search

denimgroup / threadfix

ThreadFix is a software vulnerability management platform. This GitHub site is far out of date. Please go to www.threadfix.it for up-to-date information.
340 stars 127 forks source link

threadfix-cli mvn build failing in final2.0 #348

Closed ghost closed 10 years ago

ghost commented 10 years ago

The threadfix-cli build failing in final2.0 branch because dependency block for commons-codec is missing. Please include.

commons-codec commons-codec ${commons.codec.version}

The following is my build env:

Apache Maven 3.0.4 (r1232337; 2012-01-17 02:44:56-0600) Maven home: /usr/share/maven Java version: 1.7.0_45, vendor: Oracle Corporation Java home: /Users/bspruth/applications/jdk1.7.0_45.jdk/Contents/Home/jre Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "10.8.5", arch: "x86_64", family: "mac"

Maven 3.0 goals used to build: mvn -pl threadfix-cli clean compile assembly:single

dancornell commented 10 years ago

I'm not getting that build error on final2.0, but can you see if this diff fixes your problem? If so I'll commit it to the branch (or just send a pull request) - I just didn't want to commit something I can't test.

Dans-MacBook-Pro:threadfix dcornell$ git diff threadfix-cli/pom.xml diff --git a/threadfix-cli/pom.xml b/threadfix-cli/pom.xml index 9a61c51..95fa661 100644 --- a/threadfix-cli/pom.xml +++ b/threadfix-cli/pom.xml @@ -96,6 +96,12 @@

1.9 
         <scope>test</scope>
     </dependency>
dancornell commented 10 years ago

Should be fixed by: https://github.com/denimgroup/threadfix/commit/2bbb95371bfc97e866260b8936cfad7f67f9f06e

Looking for independent confirmation (because the build worked in my environment before the change)

christopher-baek commented 10 years ago

I was having the same issue.

This is what I am using to build: $ mvn -version Apache Maven 3.0.5 (r01de14724cdef164cd33c7c8c2fe155faf9602da; 2013-02-19 07:51:28-0600) Maven home: /usr/local/Cellar/maven30/3.0.5/libexec Java version: 1.7.0_55, vendor: Oracle Corporation Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_55.jdk/Contents/Home/jre Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "10.9.2", arch: "x86_64", family: "mac"

This is before the change: [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] ThreadFix ......................................... SUCCESS [0.415s] [INFO] threadfix-entities ................................ SUCCESS [3.082s] [INFO] threadfix-cli ..................................... FAILURE [0.911s] [INFO] threadfix-ham ..................................... SKIPPED [INFO] threadfix-importers ............................... SKIPPED [INFO] threadfix-service-interfaces ...................... SKIPPED [INFO] threadfix ......................................... SKIPPED [INFO] Zap-Plugin ........................................ SKIPPED [INFO] Burp-Plugin ....................................... SKIPPED [INFO] threadfix-endpoint-cli ............................ SKIPPED [INFO] threadfix-cli-importers ........................... SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 4.778s [INFO] Finished at: Fri Jun 20 10:25:01 CDT 2014 [INFO] Final Memory: 18M/245M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile (default-compile) on project threadfix-cli: Compilation failure: Compilation failure: [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-cli/src/main/java/com/denimgroup/threadfix/remote/response/ByteToStringSerializer.java:[28,38] error: package org.apache.commons.codec.binary does not exist [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-cli/src/main/java/com/denimgroup/threadfix/remote/response/ByteToStringSerializer.java:[39,15] error: cannot find symbol

This is after: [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] ThreadFix ......................................... SUCCESS [0.435s] [INFO] threadfix-entities ................................ SUCCESS [3.126s] [INFO] threadfix-cli ..................................... SUCCESS [7.448s] [INFO] threadfix-ham ..................................... SUCCESS [2.841s] [INFO] threadfix-importers ............................... FAILURE [1.880s] [INFO] threadfix-service-interfaces ...................... SKIPPED [INFO] threadfix ......................................... SKIPPED [INFO] Zap-Plugin ........................................ SKIPPED [INFO] Burp-Plugin ....................................... SKIPPED [INFO] threadfix-endpoint-cli ............................ SKIPPED [INFO] threadfix-cli-importers ........................... SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 16.069s [INFO] Finished at: Fri Jun 20 10:27:02 CDT 2014 [INFO] Final Memory: 54M/516M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile (default-compile) on project threadfix-importers: Compilation failure: Compilation failure: [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/remoteprovider/VeracodeRemoteProvider.java:[28,38] error: package org.apache.commons.codec.binary does not exist [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/remoteprovider/QualysRemoteProvider.java:[29,38] error: package org.apache.commons.codec.binary does not exist [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/remoteprovider/VeracodeRemoteProvider.java:[190,35] error: cannot find symbol [ERROR] class VeracodeRemoteProvider [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/remoteprovider/QualysRemoteProvider.java:[290,36] error: cannot find symbol [ERROR] class QualysRemoteProvider [ERROR] /Users/e13177/automationdomination/threadfix/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/remoteprovider/QualysRemoteProvider.java:[330,36] error: cannot find symbol

dancornell commented 10 years ago

So that commit -helped- but it didn't really -fix-

I wiped out my ~/.m2/ repository cache and was able to get some errors. I'll take a look - should just be some more pom.xml updates.

macacollins commented 10 years ago

I checked out 2.0final, cleared my maven repository using rm -r ~/.m2, and built OK using mvn clean install -DskipTests. The threadfix-cli artifact with dependencies is at threadfix-cli/target/threadfix-cli/2.0FINAL-SNAPSHOT-jar-with-dependencies.jar.

I attempted running mvn -pl threadfix-cli clean compile assembly:single but got an error due to a missing threadfix-entities dependency, which makes sense. Can you all verify that mvn clean install -DskipTests is broken on your systems? I'm on commit 2bbb95371bfc97e866260b8936cfad7f67f9f06e.

ghost commented 10 years ago

Just pulled the commit no errors on the assembly goals. I have not seen that dependency error before with threadfix-entities. The codec error originally occurred by building on a computer that did not build /compile any threadfix source previously. I was able to reproduce this on two separate computers. As mentioned the error that was thrown to compile threadfix-cli was the codec dependency once the pom.xml was modified it was able to build without further errors.

On Jun 20, 2014, at 11:17 AM, Mac Collins notifications@github.com wrote:

sing threadfix-entities dependency, which makes sense. Can you all verify that mvn clean install -DskipTests is broken on your systems? I'm on commit 2bbb953.

dancornell commented 10 years ago

Anybody still having issues with this? Was going to close out otherwise.

ghost commented 10 years ago

Please close! Thanks again.

On Jul 9, 2014, at 8:03 PM, Dan Cornell notifications@github.com wrote:

Anybody still having issues with this? Was going to close out otherwise.

— Reply to this email directly or view it on GitHub.