diff --git a/ant/pom.xml b/ant/pom.xml
index 94a194174a..2a82b49489 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -252,6 +252,14 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
dependency-check-utils
${project.parent.version}
+
+ org.apache.commons
+ commons-jcs3-core
+
+
+ io.github.jeremylong
+ jcs3-slf4j
+
org.owasp
dependency-check-core
diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
index b8c902d386..b0ea013aa7 100644
--- a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
+++ b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Purge.java
@@ -20,19 +20,17 @@
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.Field;
-import org.apache.commons.jcs.JCS;
-import org.apache.commons.jcs.access.CacheAccess;
-import org.apache.commons.jcs.engine.CompositeCacheAttributes;
-import org.apache.commons.jcs.engine.behavior.ICompositeCacheAttributes;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
import org.apache.tools.ant.Task;
import org.owasp.dependencycheck.Engine;
-import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.utils.Settings;
-import org.owasp.dependencycheck.xml.pom.Model;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.slf4j.impl.StaticLoggerBinder;
+import org.slf4j.spi.LocationAwareLogger;
/**
* An Ant task definition to execute dependency-check during an Ant build.
@@ -140,11 +138,13 @@ public void setHostedSuppressionsUrl(final String hostedSuppressionsUrl) {
* the Thread Context Class Loader set to something that can resolve it's classes. Other build tools do this
* by default but Ant does not.
*
- * @throws BuildException throws if there is a problem. See {@link #executeWithContextClassloader()} for details
+ * @throws BuildException throws if there is a problem. See
+ * {@link #executeWithContextClassloader()} for details
*/
@Override
public final void execute() throws BuildException {
- ClassLoader current = Thread.currentThread().getContextClassLoader();
+ muteJCS();
+ final ClassLoader current = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
@@ -154,6 +154,41 @@ public final void execute() throws BuildException {
}
}
+ /**
+ * Hacky method of muting the noisy logging from JCS. Implemented using a
+ * solution from SO: https://stackoverflow.com/a/50723801
+ */
+ private void muteJCS() {
+ if (System.getProperty("jcs.logSystem") == null) {
+ System.setProperty("jcs.logSystem", "slf4j");
+ }
+
+ final String[] noisyLoggers = {
+ "org.apache.commons.jcs3.auxiliary.disk.AbstractDiskCache",
+ "org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
+ "org.apache.commons.jcs3.engine.control.CompositeCache",
+ "org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCache",
+ "org.apache.commons.jcs3.engine.control.CompositeCache",
+ "org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
+ "org.apache.commons.jcs3.engine.control.event.ElementEventQueue",
+ "org.apache.commons.jcs3.engine.memory.AbstractDoubleLinkedListMemoryCache",
+ "org.apache.commons.jcs3.auxiliary.AuxiliaryCacheConfigurator",
+ "org.apache.commons.jcs3.engine.control.CompositeCacheManager",
+ "org.apache.commons.jcs3.utils.threadpool.ThreadPoolManager",
+ "org.apache.commons.jcs3.engine.control.CompositeCacheConfigurator"};
+ for (String loggerName : noisyLoggers) {
+ try {
+ final Logger l = LoggerFactory.getLogger(loggerName);
+ final Field f = l.getClass().getSuperclass().getDeclaredField("currentLogLevel");
+ f.setAccessible(true);
+ f.set(l, LocationAwareLogger.ERROR_INT);
+ } catch (IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
+ LoggerFactory.getLogger(Purge.class)
+ .debug("Failed to reset the log level of " + loggerName + ", it will continue being noisy.");
+ }
+ }
+ }
+
/**
* Executes the dependency-check purge to delete the existing local copy of
* the NVD CVE data.
