Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51623

arachni-scanner-plugin is affected by fix for JEP-200

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      In Jenkins v2.102 or newer, saving job configuration with an Arachni-Scanner build step will produce an error. This is related to the JEP-200 fix.

      Stacktrace:

      java.lang.UnsupportedOperationException: Refusing to marshal org.slf4j.impl.JDK14LoggerAdapter for security reasons; see https://jenkins.io/redirect/class-filter/
      	at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
      	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.arachni.ArachniScanner#log for class org.jenkinsci.plugins.arachni.ArachniScanner
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
      	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
      	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
      	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
      	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
      	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
      	at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
      	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Project#builders for class hudson.model.FreeStyleProject
      	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
      	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
      	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
      	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
      	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
      	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
      	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
      	at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
      	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
      	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
      	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
      	at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
      	at hudson.XmlFile.write(XmlFile.java:194)
      Caused: java.io.IOException
      	at hudson.XmlFile.write(XmlFile.java:201)
      	at hudson.model.AbstractItem.save(AbstractItem.java:483)
      	at hudson.model.Job.save(Job.java:196)
      	at hudson.model.AbstractProject.save(AbstractProject.java:289)
      	at hudson.BulkChange.commit(BulkChange.java:98)
      	at hudson.model.Job.doConfigSubmit(Job.java:1355)
      	at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:772)
      	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
      	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
      	at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77)
      	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
      	at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:64)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
      	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
      	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
      	at org.eclipse.jetty.server.Server.handle(Server.java:564)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
      	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
      	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
      	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
      	at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
      	at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
      	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
      	at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: irissmann
          Path:
          pom.xml
          src/main/resources/META-INF/hudson.remoting.ClassFilter
          http://jenkins-ci.org/commit/arachni-scanner-plugin/d947bbae720c3cc1842f6e31c13877fc16ee0dab
          Log:
          JENKINS-51623 add whitelist

          *NOTE:* This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

          Functionality will be removed from GitHub.com on January 31st, 2019.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: irissmann Path: pom.xml src/main/resources/META-INF/hudson.remoting.ClassFilter http://jenkins-ci.org/commit/arachni-scanner-plugin/d947bbae720c3cc1842f6e31c13877fc16ee0dab Log: JENKINS-51623 add whitelist * NOTE: * This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: irissmann
          Path:
          pom.xml
          src/main/java/org/jenkinsci/plugins/arachni/ArachniPluginConfiguration.java
          src/main/java/org/jenkinsci/plugins/arachni/ArachniRunListener.java
          src/main/java/org/jenkinsci/plugins/arachni/ArachniScanner.java
          http://jenkins-ci.org/commit/arachni-scanner-plugin/5868496af2c3eb0677496c457b2930b230a6ee3c
          Log:
          JENKINS-51623 change logger due to problems with JEP-200 fix

          *NOTE:* This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

          Functionality will be removed from GitHub.com on January 31st, 2019.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: irissmann Path: pom.xml src/main/java/org/jenkinsci/plugins/arachni/ArachniPluginConfiguration.java src/main/java/org/jenkinsci/plugins/arachni/ArachniRunListener.java src/main/java/org/jenkinsci/plugins/arachni/ArachniScanner.java http://jenkins-ci.org/commit/arachni-scanner-plugin/5868496af2c3eb0677496c457b2930b230a6ee3c Log: JENKINS-51623 change logger due to problems with JEP-200 fix * NOTE: * This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Ingo Rissmann A correct fix would be to avoid persisting this field.
          Note that fields like https://github.com/jenkinsci/arachni-scanner-plugin/blob/master/src/main/java/org/jenkinsci/plugins/arachni/ArachniScanner.java#L46 will also cause JEP-200 serialization issues.

          You can find testing guidelines here: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers

          Show
          oleg_nenashev Oleg Nenashev added a comment - Ingo Rissmann A correct fix would be to avoid persisting this field. Note that fields like https://github.com/jenkinsci/arachni-scanner-plugin/blob/master/src/main/java/org/jenkinsci/plugins/arachni/ArachniScanner.java#L46 will also cause JEP-200 serialization issues. You can find testing guidelines here: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers
          Hide
          irissmann Ingo Rissmann added a comment -

          The problem here was the use logging framework. Changed logger with jenkins default implementation.

          Show
          irissmann Ingo Rissmann added a comment - The problem here was the use logging framework. Changed logger with jenkins default implementation.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Added some comments to the PR.
          Generally the approach will work, but https://github.com/jenkinsci/arachni-scanner-plugin/commit/d947bbae720c3cc1842f6e31c13877fc16ee0dab#r29305808 prevents the fix from being used for 2.107.x and 2.121.x LTS baselines. I would suggest reverting the jenkins.version requirement and re-releasing

          Show
          oleg_nenashev Oleg Nenashev added a comment - Added some comments to the PR. Generally the approach will work, but https://github.com/jenkinsci/arachni-scanner-plugin/commit/d947bbae720c3cc1842f6e31c13877fc16ee0dab#r29305808 prevents the fix from being used for 2.107.x and 2.121.x LTS baselines. I would suggest reverting the jenkins.version requirement and re-releasing
          Hide
          irissmann Ingo Rissmann added a comment -

          Hi Oleg Nenashev,

          thanks for reviewing the code. I integrated your suggestions (especially to make it compatible to the last LTS version) with a new pull request.
          https://github.com/jenkinsci/arachni-scanner-plugin/pull/5/files

           

          Show
          irissmann Ingo Rissmann added a comment - Hi  Oleg Nenashev , thanks for reviewing the code. I integrated your suggestions (especially to make it compatible to the last LTS version) with a new pull request. https://github.com/jenkinsci/arachni-scanner-plugin/pull/5/files  
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Thanks! The patched version looks good to me.
          Once you release it, I will update the JEP-200 Wiki

          Show
          oleg_nenashev Oleg Nenashev added a comment - Thanks! The patched version looks good to me. Once you release it, I will update the JEP-200 Wiki
          Hide
          irissmann Ingo Rissmann added a comment -

          New version 0.9.7 is out now.

          Show
          irissmann Ingo Rissmann added a comment - New version 0.9.7 is out now.

            People

            Assignee:
            irissmann Ingo Rissmann
            Reporter:
            irissmann Ingo Rissmann
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: