Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58402

On Windows slaves, any call of dependency check tool results in "The input line is too long" error

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We defined Jenkins Global Tool for dependency-check-5.1.0 with auto install. When executing a job on a Windows slave, the tool gets installed (in folder c:\jenkins-slave\tools\org.jenkinsci.plugins.DependencyCheck.tools.DependencyCheckInstallation\dependency-check-5.1.0), but any call of Dependency Check results in errors:

      [DependencyCheck] The input line is too long.
      [DependencyCheck] The syntax of the command is incorrect.

      This is the case even for simple calls like

      dependencycheck additionalArguments: '--updateonly --data c:/builds/dependency-check-data2', odcInstallation: 'dependency-check-5.1.0'

      Is there any way to see the command line that is built? And more importantly, to get rid of the errors?

       

        Attachments

          Activity

          Hide
          chamshoff Christoph Amshoff added a comment -

          @Kelly, thanks for your discovery. I can confirm it's indeed the CLASSPATH setting. We were able to locally work around this issue (unpack all JARs in single folder) until it's resolved.

          Show
          chamshoff Christoph Amshoff added a comment - @Kelly, thanks for your discovery. I can confirm it's indeed the CLASSPATH setting. We were able to locally work around this issue (unpack all JARs in single folder) until it's resolved.
          Hide
          kfhickel Kelly Hickel added a comment -

          That's what I did as well, I'll include my change below, just in case someone gets stuck, but it's an ugly hack, the example I give may only work for version 5.1.1, and would have to be re-applied/changed every time the jenkins tool directory is updated/upgraded/etc.

          Edit the .bat file located here: <jenkins agent directory>\tools\org.jenkinsci.plugins.DependencyCheck.ools.DependencyCheckInstallation\OWASP_Dependency_Check\bin\dependency-check.bat, find the long line that begins with "set CLASSPATH=", and REPLACE it with the lines below.

          Yes, this is an ugly hack, don't feel the need to point that out ;->, but it does work for the short-term.

          set CLASSPATH="%BASEDIR%"\plugins\*
          xcopy /D/y "%REPO%"\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\commons-cli\commons-cli\1.4\commons-cli-1.4.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\owasp\dependency-check-core\5.1.1\dependency-check-core-5.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\commons\commons-jcs-core\2.2.1\commons-jcs-core-2.2.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\commons-logging\commons-logging\1.2\commons-logging-1.2.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\github\package-url\packageurl-java\1.1.0\packageurl-java-1.1.0.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\us\springett\cpe-parser\2.0.1\cpe-parser-2.0.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\vdurmont\semver4j\2.2.0\semver4j-2.2.0.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\commons-collections\commons-collections\3.2.2\commons-collections-3.2.2.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\commons\commons-compress\1.18\commons-compress-1.18.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\commons-io\commons-io\2.6\commons-io-2.6.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\commons\commons-text\1.7\commons-text-1.7.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\lucene\lucene-core\8.1.1\lucene-core-8.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\lucene\lucene-analyzers-common\8.1.1\lucene-analyzers-common-8.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\lucene\lucene-queryparser\8.1.1\lucene-queryparser-8.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\lucene\lucene-queries\8.1.1\lucene-queries-8.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\lucene\lucene-sandbox\8.1.1\lucene-sandbox-8.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\velocity\velocity-engine-core\2.1\velocity-engine-core-2.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\h2database\h2\1.4.196\h2-1.4.196.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\glassfish\javax.json\1.0.4\javax.json-1.0.4.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\jsoup\jsoup\1.12.1\jsoup-1.12.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\sun\mail\mailapi\1.6.2\mailapi-1.6.2.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\code\gson\gson\2.8.5\gson-2.8.5.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\guava\guava\28.0-jre\guava-28.0-jre.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\checkerframework\checker-qual\2.8.1\checker-qual-2.8.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\errorprone\error_prone_annotations\2.3.2\error_prone_annotations-2.3.2.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\j2objc\j2objc-annotations\1.3\j2objc-annotations-1.3.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\codehaus\mojo\animal-sniffer-annotations\1.17\animal-sniffer-annotations-1.17.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\h3xstream\retirejs\retirejs-core\3.0.1\retirejs-core-3.0.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\json\json\20140107\json-20140107.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\esotericsoftware\minlog\1.3\minlog-1.3.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\github\spullara\mustache\java\compiler\0.8.17\compiler-0.8.17.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\sonatype\ossindex\ossindex-service-client\1.2.0\ossindex-service-client-1.2.0.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\sonatype\ossindex\ossindex-service-api\1.2.0\ossindex-service-api-1.2.0.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\javax\ws\rs\javax.ws.rs-api\2.0.1\javax.ws.rs-api-2.0.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\sonatype\goodies\package-url-java\1.0.1\package-url-java-1.0.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\javax\inject\javax.inject\1\javax.inject-1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\slf4j\jcl-over-slf4j\1.7.15\jcl-over-slf4j-1.7.15.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\joda-time\joda-time\2.9.9\joda-time-2.9.9.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\moandjiezana\toml\toml4j\0.7.2\toml4j-0.7.2.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\owasp\dependency-check-utils\5.1.1\dependency-check-utils-5.1.1.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\apache\ant\ant\1.9.9\ant-1.9.9.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\jetbrains\annotations\17.0.0\annotations-17.0.0.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\com\github\spotbugs\spotbugs-annotations\3.1.12\spotbugs-annotations-3.1.12.jar "%BASEDIR%"\plugins\
          xcopy /D/y "%REPO%"\org\owasp\dependency-check-cli\5.1.1\dependency-check-cli-5.1.1.jar "%BASEDIR%"\plugins\
          
