Closed avermeer closed 1 year ago
Try it without the colon….
java -jar jbom-1.2.1.jar
Any luck?
@planetlevel as I mentioned in the ticket, already tested, JBom starts but is unable to find any running JVM (which are also running OpenJ9-based Java runtime):
If I try this alternative, then after the prompt JBom don't print anything an never exit:
java -jar jbom-1.2.1.jar 2023-01-29 21:29:20:252 TRACE --- [jbom] 2023-01-29 21:29:20:253 TRACE --- [jbom] _ 2023-01-29 21:29:20:253 TRACE --- [jbom] () / __ _ 2023-01-29 21:29:20:253 TRACE --- [jbom] / / \/ \/ ` \ 2023-01-29 21:29:20:254 TRACE --- [jbom] / / // / // / / / / / / 2023-01-29 21:29:20:254 TRACE --- [jbom] / /./__// // // 2023-01-29 21:29:20:254 TRACE --- [jbom] // 2023-01-29 21:29:20:254 TRACE --- [jbom] 2023-01-29 21:29:20:254 TRACE --- [jbom] by Contrast Security - https://contrastsecurity.com 2023-01-29 21:29:20:254 TRACE --- [jbom] 2023-01-29 21:29:20:254 TRACE --- [jbom] jbom generates SBOMs for all JVMs running on a host 2023-01-29 21:29:20:254 TRACE --- [jbom] https://github.com/Contrast-Security-OSS/jbom 2023-01-29 21:29:20:254 TRACE --- [jbom]
Ok, let’s see what’s going on. Can you run with —debug?
Sure, here's the output, looks like JBom find some other local Java processes, but it fails to attach them:
java -jar jbom-1.2.1.jar --debug
2023-01-31 14:15:49:578 TRACE --- [jbom]
2023-01-31 14:15:49:579 TRACE --- [jbom] _ __
2023-01-31 14:15:49:579 TRACE --- [jbom] (_) /_ ____ ____ ___
2023-01-31 14:15:49:579 TRACE --- [jbom] / / __ \/ __ \/ __ `__ \
2023-01-31 14:15:49:579 TRACE --- [jbom] / / /_/ / /_/ / / / / / /
2023-01-31 14:15:49:580 TRACE --- [jbom] __/ /_.___/\____/_/ /_/ /_/
2023-01-31 14:15:49:580 TRACE --- [jbom] /___/
2023-01-31 14:15:49:580 TRACE --- [jbom]
2023-01-31 14:15:49:580 TRACE --- [jbom] by Contrast Security - https://contrastsecurity.com
2023-01-31 14:15:49:580 TRACE --- [jbom]
2023-01-31 14:15:49:580 TRACE --- [jbom] jbom generates SBOMs for all JVMs running on a host
2023-01-31 14:15:49:580 TRACE --- [jbom] https://github.com/Contrast-Security-OSS/jbom
2023-01-31 14:15:49:580 TRACE --- [jbom]
2023-01-31 14:15:49:581 DEBUG --- [jbom] Java vendor : IBM Corporation
2023-01-31 14:15:49:581 DEBUG --- [jbom] Java version: 17.0.5
2023-01-31 14:15:50:322 DEBUG --- [jbom] Adding process: 1725 --> org.apache.catalina.startup.Bootstrap start
2023-01-31 14:15:50:625 DEBUG --- [jbom] Adding process: 9036 --> com.acme.acmeinfra.acmejarstarter.JarStarter -p 300 -pid /var/run/MonitoringAgent.pid -eav ka fka /etc/aws.properties s3-eu-west-1.amazonaws.com -oaConfig /etc
2023-01-31 14:15:50:924 DEBUG --- [jbom] Adding process: 10410 --> start.jar --module=http --module=gzip
2023-01-31 14:15:51:243 DEBUG --- [jbom] Skipping process: 32767 --> jbom-1.2.1.jar --debug
2023-01-31 14:15:51:249 DEBUG --- [jbom] Adding process: 328 --> <no information available>
2023-01-31 14:15:51:264 TRACE --- [jbom] Detected 4 local Java processes
2023-01-31 14:15:51:264 TRACE --- [jbom] 10410 (start.jar --module=http --module=gzip)
2023-01-31 14:15:51:264 TRACE --- [jbom] 1725 (org.apache.catalina.startup.Bootstrap start)
2023-01-31 14:15:51:264 TRACE --- [jbom] 328 (<no information available>)
2023-01-31 14:15:51:264 TRACE --- [jbom] 9036 (com.acme.acmeinfra.acmejarstarter.JarStarter -p 300 -pid /var/run/MonitoringAgent.pid -eav kafka /etc/aws.properties s3-eu-west-1.amazonaws.com -oaConfig /etc)
2023-01-31 14:15:51:265 TRACE --- [jbom]
2023-01-31 14:15:51:265 TRACE --- [jbom] Starting analysis...
2023-01-31 14:15:51:265 TRACE --- [jbom]
2023-01-31 14:15:51:265 TRACE --- [jbom] 1: 10410 (start.jar --module=http --module=gzip)
2023-01-31 14:15:51:267 TRACE --- [jbom] Analyzing...
2023-01-31 14:15:54:612 TRACE --- [jbom] Saving SBOM to /mnt/jbom/jbom-10410.json
2023-01-31 14:15:54:612 TRACE --- [jbom]
2023-01-31 14:15:54:612 TRACE --- [jbom] 2: 1725 (org.apache.catalina.startup.Bootstrap start)
2023-01-31 14:15:54:612 TRACE --- [jbom] Analyzing...