diff --git a/cli/src/main/java/org/owasp/dependencycheck/App.java b/cli/src/main/java/org/owasp/dependencycheck/App.java
index ab7313d520..a326d91bc5 100644
--- a/cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -81,6 +81,9 @@ public class App {
*/
@SuppressWarnings("squid:S4823")
public static void main(String[] args) {
+ if (System.getProperty("jcs.logSystem") == null) {
+ System.setProperty("jcs.logSystem", "slf4j");
+ }
final int exitCode;
final App app = new App();
exitCode = app.run(args);
diff --git a/cli/src/main/resources/logback.xml b/cli/src/main/resources/logback.xml
index c7adf1499d..c8cccf8c30 100644
--- a/cli/src/main/resources/logback.xml
+++ b/cli/src/main/resources/logback.xml
@@ -9,9 +9,9 @@
[%level] %msg%n
-
+
-
\ No newline at end of file
+
diff --git a/core/pom.xml b/core/pom.xml
index 04bf4bf3d9..7f6216c33a 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -194,7 +194,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.apache.commons
- commons-jcs-core
+ commons-jcs3-core
+
+
+ io.github.jeremylong
+ jcs3-slf4j
com.github.package-url
diff --git a/core/src/main/java/org/owasp/dependencycheck/Engine.java b/core/src/main/java/org/owasp/dependencycheck/Engine.java
index 265aaaf81d..a74fda3609 100644
--- a/core/src/main/java/org/owasp/dependencycheck/Engine.java
+++ b/core/src/main/java/org/owasp/dependencycheck/Engine.java
@@ -19,7 +19,7 @@
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import org.apache.commons.io.FileUtils;
-import org.apache.commons.jcs.JCS;
+import org.apache.commons.jcs3.JCS;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
index 1495bcb6b7..21974ee3b0 100644
--- a/core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
+++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/CentralAnalyzer.java
@@ -40,7 +40,7 @@
import java.text.MessageFormat;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
-import org.apache.commons.jcs.access.exception.CacheException;
+import org.apache.commons.jcs3.access.exception.CacheException;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;
diff --git a/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCache.java b/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCache.java
index 9a86e1e74e..d82f8482d4 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCache.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCache.java
@@ -17,7 +17,7 @@
*/
package org.owasp.dependencycheck.data.cache;
-import org.apache.commons.jcs.access.CacheAccess;
+import org.apache.commons.jcs3.access.CacheAccess;
/**
* A generic wrapper for the Java Caching System (JCS).
diff --git a/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCacheFactory.java b/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCacheFactory.java
index a0c63862f7..b5e8f6b8dd 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCacheFactory.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/cache/DataCacheFactory.java
@@ -22,11 +22,11 @@
import java.io.InputStream;
import java.util.List;
import java.util.Properties;
-import org.apache.commons.jcs.JCS;
-import org.apache.commons.jcs.access.CacheAccess;
-import org.apache.commons.jcs.access.exception.CacheException;
-import org.apache.commons.jcs.engine.CompositeCacheAttributes;
-import org.apache.commons.jcs.engine.behavior.ICompositeCacheAttributes;
+import org.apache.commons.jcs3.JCS;
+import org.apache.commons.jcs3.access.CacheAccess;
+import org.apache.commons.jcs3.access.exception.CacheException;
+import org.apache.commons.jcs3.engine.CompositeCacheAttributes;
+import org.apache.commons.jcs3.engine.behavior.ICompositeCacheAttributes;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nodeaudit.Advisory;
import org.owasp.dependencycheck.utils.FileUtils;
diff --git a/core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java b/core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
index c194618a0e..e0068a3b18 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
@@ -33,7 +33,7 @@
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
-import org.apache.commons.jcs.access.exception.CacheException;
+import org.apache.commons.jcs3.access.exception.CacheException;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java b/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java
index 2d4b7aefbb..3cbe795502 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.java
@@ -39,7 +39,7 @@
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
-import org.apache.commons.jcs.access.exception.CacheException;
+import org.apache.commons.jcs3.access.exception.CacheException;
import static org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.DEFAULT_URL;
diff --git a/core/src/main/resources/dependencycheck-cache.properties b/core/src/main/resources/dependencycheck-cache.properties
index a3d4fc49d0..30ae65bd31 100644
--- a/core/src/main/resources/dependencycheck-cache.properties
+++ b/core/src/main/resources/dependencycheck-cache.properties
@@ -1,11 +1,11 @@
# DEFAULT CACHE REGION
jcs.default=ODC
-jcs.default.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
-jcs.default.cacheattributes.MemoryCacheName=org.apache.commons.jcs.engine.memory.lru.LRUMemoryCache
+jcs.default.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
+jcs.default.cacheattributes.MemoryCacheName=org.apache.commons.jcs3.engine.memory.lru.LRUMemoryCache
jcs.default.cacheattributes.UseMemoryShrinker=false
jcs.default.cacheattributes.MaxMemoryIdleTimeSeconds=3600
jcs.default.cacheattributes.ShrinkerIntervalSeconds=60
-jcs.default.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
+jcs.default.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.default.elementattributes.IsEternal=false
# use zero max objects with an update pattern to force disk caching
jcs.default.cacheattributes.MaxObjects=0
@@ -19,8 +19,8 @@ jcs.default.elementattributes.IsLateral=false
#note - some region attributes are defined at load tiem in the DataCacheFactory.