          
          Show
          kfhickel Kelly Hickel added a comment - That's what I did as well, I'll include my change below, just in case someone gets stuck, but it's an ugly hack, the example I give may only work for version 5.1.1, and would have to be re-applied/changed every time the jenkins tool directory is updated/upgraded/etc. Edit the .bat file located here: <jenkins agent directory>\tools\org.jenkinsci.plugins.DependencyCheck.ools.DependencyCheckInstallation\OWASP_Dependency_Check\bin\dependency-check.bat, find the long line that begins with "set CLASSPATH=", and REPLACE it with the lines below. Yes, this is an ugly hack, don't feel the need to point that out ;->, but it does work for the short-term. set CLASSPATH= "%BASEDIR%" \plugins\* xcopy /D/y "%REPO%" \ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \commons-cli\commons-cli\1.4\commons-cli-1.4.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\owasp\dependency-check-core\5.1.1\dependency-check-core-5.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\commons\commons-jcs-core\2.2.1\commons-jcs-core-2.2.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \commons-logging\commons-logging\1.2\commons-logging-1.2.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\github\ package -url\packageurl-java\1.1.0\packageurl-java-1.1.0.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \us\springett\cpe-parser\2.0.1\cpe-parser-2.0.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\vdurmont\semver4j\2.2.0\semver4j-2.2.0.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \commons-collections\commons-collections\3.2.2\commons-collections-3.2.2.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\commons\commons-compress\1.18\commons-compress-1.18.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \commons-io\commons-io\2.6\commons-io-2.6.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\commons\commons-text\1.7\commons-text-1.7.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\lucene\lucene-core\8.1.1\lucene-core-8.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\lucene\lucene-analyzers-common\8.1.1\lucene-analyzers-common-8.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\lucene\lucene-queryparser\8.1.1\lucene-queryparser-8.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\lucene\lucene-queries\8.1.1\lucene-queries-8.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\lucene\lucene-sandbox\8.1.1\lucene-sandbox-8.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\velocity\velocity-engine-core\2.1\velocity-engine-core-2.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\h2database\h2\1.4.196\h2-1.4.196.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\glassfish\javax.json\1.0.4\javax.json-1.0.4.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\jsoup\jsoup\1.12.1\jsoup-1.12.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\sun\mail\mailapi\1.6.2\mailapi-1.6.2.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\code\gson\gson\2.8.5\gson-2.8.5.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\guava\guava\28.0-jre\guava-28.0-jre.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\checkerframework\checker-qual\2.8.1\checker-qual-2.8.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\errorprone\error_prone_annotations\2.3.2\error_prone_annotations-2.3.2.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\j2objc\j2objc-annotations\1.3\j2objc-annotations-1.3.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\codehaus\mojo\animal-sniffer-annotations\1.17\animal-sniffer-annotations-1.17.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\h3xstream\retirejs\retirejs-core\3.0.1\retirejs-core-3.0.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\json\json\20140107\json-20140107.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\esotericsoftware\minlog\1.3\minlog-1.3.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\github\spullara\mustache\java\compiler\0.8.17\compiler-0.8.17.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\sonatype\ossindex\ossindex-service-client\1.2.0\ossindex-service-client-1.2.0.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\sonatype\ossindex\ossindex-service-api\1.2.0\ossindex-service-api-1.2.0.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \javax\ws\rs\javax.ws.rs-api\2.0.1\javax.ws.rs-api-2.0.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\sonatype\goodies\ package -url-java\1.0.1\ package -url-java-1.0.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \javax\inject\javax.inject\1\javax.inject-1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\slf4j\jcl-over-slf4j\1.7.15\jcl-over-slf4j-1.7.15.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \joda-time\joda-time\2.9.9\joda-time-2.9.9.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\moandjiezana\toml\toml4j\0.7.2\toml4j-0.7.2.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\owasp\dependency-check-utils\5.1.1\dependency-check-utils-5.1.1.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\apache\ant\ant\1.9.9\ant-1.9.9.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\jetbrains\annotations\17.0.0\annotations-17.0.0.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \com\github\spotbugs\spotbugs-annotations\3.1.12\spotbugs-annotations-3.1.12.jar "%BASEDIR%" \plugins\ xcopy /D/y "%REPO%" \org\owasp\dependency-check-cli\5.1.1\dependency-check-cli-5.1.1.jar "%BASEDIR%" \plugins\
          Hide
          jguatney Jonathan Gautney added a comment -

          Dependency-Check version 5.2.0 was recently released which uses some maven settings to shorten the classpaths. I can confirm this update works on our windows build node which fixes the issues for us.

          Show
          jguatney Jonathan Gautney added a comment - Dependency-Check version 5.2.0 was recently released which uses some maven settings to shorten the classpaths. I can confirm this update works on our windows build node which fixes the issues for us.
          Hide
          kfhickel Kelly Hickel added a comment -

          Looks good for me also.

          Show
          kfhickel Kelly Hickel added a comment - Looks good for me also.
          Hide
          chamshoff Christoph Amshoff added a comment -

          Dependency-Check version 5.2.0 works fine, consider issue fixed.

          Show
          chamshoff Christoph Amshoff added a comment - Dependency-Check version 5.2.0 works fine, consider issue fixed.

            People

            Assignee:
            sspringett Steve Springett
            Reporter:
            chamshoff Christoph Amshoff
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: