I have a JSON file containing multiple maven dependencies:
{
"name": "com.paulscode:libraryjavasound:20101123"
},
{
"name": "com.paulscode:librarylwjglopenal:20100824"
},
{
"name": "com.paulscode:soundsystem:20120107"
},
I'd like to load them and then launch a jar with these dependencies in the classpath. Currently I'm not sure how to do that.
Also, I plan on using electron, if that is of any importance.
You can use node-java-plugin.
Add a java key to your package.json
{
"java": {
"dependencies": [
{
"groupId": "com.paulscode",
"artifactId": "libraryjavasound",
"version": "20101123"
},
{
"groupId": "com.paulscode",
"artifactId": "soundsystem",
"version": "20120107"
},
{
"groupId": "com.paulscode",
"artifactId": "librarylwjglopenal",
"version": "20100824"
},
]
}
}
Further more details you can find on plugin docs.You can use node-java with this for addition purpose.
Related
I am trying to create my own security scanner which will check dependencies. To test the functionality, I created a "mock scanner" which downloads a file from webhook, and saves it as an artifact ought to be uploaded to the server.
The artifact is uploaded successfully and in the CI output I can see the 201 code, but for some reason it is not presented in the security dashboard.
What am I doing wrong?
Thank you!
The CI job looks as following:
mysec_dependency_scanning:
stage: test
script:
- curl https://webhook.site/XXXX -o gl-dependency-scanning-report.json
- sleep 3
allow_failure: true
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
The content of the json file is from the example provided by gitlab and it as following:
{
"version": "2.0",
"vulnerabilities": [
{
"id": "51e83874-0ff6-4677-a4c5-249060554eae",
"category": "dependency_scanning",
"name": "alik alik",
"message": "Regular Expression Denial of Service in debug",
"description": "alik to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.",
"severity": "Unknown",
"solution": "Upgrade to latest versions.",
"scanner": {
"id": "dadada",
"name": "dadada"
},
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "debug"
},
"version": "1.0.5"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-37283ed4-0380-40d7-ada7-2d994afcc62a",
"value": "37283ed4-0380-40d7-ada7-2d994afcc62a",
"url": "https://deps.sec.gitlab.com/packages/npm/debug/versions/1.0.5/advisories"
}
],
"links": [
{
"url": "https://nodesecurity.io/advisories/534"
},
{
"url": "https://github.com/visionmedia/debug/issues/501"
},
{
"url": "https://github.com/visionmedia/debug/pull/504"
}
]
},
{
"id": "5d681b13-e8fa-4668-957e-8d88f932ddc7",
"category": "dependency_scanning",
"name": "Authentication bypass via incorrect DOM traversal and canonicalization",
"message": "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js",
"description": "Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment, therefore, has no impact on the signature on the SAML message.\r\n\r\nA remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.",
"severity": "Unknown",
"solution": "Upgrade to fixed version.\r\n",
"scanner": {
"id": "dadada",
"name": "dadada"
},
"location": {
"file": "yarn.lock",
"dependency": {
"package": {
"name": "saml2-js"
},
"version": "1.5.0"
}
},
"identifiers": [
{
"type": "gemnasium",
"name": "Gemnasium-9952e574-7b5b-46fa-a270-aeb694198a98",
"value": "9952e574-7b5b-46fa-a270-aeb694198a98",
"url": "https://deps.sec.gitlab.com/packages/npm/saml2-js/versions/1.5.0/advisories"
},
{
"type": "cve",
"name": "CVE-2017-11429",
"value": "CVE-2017-11429",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11429"
}
],
"links": [
{
"url": "https://github.com/Clever/saml2/commit/3546cb61fd541f219abda364c5b919633609ef3d#diff-af730f9f738de1c9ad87596df3f6de84R279"
},
{
"url": "https://github.com/Clever/saml2/issues/127"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
}
],
"remediations": [
{
"fixes": [
{
"id": "5d681b13-e8fa-4668-957e-8d88f932ddc7",
}
],
"summary": "Upgrade saml2-js",
"diff": "ZGlmZiAtLWdpdCBhL...OR0d1ZUc2THh3UT09Cg==" // some content is omitted for brevity
}
]
}
I was able to fix the problem, the issue was an invalid json format.
Had to do alot of trial and error but I was able to create a working template for a dependency scanning report.
