[
https://issues.apache.org/jira/browse/MSHARED-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17738096#comment-17738096
]
Gary D. Gregory edited comment on MSHARED-1248 at 7/2/23 10:46 PM:
-------------------------------------------------------------------
Next up, expectation management: Would someone tag this ticket with an expected
version? Or, did this make it in 11.3.2?
And, would someone start the ball rolling on a release or provide a guesstimate?
was (Author: garydgregory):
Next up, expectation management: Would someone tag this ticket with an expected
version?
And, would someone start the ball rolling on a release or provide a guesstimate?
> maven-dependency-analyzer should log instead of failing when analyzing a
> corrupted jar file
> -------------------------------------------------------------------------------------------
>
> Key: MSHARED-1248
> URL: https://issues.apache.org/jira/browse/MSHARED-1248
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-dependency-analyzer
> Affects Versions: maven-dependency-analyzer-1.13.1
> Environment: Apache Maven 3.9.1
> (2e178502fcdbffc201671fb2537d0cb4b4cc58f8)
> Maven home: C:\java\apache-maven-3.9.1
> Java version: 1.8.0_362, vendor: Temurin, runtime: C:\Program Files\Eclipse
> Adoptium\jdk-8.0.362.9-hotspot\jre
> Default locale: en_US, platform encoding: Cp1252
> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
> Microsoft Windows [Version 10.0.19044.2728]
> Reporter: Gary D. Gregory
> Priority: Major
>
> In Apache Commons BCEL, we include corrupted jar files created by the
> oss-fuzz project which causes the build to fail when the CycloneDX plugin
> runs to create an SBOM.
> This issue happens only after getting past the issue fixed by MSHARED-1247
> {noformat}
> [DEBUG] CycloneDX: Calculating Hashes
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 3.594 s
> [INFO] Finished at: 2023-04-29T15:23:05-04:00
> [INFO]
> ------------------------------------------------------------------------
> [ERROR] Failed to execute goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on
> project bcel: Execution default-cli of goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed:
> Unsupported class file major version 1025 from directory =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
> -> [Help 1]
> org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute
> goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom
> (default-cli) on project bcel: Execution default-cli of goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed:
> Unsupported class file major version 1025 from directory =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
> (MojoExecutor.java:347)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
> (MojoExecutor.java:330)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:213)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:175)
> at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
> (MojoExecutor.java:76)
> at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
> (MojoExecutor.java:163)
> at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
> (DefaultMojosExecutionStrategy.java:39)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:160)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:105)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:73)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:53)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:118)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:282)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:225)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:406)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:347)
> Caused by: org.apache.maven.plugin.PluginExecutionException: Execution
> default-cli of goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed:
> Unsupported class file major version 1025 from directory =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:133)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
> (MojoExecutor.java:342)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
> (MojoExecutor.java:330)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:213)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:175)
> at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
> (MojoExecutor.java:76)
> at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
> (MojoExecutor.java:163)
> at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
> (DefaultMojosExecutionStrategy.java:39)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:160)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:105)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:73)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:53)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:118)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:282)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:225)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:406)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:347)
> Caused by: java.lang.RuntimeException: Unsupported class file major version
> 1025 from directory =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
> at
> org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.acceptDirectory
> (ClassFileVisitorUtils.java:102)
> at
> org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.accept
> (ClassFileVisitorUtils.java:59)
> at
> org.apache.maven.shared.dependency.analyzer.asm.ASMDependencyAnalyzer.analyze
> (ASMDependencyAnalyzer.java:43)
> at
