sean Corfield]

You would need to write a Clojure script with a -main function that would
(somehow) compile Java source code according to whatever rules you wanted
and then invoke it from the CLI (as an initial step to get the compiled
class files onto the classpath that a subsequent CLI invocation could use).

It would be just another tool like any of the others listed here:
https://github.com/clojure/tools.deps.alpha/wiki/Tools

On Thu, Apr 2, 2020 at 2:18 PM Alan Thompson  wrote:

> I've seen this conversation:
> https://clojureverse.org/t/is-there-a-sales-pitch-for-switching-to-deps-edn-from-lein-in-2020/5367/15
>
> which seems to say there is no existing way to combine Java & Clojure
> source code when building with deps/CLI.  Is this correct?
>
> If so, what would be entailed in enhancing Deps/CLI to handle Java source
> files?
>
> Thanks,
> Alan
>
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clojure@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to clojure+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/clojure/CAN67zA3%3DxtbsaC3iGgBSjPgUjw0LwZp%2Bu6bM54ktr1svgxeESQ%40mail.gmail.com
> 
> .
>


-- 
Sean A Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/
World Singles Networks, LLC. -- https://worldsinglesnetworks.com/

"Perfection is the enemy of the good."
-- Gustave Flaubert, French realist novelist (1821-1880)

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/CAD4thx8dJVcBjZUJbWw2CmTJtRFfcP2KBV5VFxmcS1-rasJJrg%40mail.gmail.com.

Using Deps/CLI for building mixed Clojure & Java projects

[Alan Thompson]

I've seen this conversation:
https://clojureverse.org/t/is-there-a-sales-pitch-for-switching-to-deps-edn-from-lein-in-2020/5367/15

which seems to say there is no existing way to combine Java & Clojure
source code when building with deps/CLI.  Is this correct?

If so, what would be entailed in enhancing Deps/CLI to handle Java source
files?

Thanks,
Alan

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/CAN67zA3%3DxtbsaC3iGgBSjPgUjw0LwZp%2Bu6bM54ktr1svgxeESQ%40mail.gmail.com.

Re: Conceptual difference between map and class

[Dieter Van Eessen]

Thanks alot for all the answers, 
still getting my head around the matter :)


On Tuesday, March 31, 2020 at 10:41:02 AM UTC+2, Dieter Van Eessen wrote:
>
> Hello,
>
> I've got a clojure and a python piece of code. Both seem to create what 
> can be considered an instance of a class. Wherein lies the conceptual 
> difference?
>
> Python:
> class MYCLASS():
> def __init__(self, x):
>   self.x = x
> def MYMETHOD(self):
>  ...
>
> def MYFUNCTION():
> lol = MYCLASS()
>
> Clojure:
> (defn MYCLASS [x]
>  {:x [x]
>   :MYMETHOD (fn [] (MYCLASS ...))})
>
> (let [lol (MYCLASS ...)])
>
> I know its not valid code, but I hope you see what I'm aiming at: isn't 
> using a map with functions in it just the same as a class?
> Or is only the user interface of the language conceptually equal, while 
> the underlying plumbing is completely different?
> If this is the case, wherein lies the major differences?
>
> If one could simply point me in the right direction, I'd already be very 
> pleased. Most literature I've read so far only explains clojure can be used 
> this way, but never focuses deeper on the subject.
>
> kind regards,
> Dieter
>
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/ab81ad93-4e11-4255-a5ed-865101213b26%40googlegroups.com.

Deep Learning for Programmers book 0.16.0: new chapter on Multi-class classification and metrics

[Dragan Djuric]

Deep Learning for Programmers: An Interactive Tutorial with CUDA, OpenCL, 
DNNL, Java, and Clojure
version 0.16.0 is available at 
https://aiprobook.com/deep-learning-for-programmers?release=1.16.0=cgroups

Why?

++ Clojure!
++ For Programmers!

+ the only AI book that walks the walk
+ complete, 100% executable code
+ step-by-step instructions
+ full path from theory to implementation in actual code
+ superfast implementation

Other books are math-only monographs for academics, or are written for 
non-technical readers.

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/clojure/e6e8cf53-b783-43a3-87ee-a758635ac2c1%40googlegroups.com.