{
"version": "3.0.0",
"vulnerabilities": [
{
"id": "dfa1f7f3d56db6e1c3451a232de42f153e0335611de6f0344443d84e448ee2cf",
"category": "dddda",
"name": "dddda",
"message": "ddda",
"description": "dddda lack of validation in `index.js`.",
"cve": "dada",
"severity": "Critical",
"solution": "Upgrade to version 2.0.5 or above.",
"scanner": {
"id": "lalal",
"name": "Code_Analyzer"
},
"location": {
"file": "yarn.lock",
"dependency": {
"iid": 447,
"package": {
"name": "copy-props"
},
"version": "2.0.4"
}
},
"identifiers": [
{
"type": "dada",
"name": "dada-e9e12690-2e4d-4251-bef0-7357ddc05881",
"value": "e9e57890-5e4d-4832-bef2-7337ddc05889",
"url": "https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/npm/copy-props/CVE-2219-28503.yml"
},
{
"type": "cve",
"name": "CVE-2237-28503",
"value": "CVE-2237-28503",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2237-28503"
}
],
"links": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2237-28503"
}
]
}
],
"remediations": [],
"dependency_files": [
{
"path": "yarn.lock",
"package_manager": "yarn",
"dependencies": [
{
"iid": 447,
"dependency_path": [
{
"iid": 708
},
{
"iid": 707
}
],
"package": {
"name": "copy-props"
},
"version": "2.0.4"
}
]
}
],
"scan": {
"scanner": {
"id": "lalal",
"name": "Code_Analyzer",
"url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium",
"vendor": {
"name": "lalal"
},
"version": "2.29.5"
},
"type": "dependency_scanning",
"start_time": "2021-05-03T06:47:29",
"end_time": "2021-05-03T06:47:30",
"status": "success"
}
}
References to internal sections in swagger.json work correctly, but attempting to reference a JSON file in the same directory seems to be ignored. I have some large example data files so would like to reference them instead of including them in the swagger.json file.
How do I get swagger to dereference the $ref tags for external files in the ./static/ directory (this is the same location as the swagger.json file)? Is there a swagger log file that shows what/how it loads files?
Things that work:
http://localhost:5002/swagger
http://localhost:5002/static/swagger.json
http://localhost:5002/static/components.json
So this proves the web server can find the static/components.json file.
Part of swagger.json:
"components": {
"schemas": {
"id": {
"properties": {
"id": {
"type": "number",
"format": "int64"
}
}
},
"componentsPost": {
"type": "object",
"properties": {
"id": {
"$ref": "#/components/schemas/id" <-- THIS WORKS
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"component_type_id": {
"$ref": "#/components/schemas/id" <-- THIS WORKS
},
"system_type_id": {
"$ref": "#/components/schemas/id" <-- THIS WORKS
},
"parent_id": {
"$ref": "#/components/schemas/id"
}
},
"example": {
"$ref": "components.json" <-- THIS DOES *NOT* WORK
}
},
Note: components.json is different than the #components/schema/id
reference, which is in the same file as shown above.
Beginning of components.json data file:
{
"components": [
{
"id": 99999,
"name": "root",
"description": "Root Component",
"component_type_id": 1,
"system_type_id": 1
},
{
"id": 1,
"name": "lan1",
"description": "LAN",
"component_type_id": 1,
"system_type_id": 4,
"parent_id": 99999
},
The swagger.json file gets loaded but components.json does not:
[06/Jan/2021 12:32:53] "GET /static/swagger.json HTTP/1.1" 200 -
The swagger web site shows the $ref, not the expected components.json:
Alternate code I have tried:
"example": {
"components": {
"$ref": "components.json"
}
}
"example": {
"$ref": "/static/components.json"
}
"example": {
"$ref": "./static/components.json"
}
"example": {
"$ref": "static/components.json"
}
I have an electron app and I got this error when run electron-builder build.
Error: Application entry file "main.js" in the "/project/dist/release/mac/demo.app/Contents/Resources/app.asar" does not exist. Seems like a wrong configuration.
This is package.json. I have set the main to dist/electron.js but I don't understand why it keep saying main.js doesn't exist.
...
"main": "dist/electron.js",
"build": {
"productName": "demo",
"appId": "com.auspost.pos",
"files": [
"dist/",
"node_modules/**/*",
"package.json",
"dist/electron.js"
],
"directories": {
"output": "dist/release"
},
"dmg": {
"contents": [
{
"x": 130,
"y": 220
},
{
"x": 410,
"y": 220,
"type": "link",
"path": "/Applications"
}
]
},
"win": {
"target": [
"nsis",
"msi"
],
"icon": "./electron/assets/icons/win/app.ico"
},
"publish": {
"provider": "github"
}
},
...
"devDepencencies": {
"electron": "^5.0.2",
"electron-builder": "^20.41.0",
"electron-webpack": "^2.6.2",
}
Finally figure out that because the project has electron-webpack dependency which works as a base template for electron build configuration. There are some fields are defined there which get extended.
The fix for that is either remove electron-webpack from your project dependencies or use electron-webpack convention to manage your project.
I had a similar issue:
Application entry file "index.js" in the ".....\dist\win-unpacked\resources\app.asar" does not exist.
The fix for me was to add
main: "main.js"
in the package.json of the generated app, so .\app\package.json.
Seems like without this electron-builder 21 (electron 6) is looking for a "index.js" file.
I encountered the error when selecting the production version of my entry file which was in a different folder than the source production file.
