Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suppress INFO messages related to initial fix for JAXB vulnerability #2

Closed
jordanpadams opened this issue Jun 24, 2019 · 8 comments · Fixed by #151
Closed

Suppress INFO messages related to initial fix for JAXB vulnerability #2

jordanpadams opened this issue Jun 24, 2019 · 8 comments · Fixed by #151
Labels
bug Something isn't working security

Comments

@jordanpadams
Copy link
Member

jordanpadams commented Jun 24, 2019
edited
Loading 

The attachment was too big, so it's at pds-gamma:~rchen/a16.zip

If I validate the whole bundle, validate gives some strange warning for the file a16_psr_ch11_lsm.xml, but if I validate that file directly, validate passes:

% validate -f -t a16
PDS Validate Tool Report

Configuration:
Version 1.15.0
Date 2019-06-23T22:59:00Z

Parameters:
Targets file:/Users/rchen/Desktop/a16/
Severity Level WARNING
Recurse Directories true
File Filters Used [*.xml, *.XML]
Force Mode on
Data Content Validation on
Max Errors 100000
Registered Contexts File /PDS4tools/validate/resources/registered_context_products.json

 

Product Level Validation Results

PASS: file:/Users/rchen/Desktop/a16/bundle.xml

PASS: file:/Users/rchen/Desktop/a16/document/l1b2l1alsmpds.xml

PASS: file:/Users/rchen/Desktop/a16/document/getlsmcvs.xml

PASS: file:/Users/rchen/Desktop/a16/document/getclockrate.xml

PASS: file:/Users/rchen/Desktop/a16/document/a16_lsm_raw_arcsav_descr.xml

PASS: file:/Users/rchen/Desktop/a16/document/a16_psr_ch11_lsm.xml
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/PDS4.9b.tools/validate-1.15.0/lib/jaxb-impl-2.2.4.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

FAIL: file:/Users/rchen/Desktop/a16/document/collection.xml
Begin Content Validation: file:/Users/rchen/Desktop/a16/document/collection_inventory.csv
ERROR [error.table.records_mismatch] table 1: Number of records read is not equal to the defined number of records in the label (expected 91, got 5).
End Content Validation: file:/Users/rchen/Desktop/a16/document/collection_inventory.csv

Summary:

1 error(s)
0 warning(s)

Message Types:
1 error.table.records_mismatch

End of Report
% validate -f -t a16/document/a16_psr_ch11_lsm.xml
PDS Validate Tool Report

Configuration:
Version 1.15.0
Date 2019-06-23T23:00:13Z

Parameters:
Targets file:/Users/rchen/Desktop/a16/document/a16_psr_ch11_lsm.xml
Severity Level WARNING
Recurse Directories true
File Filters Used [*.xml, *.XML]
Force Mode on
Data Content Validation on
Max Errors 100000
Registered Contexts File /PDS4tools/validate/resources/registered_context_products.json

 

Product Level Validation Results

PASS: file:/Users/rchen/Desktop/a16/document/a16_psr_ch11_lsm.xml

Summary:

0 error(s)
0 warning(s)

End of Report
@jordanpadams jordanpadams added the bug Something isn't working label Jun 24, 2019
@jordanpadams
Copy link
Member Author

@richardchenca I can't seem to find this data? can you make sure this is on pds-gamma?

@richardchenca
Copy link

a16.zip
Sorry, I saw that file in my directory, didn't remember what it was for, and deleted it. Attached here is a reduced directory that still gives the weird warnings. I've encountered it many times since.

Last login: Wed Aug 21 13:21:53 on ttys000
/Users/rchen> cd Desktop/
/Users/rchen/Desktop> validate -f -t a16
PDS Validate Tool Report

Configuration:
Version 1.15.0
Date 2019-08-21T20:28:51Z

Parameters:
Targets [file:/Users/rchen/Desktop/a16/]
Severity Level WARNING
Recurse Directories true
File Filters Used [*.xml, *.XML]
Force Mode on
Data Content Validation on
Max Errors 100000
Registered Contexts File /PDS4tools/validate/resources/registered_context_products.json

Product Level Validation Results

PASS: file:/Users/rchen/Desktop/a16/a16_psr_ch11_lsm.xml
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/PDS4.9b.tools/validate-1.15.0/lib/jaxb-impl-2.2.4.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

PASS: file:/Users/rchen/Desktop/a16/collection.xml

Summary:

0 error(s)
0 warning(s)

End of Report
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop> validate -f -t a16/a1
a16_psr_ch11_lsm.pdf a16_psr_ch11_lsm.xml
/Users/rchen/Desktop> validate -f -t a16/a16_psr_ch11_lsm.xml
PDS Validate Tool Report

Configuration:
Version 1.15.0
Date 2019-08-21T20:29:06Z

Parameters:
Targets [file:/Users/rchen/Desktop/a16/a16_psr_ch11_lsm.xml]
Severity Level WARNING
Recurse Directories true
File Filters Used [*.xml, *.XML]
Force Mode on
Data Content Validation on
Max Errors 100000
Registered Contexts File /PDS4tools/validate/resources/registered_context_products.json

Product Level Validation Results

PASS: file:/Users/rchen/Desktop/a16/a16_psr_ch11_lsm.xml

Summary:

0 error(s)
0 warning(s)

End of Report
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop>
/Users/rchen/Desktop> validate --version

Validate Tool
Version 1.15.0
Release Date: 2019-04-01 07:56:51
Core Schema: PDS4_PDS_1C00.xsd
Core Schematron: PDS4_PDS_1C00.sch

Copyright 2010-2018, by the California Institute of Technology.
ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged.
Any commercial use must be negotiated with the Office of Technology Transfer
at the California Institute of Technology.