jcs.region.CENTRAL=ODC
-jcs.region.CENTRAL.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
-jcs.region.CENTRAL.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
+jcs.region.CENTRAL.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
+jcs.region.CENTRAL.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.region.CENTRAL.cacheattributes.MaxObjects=0
jcs.region.CENTRAL.cacheattributes.DiskUsagePattern=UPDATE
#30 day cache life for Central
@@ -31,8 +31,8 @@ jcs.region.CENTRAL.elementattributes.IsLateral=false
#note - some region attributes are defined at load tiem in the DataCacheFactory.
jcs.region.POM=ODC
-jcs.region.POM.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
-jcs.region.POM.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
+jcs.region.POM.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
+jcs.region.POM.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.region.POM.cacheattributes.MaxObjects=0
jcs.region.POM.cacheattributes.DiskUsagePattern=UPDATE
#90 day cache life for POM files from Central - this should likely be higher...
@@ -43,8 +43,8 @@ jcs.region.POM.elementattributes.IsLateral=false
jcs.region.NODEAUDIT=ODC
-jcs.region.NODEAUDIT.cacheattributes=org.apache.commons.jcs.engine.CompositeCacheAttributes
-jcs.region.NODEAUDIT.elementattributes=org.apache.commons.jcs.engine.ElementAttributes
+jcs.region.NODEAUDIT.cacheattributes=org.apache.commons.jcs3.engine.CompositeCacheAttributes
+jcs.region.NODEAUDIT.elementattributes=org.apache.commons.jcs3.engine.ElementAttributes
jcs.region.NODEAUDIT.cacheattributes.MaxObjects=0
jcs.region.NODEAUDIT.cacheattributes.DiskUsagePattern=UPDATE
#24 hour default cache life
@@ -54,8 +54,8 @@ jcs.region.NODEAUDIT.elementattributes.IsRemote=false
jcs.region.NODEAUDIT.elementattributes.IsLateral=false
# AVAILABLE AUXILIARY CACHES
-jcs.auxiliary.ODC=org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCacheFactory
-jcs.auxiliary.ODC.attributes=org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCacheAttributes
+jcs.auxiliary.ODC=org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCacheFactory
+jcs.auxiliary.ODC.attributes=org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCacheAttributes
#jcs.auxiliary.ODC.attributes.DiskPath=$ {user.dir}/jcs_swap
jcs.auxiliary.ODC.attributes.MaxPurgatorySize=10000000
jcs.auxiliary.ODC.attributes.MaxKeySize=1000000
diff --git a/core/src/test/java/org/owasp/dependencycheck/BaseTest.java b/core/src/test/java/org/owasp/dependencycheck/BaseTest.java
index b8fea140dd..4b2213c4b9 100644
--- a/core/src/test/java/org/owasp/dependencycheck/BaseTest.java
+++ b/core/src/test/java/org/owasp/dependencycheck/BaseTest.java
@@ -41,6 +41,9 @@ public abstract class BaseTest {
*/
@Before
public void setUp() throws Exception {
+ if (System.getProperty("jcs.logSystem") == null) {
+ System.setProperty("jcs.logSystem", "slf4j");
+ }
settings = new Settings();
}
diff --git a/core/src/test/resources/logback-test.xml b/core/src/test/resources/logback-test.xml
index 3bf2ce1769..221f2fbd8f 100644
--- a/core/src/test/resources/logback-test.xml
