Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade to JCS3 #5114

Merged
merged 3 commits into from
Oct 14, 2023
Merged

fix: upgrade to JCS3 #5114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b176219
fix: upgrade to JCS3
jeremylong Dec 4, 2022
485aea1
fix: resolve checkstyle complaints
jeremylong Dec 4, 2022
63bcad7
build(deps): bump jcs3
jeremylong Jan 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions ant/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,14 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
<artifactId>dependency-check-utils</artifactId>
<version>${project.parent.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-jcs3-core</artifactId>
</dependency>
<dependency>
<groupId>io.github.jeremylong</groupId>
<artifactId>jcs3-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-core</artifactId>
Expand Down
51 changes: 43 additions & 8 deletions ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,17 @@
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;

import org.apache.commons.jcs.JCS;
import org.apache.commons.jcs.access.CacheAccess;
import org.apache.commons.jcs.engine.CompositeCacheAttributes;
import org.apache.commons.jcs.engine.behavior.ICompositeCacheAttributes;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
import org.apache.tools.ant.Task;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.xml.pom.Model;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.impl.StaticLoggerBinder;
import org.slf4j.spi.LocationAwareLogger;

/**
* An Ant task definition to execute dependency-check during an Ant build.
Expand Down Expand Up @@ -140,11 +138,13 @@ public void setHostedSuppressionsUrl(final String hostedSuppressionsUrl) {
* the Thread Context Class Loader set to something that can resolve it's classes. Other build tools do this
* by default but Ant does not.
*
* @throws BuildException throws if there is a problem. See {@link #executeWithContextClassloader()} for details
* @throws BuildException throws if there is a problem. See
* {@link #executeWithContextClassloader()} for details
*/
@Override
public final void execute() throws BuildException {
ClassLoader current = Thread.currentThread().getContextClassLoader();
muteJCS();
final ClassLoader current = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());

Expand All @@ -154,6 +154,41 @@ public final void execute() throws BuildException {
}
}

/**
* Hacky method of muting the noisy logging from JCS. Implemented using a
* solution from SO: https://stackoverflow.com/a/50723801
*/
private void muteJCS() {
if (System.getProperty("jcs.logSystem") == null) {
System.setProperty("jcs.logSystem", "slf4j");
}

final String[] noisyLoggers = {
"org.apache.commons.jcs3.auxiliary.disk.AbstractDiskCache",
"org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
"org.apache.commons.jcs3.engine.control.CompositeCache",
"org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCache",
"org.apache.commons.jcs3.engine.control.CompositeCache",
"org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
"org.apache.commons.jcs3.engine.control.event.ElementEventQueue",
"org.apache.commons.jcs3.engine.memory.AbstractDoubleLinkedListMemoryCache",
"org.apache.commons.jcs3.auxiliary.AuxiliaryCacheConfigurator",
"org.apache.commons.jcs3.engine.control.CompositeCacheManager",
"org.apache.commons.jcs3.utils.threadpool.ThreadPoolManager",
"org.apache.commons.jcs3.engine.control.CompositeCacheConfigurator"};
for (String loggerName : noisyLoggers) {
try {
final Logger l = LoggerFactory.getLogger(loggerName);
final Field f = l.getClass().getSuperclass().getDeclaredField("currentLogLevel");
f.setAccessible(true);
f.set(l, LocationAwareLogger.ERROR_INT);
} catch (IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
LoggerFactory.getLogger(Purge.class)
.debug("Failed to reset the log level of " + loggerName + ", it will continue being noisy.");
}
}
}

/**
* Executes the dependency-check purge to delete the existing local copy of
* the NVD CVE data.
Expand Down
3 changes: 3 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,9 @@ public class App {
*/
@SuppressWarnings("squid:S4823")
public static void main(String[] args) {
if (System.getProperty("jcs.logSystem") == null) {
System.setProperty("jcs.logSystem", "slf4j");
}
final int exitCode;
final App app = new App();
exitCode = app.run(args);
Expand Down
4 changes: 2 additions & 2 deletions cli/src/main/resources/logback.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
<pattern>[%level] %msg%n</pattern>
</encoder>
</appender>
<logger name="org.apache.commons.jcs" level="ERROR"/>
<logger name="org.apache.commons.jcs3" level="ERROR">

<root level="INFO">
<appender-ref ref="console"/>
</root>
</configuration>
</configuration>
6 changes: 5 additions & 1 deletion core/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-jcs-core</artifactId>
<artifactId>commons-jcs3-core</artifactId>
</dependency>
<dependency>
<groupId>io.github.jeremylong</groupId>
<artifactId>jcs3-slf4j</artifactId>
</dependency>
<dependency>
<groupId>com.github.package-url</groupId>
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/Engine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import org.apache.commons.io.FileUtils;
import org.apache.commons.jcs.JCS;
import org.apache.commons.jcs3.JCS;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
import java.text.MessageFormat;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.jcs.access.exception.CacheException;
import org.apache.commons.jcs3.access.exception.CacheException;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;

Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/data/cache/DataCache.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
*/
package org.owasp.dependencycheck.data.cache;

import org.apache.commons.jcs.access.CacheAccess;
import org.apache.commons.jcs3.access.CacheAccess;

/**
* A generic wrapper for the Java Caching System (JCS).
Expand Down
10 changes: 5 additions & 5 deletions core/src/main/java/org/owasp/dependencycheck/data/cache/DataCacheFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@
import java.io.InputStream;
import java.util.List;
import java.util.Properties;
import org.apache.commons.jcs.JCS;
import org.apache.commons.jcs.access.CacheAccess;
import org.apache.commons.jcs.access.exception.CacheException;
import org.apache.commons.jcs.engine.CompositeCacheAttributes;
import org.apache.commons.jcs.engine.behavior.ICompositeCacheAttributes;
import org.apache.commons.jcs3.JCS;
import org.apache.commons.jcs3.access.CacheAccess;
import org.apache.commons.jcs3.access.exception.CacheException;
import org.apache.commons.jcs3.engine.CompositeCacheAttributes;
import org.apache.commons.jcs3.engine.behavior.ICompositeCacheAttributes;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nodeaudit.Advisory;
import org.owasp.dependencycheck.utils.FileUtils;
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.jcs.access.exception.CacheException;
import org.apache.commons.jcs3.access.exception.CacheException;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import org.apache.commons.jcs.access.exception.CacheException;
import org.apache.commons.jcs3.access.exception.CacheException;

import static org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.DEFAULT_URL;

Expand Down
22 changes: 11 additions & 11 deletions core/src/main/resources/dependencycheck-cache.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# DEFAULT CACHE REGION
jcs.default=ODC
jcs.default.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
jcs.default.cacheattributes.MemoryCacheName=org.apache.commons.jcs.engine.memory.lru.LRUMemoryCache
jcs.default.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
jcs.default.cacheattributes.MemoryCacheName=org.apache.commons.jcs3.engine.memory.lru.LRUMemoryCache
jcs.default.cacheattributes.UseMemoryShrinker=false
jcs.default.cacheattributes.MaxMemoryIdleTimeSeconds=3600
jcs.default.cacheattributes.ShrinkerIntervalSeconds=60
jcs.default.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
jcs.default.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.default.elementattributes.IsEternal=false
# use zero max objects with an update pattern to force disk caching
jcs.default.cacheattributes.MaxObjects=0
Expand All @@ -19,8 +19,8 @@ jcs.default.elementattributes.IsLateral=false

#note - some region attributes are defined at load tiem in the DataCacheFactory.
jcs.region.CENTRAL=ODC
jcs.region.CENTRAL.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
jcs.region.CENTRAL.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
jcs.region.CENTRAL.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
jcs.region.CENTRAL.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.region.CENTRAL.cacheattributes.MaxObjects=0
jcs.region.CENTRAL.cacheattributes.DiskUsagePattern=UPDATE
#30 day cache life for Central
Expand All @@ -31,8 +31,8 @@ jcs.region.CENTRAL.elementattributes.IsLateral=false

#note - some region attributes are defined at load tiem in the DataCacheFactory.
jcs.region.POM=ODC
jcs.region.POM.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
jcs.region.POM.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
jcs.region.POM.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
jcs.region.POM.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.region.POM.cacheattributes.MaxObjects=0
jcs.region.POM.cacheattributes.DiskUsagePattern=UPDATE
#90 day cache life for POM files from Central - this should likely be higher...
Expand All @@ -43,8 +43,8 @@ jcs.region.POM.elementattributes.IsLateral=false


jcs.region.NODEAUDIT=ODC
jcs.region.NODEAUDIT.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
jcs.region.NODEAUDIT.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
jcs.region.NODEAUDIT.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
jcs.region.NODEAUDIT.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.region.NODEAUDIT.cacheattributes.MaxObjects=0
jcs.region.NODEAUDIT.cacheattributes.DiskUsagePattern=UPDATE
#24 hour default cache life
Expand All @@ -54,8 +54,8 @@ jcs.region.NODEAUDIT.elementattributes.IsRemote=false
jcs.region.NODEAUDIT.elementattributes.IsLateral=false