This software is subject to U. S. export control laws and regulations
(22 C.F.R. 120-130 and 15 C.F.R. 730-774). To the extent that the software
is subject to U.S. export control laws and regulations, the recipient has
the responsibility to obtain export licenses or other export authority as
may be required before exporting such information to foreign countries or
providing access to foreign nationals.

/Users/rchen/Desktop>

@msbentley
Copy link

We have noticed similar errors on our side and I believe @fran-vallejo suspected the jaxb library. @richardchenca are you using java >8?

@rchenatjpl
Copy link
Contributor

Hi, Mark,
% java --version
java 12.0.1 2019-04-16
Java(TM) SE Runtime Environment (build 12.0.1+12)
Java HotSpot(TM) 64-Bit Server VM (build 12.0.1+12, mixed mode, sharing)

Did another ticket clean this up? I don't see one linked, but here's a current validate on my machine on the .zip attached earlier. It'd be nice not to have that extraneous message, but it's not so disconcerting.
% validate -t Desktop/a16
PDS Validate Tool Report

Configuration:
Version 1.17.4
Date 2019-10-25T14:51:49Z

Parameters:
Targets [file:/Users/rchen/Desktop/a16/]
Severity Level WARNING
Recurse Directories true
File Filters Used [*.xml, *.XML]
Data Content Validation on
Product Level Validation on
Max Errors 100000
Registered Contexts File /PDS4tools/validate/resources/registered_context_products.json

Product Level Validation Results

PASS: file:/Users/rchen/Desktop/a16/a16_psr_ch11_lsm.xml
Oct 25, 2019 7:51:53 AM com.sun.xml.bind.v2.runtime.reflect.opt.AccessorInjector
INFO: The optimized code generation is disabled

PASS: file:/Users/rchen/Desktop/a16/collection.xml

Validation complete.

Summary:

0 error(s)
0 warning(s)

End of Report

@jordanpadams
Copy link
Member Author

@rchenatjpl I think there was a ticket out there that fixed this regarding "JAXB error". Unfortunately, this is the best I've got at the moment. I can't figure out how to ignore the third party library messages but I will see what I can do.

@fran-vallejo
Copy link

@msbentley, those warnings were an issue with the jaxb fixed in version 2.3.1 as described at eclipse-ee4j/jaxb-ri#1197

I have tried to build a pds4-jparser with an updated jaxb-impl dependency in its pom (from 2.2.4 to 2.3.1) to check if that fixed the problem, but it caused a couple follow-up problems:

  • It raises a ClassNotFoundError when building pds4-jparser.
  • Adding the jaxb-core as dependency to pds4-jparser fixes the ClassNotFoundError but causes more errors and tests failures.

@jordanpadams
Copy link
Member Author

@fran-vallejo thanks for the shot. that was the concern i had with trying to upgrade right at the build boundary. we will look into this more deeply next build.

jordanpadams added a commit that referenced this issue Oct 25, 2019
@jordanpadams
Added java.util.logging properties to suppress messages
e6832be 
Fix for #2 and the INFO messages that come post #3 until we upgrade JAXB in
PDS4 JParser.

Should probably make the fix in PDS4-JParser directly, but this works for now.
@jordanpadams jordanpadams mentioned this issue Oct 25, 2019
Merged
@jordanpadams jordanpadams mentioned this issue Oct 25, 2019
Open
@jordanpadams
Copy link
Member Author

@msbentley @fran-vallejo @rchenatjpl I just merged a temporary fix for this to suppress the INFO messages in Validate and a point build is being deployed as we speak. there is probably a better way to do this programmatically in PDS4 JParser, but I'm already spent a ton of time on this :-)

@jordanpadams jordanpadams changed the title Line mismatch error possibly associated with memory error Suppress INFO messages related to initial fix for JAXB vulnerability Oct 25, 2019
@galenatjpl galenatjpl mentioned this issue Nov 27, 2019
Merged
@jordanpadams jordanpadams mentioned this issue Apr 17, 2020
Closed
4 tasks
@riverma riverma mentioned this issue Sep 18, 2020
Closed
@riverma riverma mentioned this issue Nov 12, 2020
Closed
@jordanpadams jordanpadams mentioned this issue Jan 27, 2021
Closed
@sslavney sslavney mentioned this issue Feb 17, 2021
Closed
@c-suh c-suh mentioned this issue Feb 18, 2021
Closed
jordanpadams added a commit that referenced this issue Jun 29, 2021
@jordanpadams
Hide com.sun.xml.bind.v2.runtime.reflect.opt.AccessorInjector
e027722 
Missed this resolution for #2 for .bat files
jordanpadams added a commit that referenced this issue Jul 3, 2021
@jordanpadams
Hide com.sun.xml.bind.v2.runtime.reflect.opt.AccessorInjector
696481c 
Missed this resolution for #2 for .bat files
@rchenatjpl rchenatjpl mentioned this issue Aug 22, 2022
Closed
@mit3ch mit3ch mentioned this issue Dec 2, 2022
Closed
@jordanpadams jordanpadams mentioned this issue Dec 2, 2022
Closed
@jennifergward jennifergward mentioned this issue Jan 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added java.util.logging properties to suppress messages NASA-PDS/validate
5 participants
@msbentley @jordanpadams @richardchenca @fran-vallejo @rchenatjpl