+++ b/core/src/test/resources/logback-test.xml
@@ -31,4 +31,5 @@
-
\ No newline at end of file
+
+
diff --git a/maven/pom.xml b/maven/pom.xml
index 59f5e9dd99..d927cbcb6c 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -107,6 +107,14 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
dependency-check-utils
${project.parent.version}
+
+ org.apache.commons
+ commons-jcs3-core
+
+
+ io.github.jeremylong
+ jcs3-slf4j
+
org.apache.maven
maven-plugin-api
diff --git a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index e3b2fbfd91..d055406205 100644
--- a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -2457,19 +2457,23 @@ private String[] determineSuppressions() {
* solution from SO: https://stackoverflow.com/a/50723801
*/
private void muteJCS() {
+ if (System.getProperty("jcs.logSystem") == null) {
+ System.setProperty("jcs.logSystem", "slf4j");
+ }
+
final String[] noisyLoggers = {
- "org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache",
- "org.apache.commons.jcs.engine.memory.AbstractMemoryCache",
- "org.apache.commons.jcs.engine.control.CompositeCache",
- "org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache",
- "org.apache.commons.jcs.engine.control.CompositeCache",
- "org.apache.commons.jcs.engine.memory.AbstractMemoryCache",
- "org.apache.commons.jcs.engine.control.event.ElementEventQueue",
- "org.apache.commons.jcs.engine.memory.AbstractDoubleLinkedListMemoryCache",
- "org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator",
- "org.apache.commons.jcs.engine.control.CompositeCacheManager",
- "org.apache.commons.jcs.utils.threadpool.ThreadPoolManager",
- "org.apache.commons.jcs.engine.control.CompositeCacheConfigurator"};
+ "org.apache.commons.jcs3.auxiliary.disk.AbstractDiskCache",
+ "org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
+ "org.apache.commons.jcs3.engine.control.CompositeCache",
+ "org.apache.commons.jcs3.auxiliary.disk.indexed.IndexedDiskCache",
+ "org.apache.commons.jcs3.engine.control.CompositeCache",
+ "org.apache.commons.jcs3.engine.memory.AbstractMemoryCache",
+ "org.apache.commons.jcs3.engine.control.event.ElementEventQueue",
+ "org.apache.commons.jcs3.engine.memory.AbstractDoubleLinkedListMemoryCache",
+ "org.apache.commons.jcs3.auxiliary.AuxiliaryCacheConfigurator",
+ "org.apache.commons.jcs3.engine.control.CompositeCacheManager",
+ "org.apache.commons.jcs3.utils.threadpool.ThreadPoolManager",
+ "org.apache.commons.jcs3.engine.control.CompositeCacheConfigurator"};
for (String loggerName : noisyLoggers) {
try {
//This is actually a MavenSimpleLogger, but due to various classloader issues, can't work with the directly.
diff --git a/pom.xml b/pom.xml
index df48d9e54f..f5f3a1c988 100644
--- a/pom.xml
+++ b/pom.xml
@@ -146,7 +146,10 @@ Copyright (c) 2012 - Jeremy Long
2.14.0
3.13.0
1.10.0
- 2.2.1
+
+ 3.2
1.2.3
4.13.2
2.2
@@ -1031,9 +1034,14 @@ Copyright (c) 2012 - Jeremy Long
org.apache.commons
- commons-jcs-core
+ commons-jcs3-core
${commons-jcs-core.version}
+
+ io.github.jeremylong
+ jcs3-slf4j
+ 1.0.0
+
commons-validator
commons-validator