# AVAILABLE AUXILIARY CACHES
jcs.auxiliary.ODC=org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCacheFactory
jcs.auxiliary.ODC.attributes=org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCacheAttributes
jcs.auxiliary.ODC=org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCacheFactory
jcs.auxiliary.ODC.attributes=org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCacheAttributes
#jcs.auxiliary.ODC.attributes.DiskPath=$ {user.dir}/jcs_swap
jcs.auxiliary.ODC.attributes.MaxPurgatorySize=10000000
jcs.auxiliary.ODC.attributes.MaxKeySize=1000000
Expand Down
3 changes: 3 additions & 0 deletions core/src/test/java/org/owasp/dependencycheck/BaseTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ public abstract class BaseTest {
*/
@Before
public void setUp() throws Exception {
if (System.getProperty("jcs.logSystem") == null) {
System.setProperty("jcs.logSystem", "slf4j");
}
settings = new Settings();
}

Expand Down
3 changes: 2 additions & 1 deletion core/src/test/resources/logback-test.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,5 @@
<logger name="org.owasp.dependencycheck.utils.FileUtils" additivity="false" level="OFF">
<appender-ref ref="console"/>
</logger>
</configuration>
<logger name="org.apache.commons.jcs3" level="ERROR"/>
</configuration>
8 changes: 8 additions & 0 deletions maven/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,14 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
<artifactId>dependency-check-utils</artifactId>
<version>${project.parent.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-jcs3-core</artifactId>
</dependency>
<dependency>
<groupId>io.github.jeremylong</groupId>
<artifactId>jcs3-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
Expand Down
28 changes: 16 additions & 12 deletions maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2457,19 +2457,23 @@ private String[] determineSuppressions() {
* solution from SO: https://stackoverflow.com/a/50723801
*/
private void muteJCS() {
if (System.getProperty("jcs.logSystem") == null) {
System.setProperty("jcs.logSystem", "slf4j");
}

final String[] noisyLoggers = {
"org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache",
"org.apache.commons.jcs.engine.memory.AbstractMemoryCache",
"org.apache.commons.jcs.engine.control.CompositeCache",
"org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache",
"org.apache.commons.jcs.engine.control.CompositeCache",
"org.apache.commons.jcs.engine.memory.AbstractMemoryCache",
"org.apache.commons.jcs.engine.control.event.ElementEventQueue",
"org.apache.commons.jcs.engine.memory.AbstractDoubleLinkedListMemoryCache",
"org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator",
"org.apache.commons.jcs.engine.control.CompositeCacheManager",
"org.apache.commons.jcs.utils.threadpool.ThreadPoolManager",
"org.apache.commons.jcs.engine.control.CompositeCacheConfigurator"};
"org.apache.commons.jcs3.auxiliary.disk.AbstractDiskCache",
"org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
"org.apache.commons.jcs3.engine.control.CompositeCache",
"org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCache",
"org.apache.commons.jcs3.engine.control.CompositeCache",
"org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
"org.apache.commons.jcs3.engine.control.event.ElementEventQueue",
"org.apache.commons.jcs3.engine.memory.AbstractDoubleLinkedListMemoryCache",
"org.apache.commons.jcs3.auxiliary.AuxiliaryCacheConfigurator",
"org.apache.commons.jcs3.engine.control.CompositeCacheManager",
"org.apache.commons.jcs3.utils.threadpool.ThreadPoolManager",
"org.apache.commons.jcs3.engine.control.CompositeCacheConfigurator"};
for (String loggerName : noisyLoggers) {
try {
//This is actually a MavenSimpleLogger, but due to various classloader issues, can't work with the directly.
Expand Down
12 changes: 10 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,10 @@ Copyright (c) 2012 - Jeremy Long
<commons-io.version>2.14.0</commons-io.version>
<commons-lang3.version>3.13.0</commons-lang3.version>
<commons-text.version>1.10.0</commons-text.version>
<commons-jcs-core.version>2.2.1</commons-jcs-core.version>
<!-- note that logging will be noisy and broken until we upgrade to 3.2
See https://issues.apache.org/jira/browse/JCS-232 and
https://github.com/apache/commons-jcs/pull/120 -->
<commons-jcs-core.version>3.2</commons-jcs-core.version>
<aho-corasick-double-array-trie.version>1.2.3</aho-corasick-double-array-trie.version>
<junit.version>4.13.2</junit.version>
<hamcrest.version>2.2</hamcrest.version>
Expand Down Expand Up @@ -1031,9 +1034,14 @@ Copyright (c) 2012 - Jeremy Long
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-jcs-core</artifactId>
<artifactId>commons-jcs3-core</artifactId>
<version>${commons-jcs-core.version}</version>
</dependency>
<dependency>
<groupId>io.github.jeremylong</groupId>
<artifactId>jcs3-slf4j</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
Expand Down