> org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildDependencyClasses
> (DefaultProjectDependencyAnalyzer.java:206)
> at
> org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildTestDependencyClasses
> (DefaultProjectDependencyAnalyzer.java:200)
> at
> org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.analyze
> (DefaultProjectDependencyAnalyzer.java:68)
> at org.cyclonedx.maven.CycloneDxMojo.doProjectDependencyAnalysis
> (CycloneDxMojo.java:86)
> at
> org.cyclonedx.maven.CycloneDxAggregateMojo.extractComponentsAndDependencies
> (CycloneDxAggregateMojo.java:130)
> at org.cyclonedx.maven.BaseCycloneDxMojo.execute
> (BaseCycloneDxMojo.java:258)
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:126)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
> (MojoExecutor.java:342)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
> (MojoExecutor.java:330)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:213)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:175)
> at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
> (MojoExecutor.java:76)
> at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
> (MojoExecutor.java:163)
> at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
> (DefaultMojosExecutionStrategy.java:39)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:160)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:105)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:73)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:53)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:118)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:282)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:225)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:406)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:347)
> Caused by: java.lang.IllegalArgumentException: Unsupported class file major
> version 1025
> at org.objectweb.asm.ClassReader.<init> (ClassReader.java:199)
> at org.objectweb.asm.ClassReader.<init> (ClassReader.java:180)
> at org.objectweb.asm.ClassReader.<init> (ClassReader.java:166)
> at
> org.apache.maven.shared.dependency.analyzer.asm.DependencyClassFileVisitor.visitClass
> (DependencyClassFileVisitor.java:57)
> at
> org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.visitClass
> (ClassFileVisitorUtils.java:120)
> at
> org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.visitClass
> (ClassFileVisitorUtils.java:112)
> at
> org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.acceptDirectory
> (ClassFileVisitorUtils.java:98)
> at
> org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.accept
> (ClassFileVisitorUtils.java:59)
> at
> org.apache.maven.shared.dependency.analyzer.asm.ASMDependencyAnalyzer.analyze
> (ASMDependencyAnalyzer.java:43)
> at
> org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildDependencyClasses
> (DefaultProjectDependencyAnalyzer.java:206)
> at
> org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.buildTestDependencyClasses
> (DefaultProjectDependencyAnalyzer.java:200)
> at
> org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyAnalyzer.analyze
> (DefaultProjectDependencyAnalyzer.java:68)
> at org.cyclonedx.maven.CycloneDxMojo.doProjectDependencyAnalysis
> (CycloneDxMojo.java:86)
> at
> org.cyclonedx.maven.CycloneDxAggregateMojo.extractComponentsAndDependencies
> (CycloneDxAggregateMojo.java:130)
> at org.cyclonedx.maven.BaseCycloneDxMojo.execute
> (BaseCycloneDxMojo.java:258)
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:126)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
> (MojoExecutor.java:342)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
> (MojoExecutor.java:330)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:213)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:175)
> at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
> (MojoExecutor.java:76)
> at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
> (MojoExecutor.java:163)
> at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
> (DefaultMojosExecutionStrategy.java:39)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:160)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:105)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:73)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:53)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:118)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:282)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:225)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:406)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:347)
> [ERROR]
> [ERROR]
> [ERROR] For more information about the errors and possible solutions, please
> read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
> [DEBUG] Shutting down adapter factory; available factories [file-lock,
> rwlock-local, semaphore-local, noop]; available name mappers [discriminating,
> file-gav, file-hgav, file-static, gav, static]
> [DEBUG] Shutting down 'file-lock' factory
> [DEBUG] Shutting down 'rwlock-local' factory
> [DEBUG] Shutting down 'semaphore-local' factory
> [DEBUG] Shutting down 'noop' factory
> {noformat}
> When running:
> {noformat}
> git clone https://gitbox.apache.org/repos/asf/commons-bcel.git
> cd commons-bcel
> git checkout 9a36684def5f113dea5cbc11012f4c3189ef7c7a
> {noformat}
> edit pom.xml, update commons-parent to 57 and update the build plugins to use
> maven-dependency-analyzer version 1.13.2-SNAPSHOT.
> {noformat}
> mvn cyclonedx:makeAggregateBom
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