2023-01-31 14:16:10:099 TRACE --- [jbom] Saving SBOM to /mnt/jbom/jbom-1725.json
2023-01-31 14:16:10:099 TRACE --- [jbom]
2023-01-31 14:16:10:099 TRACE --- [jbom] 3: 328 (<no information available>)
2023-01-31 14:16:10:100 TRACE --- [jbom] Analyzing...
Unable to attach with regular provider:
java.lang.IllegalStateException: Error during attachment using: net.bytebuddy.agent.ByteBuddyAgent$AttachmentProvider$Compound@1c9d4e08
at net.bytebuddy.agent.ByteBuddyAgent.install(ByteBuddyAgent.java:639)
at net.bytebuddy.agent.ByteBuddyAgent.attach(ByteBuddyAgent.java:299)
at com.contrastsecurity.Jbom.attachWithFallback(Jbom.java:443)
at com.contrastsecurity.Jbom.attach(Jbom.java:429)
at com.contrastsecurity.Jbom.doLocalProcess(Jbom.java:156)
at com.contrastsecurity.Jbom.run(Jbom.java:117)
at picocli.CommandLine.executeUserObject(CommandLine.java:1939)
at picocli.CommandLine.access$1300(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
at picocli.CommandLine.execute(CommandLine.java:2078)
at com.contrastsecurity.Jbom.main(Jbom.java:73)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at net.bytebuddy.agent.Attacher.install(Attacher.java:102)
at net.bytebuddy.agent.ByteBuddyAgent.install(ByteBuddyAgent.java:634)
... 14 more
Caused by: com.sun.tools.attach.AttachNotSupportedException: target 328 not found
at jdk.attach/com.ibm.tools.attach.attacher.OpenJ9VirtualMachine.attachTargetImpl(OpenJ9VirtualMachine.java:151)
at jdk.attach/com.ibm.tools.attach.attacher.OpenJ9VirtualMachine.lambda$attachTarget$1(OpenJ9VirtualMachine.java:129)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:748)
at jdk.attach/com.ibm.tools.attach.attacher.OpenJ9VirtualMachine.attachTarget(OpenJ9VirtualMachine.java:131)
at jdk.attach/com.ibm.tools.attach.attacher.OpenJ9AttachProvider.attachVirtualMachine(OpenJ9AttachProvider.java:65)
at jdk.attach/com.ibm.tools.attach.attacher.OpenJ9AttachProvider.attachVirtualMachine(OpenJ9AttachProvider.java:47)
at jdk.attach/com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:207)
... 20 more
Unable to attach with fallback provider:
java.lang.IllegalStateException: No compatible attachment provider is available
at net.bytebuddy.agent.ByteBuddyAgent.install(ByteBuddyAgent.java:628)
at net.bytebuddy.agent.ByteBuddyAgent.attach(ByteBuddyAgent.java:299)
at com.contrastsecurity.Jbom.attachWithFallback(Jbom.java:449)
at com.contrastsecurity.Jbom.attach(Jbom.java:429)
at com.contrastsecurity.Jbom.doLocalProcess(Jbom.java:156)
at com.contrastsecurity.Jbom.run(Jbom.java:117)
at picocli.CommandLine.executeUserObject(CommandLine.java:1939)
at picocli.CommandLine.access$1300(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
at picocli.CommandLine.execute(CommandLine.java:2078)
at com.contrastsecurity.Jbom.main(Jbom.java:73)
2023-01-31 14:16:10:110 TRACE --- [jbom] Saving SBOM to /mnt/jbom/jbom-328.json
2023-01-31 14:16:10:110 TRACE --- [jbom]
2023-01-31 14:16:10:110 TRACE --- [jbom] 4: 9036 (com.acme.acmeinfra.acmejarstarter.JarStarter -p 300 -pid /var/run/MonitoringAgent.pid -eav kafka /etc/aws.properties s3-eu-west-1.amazonaws.com -oaConfig /etc)
2023-01-31 14:16:10:110 TRACE --- [jbom] Analyzing...
2023-01-31 14:16:11:048 TRACE --- [jbom] Saving SBOM to /mnt/jbom/jbom-9036.json
2023-01-31 14:16:11:048 TRACE --- [jbom]
2023-01-31 14:16:11:049 TRACE --- [jbom] jbom complete
Note: the Java Runtime installed on this Linux machine can be downloaded for free from https://developer.ibm.com/languages/java/semeru-runtimes/downloads/
It looks like it successfully SBOMs for three of the four processes (check the /mnt/sbom directory). Are any of them the process you were interested in? I'm not sure about 328. It looks to me like that process was gone by the time jbom tried to attach to it.
In my /mnt/jbom directory I found 2 SBOMs.
But you probably got a good catch : some Java processes running on this Linux machine are "short-running ones"
3 of the Java processes on this machine are "long-running" ones ; including an Apache Solr server for which jbom failed to generate SBOM, probably because it exited when trying to inspect the short-running process that stopped while it was inspected.
Is there an option to make jbom more resilient to short-running java processes, i.e., make it able to skip processes just exiting to catch all least all long-running ones ?
Hmm... not sure if there's a good way to do that. Maybe jbom add a shutdown hook that would wait until jbom is finished. Anyone want to try implementing this? https://www.baeldung.com/jvm-shutdown-hooks
Closing this as jbom seems to be running fine on OpenJ9
Hello,
I tried using Jbom 1.2.1 on my of my machine with running Java processes. Looks like Jbom doesn't like my Open-J9 JVM:
If I try running JBom to get SBOM for all local Java processes, it fails:
If I try this alternative, then after the prompt JBom don't print anything an never exit:
I'm running all this on CentOS 7.9:
Am I missing somethig?
Alex