From e4a9f4e628bcd6f656b25a3af7918690380fb8a0 Mon Sep 17 00:00:00 2001 From: Hritik Vijay Date: Mon, 20 Nov 2023 22:02:04 +0530 Subject: [PATCH 1/2] Ensure fallback to system maven works 1. In case the maven wrapper is found but is not ready or functioning, make sure the fallback to initially assumed "mvn" command works. 2. spawnSync returns an ``error`` object only in case child process is timed out or the invocation itself fails. Read ``status`` as well to ensure that the child process executed successfully Signed-off-by: Hritik Vijay --- utils.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/utils.js b/utils.js index 92c8ed184..46b181151 100644 --- a/utils.js +++ b/utils.js @@ -6999,6 +6999,7 @@ export const getMavenCommand = (srcPath, rootPath) => { let isWrapperReady = false; let isWrapperFound = false; let findMavenFile = "mvnw"; + let mavenWrapperCmd = null; if (platform() == "win32") { findMavenFile = "mvnw.bat"; if ( @@ -7017,7 +7018,7 @@ export const getMavenCommand = (srcPath, rootPath) => { } catch (e) { // continue regardless of error } - mavenCmd = resolve(join(srcPath, findMavenFile)); + mavenWrapperCmd = resolve(join(srcPath, findMavenFile)); isWrapperFound = true; } else if (rootPath && existsSync(join(rootPath, findMavenFile))) { // Check if the root directory has a wrapper script @@ -7026,7 +7027,7 @@ export const getMavenCommand = (srcPath, rootPath) => { } catch (e) { // continue regardless of error } - mavenCmd = resolve(join(rootPath, findMavenFile)); + mavenWrapperCmd = resolve(join(rootPath, findMavenFile)); isWrapperFound = true; } if (isWrapperFound) { @@ -7035,14 +7036,15 @@ export const getMavenCommand = (srcPath, rootPath) => { "Testing the wrapper script by invoking wrapper:wrapper task" ); } - const result = spawnSync(mavenCmd, ["wrapper:wrapper"], { + const result = spawnSync(mavenWrapperCmd, ["wrapper:wrapper"], { encoding: "utf-8", cwd: rootPath, timeout: TIMEOUT_MS, shell: isWin }); - if (!result.error) { + if (!result.error && !result.status) { isWrapperReady = true; + mavenCmd = mavenWrapperCmd; } else { if (DEBUG_MODE) { console.log( From 7f1a944f767191b2c3e88aa6c68533fee4f723eb Mon Sep 17 00:00:00 2001 From: Hritik Vijay Date: Tue, 21 Nov 2023 16:21:21 +0530 Subject: [PATCH 2/2] Add repotest for repos without broken mvn wrapper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ; ../cdxgen/bin/cdxgen.js -p Executing '/Users/neo/contrib/appthreat/broken-mvn-wrapper/gs-spring-boot-main/complete/mvnw org.cyclonedx:cyclonedx-maven-plugin:2.7.10:makeAggregateBom -DoutputName=bom -DincludeTestScope=true -q' in /Users/neo/contrib/appthreat/broken-mvn-wrapper/gs-spring-boot-main/complete Fallback to executing /Users/neo/contrib/appthreat/broken-mvn-wrapper/gs-spring-boot-main/complete/mvnw dependency:tree -DoutputFile=/var/folders/l1/tbpy9vkn2151gnkf324c1bdm0000gr/T/cdxmvn-6HUFz0/mvn-tree.txt /Users/neo/contrib/appthreat/broken-mvn-wrapper/gs-spring-boot-main/complete/mvnw: line 1: unexpected EOF while looking for matching `'' /Users/neo/contrib/appthreat/broken-mvn-wrapper/gs-spring-boot-main/complete/mvnw: line 2: syntax error: unexpected end of file Resolve the above maven error. This could be due to the following: 1. Java version requirement: cdxgen container image bundles Java 20 with maven 3.9 which might be incompatible. 2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable. 3. Check if all required environment variables including any maven profile arguments are passed correctly to this tool. Falling back to manual pom.xml parsing. The result would be incomplete! ╔═══════════════════════════╤═════════════════════════════════════╤═══════════════════════════╤═════════════════╗ ║ Group │ Name │ Version │ Scope ║ ╚═══════════════════════════╧═════════════════════════════════════╧═══════════════════════════╧═════════════════╝ BOM includes 0 components and 0 dependencies ; (cd ../cdxgen; gh pr checkout 726) Previous HEAD position was 23a4902 Bump version Switched to branch 'master' Your branch is ahead of 'origin/master' by 1 commit. (use "git push" to publish your local commits) Already up to date. ../cdxgen/bin/cdxgen.js -p Executing 'mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.10:makeAggregateBom -DoutputName=bom -DincludeTestScope=true -q' in /Users/neo/contrib/appthreat/broken-mvn-wrapper/gs-spring-boot-main/complete pkg:maven/com.example/spring-boot-complete@0.0.1-SNAPSHOT?type=jar ├── pkg:maven/org.springframework.boot/spring-boot-starter-actuator@3.1.4?type=jar │ ├── pkg:maven/io.micrometer/micrometer-core@1.11.4?type=jar │ │ ├── pkg:maven/io.micrometer/micrometer-commons@1.11.4?type=jar │ │ ├── pkg:maven/io.micrometer/micrometer-observation@1.11.4?type=jar └───└───└───└── pkg:maven/io.micrometer/micrometer-commons@1.11.4?type=jar │ │ ├── pkg:maven/org.hdrhistogram/HdrHistogram@2.1.12?type=jar └───└───└── pkg:maven/org.latencyutils/LatencyUtils@2.0.3?type=jar │ ├── pkg:maven/io.micrometer/micrometer-observation@1.11.4?type=jar Signed-off-by: Hritik Vijay --- .github/workflows/repotests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index c06dd2fcb..21b5c0b29 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -156,6 +156,10 @@ jobs: with: repository: 'googleprojectzero/Jackalope' path: 'repotests/Jackalope' + - uses: actions/checkout@v3 + with: + repository: 'hritik14/broken-mvn-wrapper' + path: 'repotests/broken-mvn-wrapper' - uses: dtolnay/rust-toolchain@stable - name: repotests evidence run: | @@ -277,6 +281,7 @@ jobs: run: | bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint.json bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint-deep.json --deep + bin/cdxgen.js -p -t java repotests/broken-mvn-wrapper -o bomresults/bom-broken-mvn-wrapper.json shell: bash - name: jenkins plugins run: |