Here is the relevant config section that got my app to build:
"build": {
"files": [
"electron-settings.json",
"package.json"
],
"extraResources": [
{
"from": "../build/backend/min",
"to": "app",
"filter": [
"**/*"
]
},
{
"from": "desktop/node_modules",
"to": "node_modules"
}
],
"mac": {
"extraResources": [
{
"from": "build/osx",
"to": "app/build/osx"
}
]
}
}
Today I was trying to create a confluence addon for my company and I've try following atlassian documents.
My problem comes trying to run the express app when adding a new customContent to the atlassian-connect.json, after running npm start I get the following error.
Failed to register with host https://admin:xxx#xxx.atlassian.net/wiki (200)
{"type":"INSTALL","pingAfter":300,"status":{"done":true,"statusCode":200,"con
tentType":"application/vnd.atl.plugins.task.install.err+json","subCode":"upm.
pluginInstall.error.descriptor.not.from.marketplace","source":"https://1a0adc
8f.ngrok.io/atlassian-connect.json","name":"https://1a0adc8f.ngrok.io/atlassi
an-connect.json"},"links":{"self":"/wiki/rest/plugins/1.0/pending/b88594d3-c3
c2-4760-b687-c8d860c0a377","alternate":"/wiki/rest/plugins/1.0/tasks/b88594d3
-c3c2-4760-b687-c8d860c0a377"},"timestamp":1502272147602,"userKey":"xxx","id":"xxx"}
Add-on not registered; no compatible hosts detected
This is my atlassian-connect.json file:
{
"key": "my-add-on",
"name": "Ping Pong",
"description": "My very first add-on",
"vendor": {
"name": "Angry Nerds",
"url": "https://www.atlassian.com/angrynerds"
},
"baseUrl": "{{localBaseUrl}}",
"links": {
"self": "{{localBaseUrl}}/atlassian-connect.json",
"homepage": "{{localBaseUrl}}/atlassian-connect.json"
},
"authentication": {
"type": "jwt"
},
"lifecycle": {
"installed": "/installed"
},
"scopes": [
"READ"
],
"modules": {
"generalPages": [
{
"key": "hello-world-page-jira",
"location": "system.top.navigation.bar",
"name": {
"value": "Hello World"
},
"url": "/hello-world",
"conditions": [{
"condition": "user_is_logged_in"
}]
},
{
"key": "customersViewer",
"location": "system.header/left",
"name": {
"value": "Hello World"
},
"url": "/hello-world",
"conditions": [{
"condition": "user_is_logged_in"
}]
}
],
"customContent": [
{
"key": "customer",
"name": {
"value": "Customers"
},
"uiSupport": {
"contentViewComponent": {
"moduleKey": "customersViewer"
},
"listViewComponent": {
"moduleKey": "customerList"
},
"icons": {
"item": {
"url": "/images/customers.png"
}
}
},
"apiSupport": {
"supportedContainerTypes": ["space"]
}
}
]
}
}
Does anybody has an idea on whats going on?
The contentViewComponent can't find the generalPage it is referencing in moduleKey.
From the docs:
In the snippet above, the moduleKey “customersViewer” maps to a
generalPage module we have defined in our add-on. This generalPage is
passed the context parameters we specify, and visualizes our content
accordingly.
If you change the generalPage with the key hello-world-page-confluence to customersVieweryou be able to install and get up and running.
How can I install a specific Bundle (for example SonataGoutteBundle) to my Symfony2 project via composer?
I tried this, but it doesn't work for me. Any ideas what's wrong?
"repositories": [
{
"type": "package",
"package": {
"name": "sonata-project/sonatagouttebundle",
"version": "dev-master",
"dist": {
"url": "https://github.com/sonata-project/SonataGoutteBundle.git",
"type": "git"
}
}
}
],
"require": {
"php": ">=5.3.3",
[...],
"sonata-project/sonatagouttebundle": "dev-master"
}
Try something like
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/sonata-project/SonataGoutteBundle.git"
}
],
"require": {
"php": ">=5.3.3",
"vendor/bundle": "dev-master"
}
}
The SonataGoutteBundle must have a composer.json
In this particular case, this would work:
"repositories": [
{
"type": "package",
"package": {
"name": "sonata-project/goutte",
"version": "dev-master",
"source": {
"url": "https://github.com/sonata-project/SonataGoutteBundle.git",
"type": "git",
"reference": "master"
}
}
}
],
"require": {
"php": ">=5.3.3",
"sonata-project/goutte": "dev-master"
}
For all options see the documentation
You should provide a link to an archive (like zip) in "dist" section. If you want to use git you should define "source" section instead:
{
"repositories": [
{
"type": "package",
"package": {
"name": "sonata-project/sonatagouttebundle",
"version": "dev-master",
"source": {
"url": "https://github.com/sonata-project/SonataGoutteBundle.git",
"type": "git",
"reference": "master"
}
}
}
],
"require": {
"php": ">=5.3.3",
"sonata-project/sonatagouttebundle": "dev-master"
}
}
More about defining custom repositories: http://getcomposer.org/doc/04-schema.md#repositories