This is the source code repository for the Open Justice Broker Consortium (OJBC).
Home Page: http://www.ojbc.org
License: Other
This is the source code repository for the Open Justice Broker Consortium (OJBC).
Open Justice Broker Consortium Users List - This mailing list is for discussions related to use of the Open Justice Broker and membership in the OJBC.
Open Justice Broker Consortium Development List - This mailing list is for discussions related to development of the Open Justice Broker
Hi, could you please create a new draft security advisory and
invite me to it?
Any other private communication channel would also be fine.
I think I've found a potential security problem.
My disclosures always follow Github's 90-day disclosure policy (I'm not an employee of Github, I just like their policy).
Hi! We spot a vulnerable dependency in your project, which might threaten your software. We also found another project that uses the same vulnerable dependency in a similar way as you did, and they have upgraded the dependency. We, thus, believe that your project is highly possible to be affected by this vulnerability similarly. The following shows the detailed information.
org.ojbc.adapters.analyticsstaging.custody.service.DescriptionCodeLookupFromExcelService:loadMapOfCodeMaps(java.lang.String)
⬇️
org.apache.poi.xssf.usermodel.XSSFWorkbook:<init>(java.io.InputStream)
⬇️
...
⬇️
org.apache.poi.util.DocumentHelper:newDocumentBuilder()Another project also used the same dependency with a similar invocation path, and they have taken actions to resolve this issue.
com.bstek.urule.console.servlet.respackage.PackageServletHandler:parseExcel(java.io.InputStream)
⬇️
org.apache.poi.xssf.usermodel.XSSFWorkbook:<init>(java.io.InputStream)
⬇️
...
⬇️
org.apache.poi.util.DocumentHelper:newDocumentBuilder()Therefore, you might also need to upgrade this dependency. Hope this can help you! 😄
Hello! I was trying to compile the the main repository on a clean machine but ran into a couple of issues that I was trying to get through. Are there some pre-requisites that need to be in place before attempting to compile/install the project?
For example, when I mvn compile, I receive compile errors when maven attempts to compile the ojb-web-application-connector project. In looking at this in more detail, it appears another GitHub project needed to be installed first:
https://github.com/entityresolution/Entity_Resolution_Resources
After I compiled/installed the above project, I was able to compile everything in this repository successfully.
When I try to run the mvn test lifecycle, though, I am getting the following errors:
Running org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest
Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 1.461 sec <<< FAILURE! - in org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest
testDocumentObject(org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest) Time elapsed: 1.264 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: class org.apache.ws.security.components.crypto.Merlin cannot create instance
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:332)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:179)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:346)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:99)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.setupExchange(SQLLoggingProcessorTest.java:214)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.testDocumentObject(SQLLoggingProcessorTest.java:103)
testStringObject(org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest) Time elapsed: 0.069 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: class org.apache.ws.security.components.crypto.Merlin cannot create instance
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:332)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:179)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:346)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:99)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.setupExchange(SQLLoggingProcessorTest.java:214)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.testStringObject(SQLLoggingProcessorTest.java:111)
testRedactionWithNullValue(org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest) Time elapsed: 0.072 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: class org.apache.ws.security.components.crypto.Merlin cannot create instance
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:332)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:179)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:346)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:99)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.setupExchange(SQLLoggingProcessorTest.java:214)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.testRedactionWithNullValue(SQLLoggingProcessorTest.java:119)
testRedaction(org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest) Time elapsed: 0.053 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: class org.apache.ws.security.components.crypto.Merlin cannot create instance
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:332)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:179)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:346)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:99)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.setupExchange(SQLLoggingProcessorTest.java:214)
at org.ojbc.util.camel.processor.audit.SQLLoggingProcessorTest.testRedaction(SQLLoggingProcessorTest.java:131)
Running org.ojbc.util.camel.processor.TestSystemNameToTopicExpressionMapper
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 sec - in org.ojbc.util.camel.processor.TestSystemNameToTopicExpressionMapper
Running org.ojbc.util.camel.saml.TestSAMLTokenUtils
Tests run: 2, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 0.12 sec <<< FAILURE! - in org.ojbc.util.camel.saml.TestSAMLTokenUtils
testCreateAssertionWithCustomAttributesWithNull(org.ojbc.util.camel.saml.TestSAMLTokenUtils) Time elapsed: 0.065 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: class org.apache.ws.security.components.crypto.Merlin cannot create instance
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:332)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:179)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:346)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:99)
at org.ojbc.util.camel.saml.TestSAMLTokenUtils.testCreateAssertionWithCustomAttributesWithNull(TestSAMLTokenUtils.java:38)
testCreateAssertionWithCustomAttributes(org.ojbc.util.camel.saml.TestSAMLTokenUtils) Time elapsed: 0.054 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: class org.apache.ws.security.components.crypto.Merlin cannot create instance
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at org.apache.ws.security.components.crypto.Merlin.loadInputStream(Merlin.java:332)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:179)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:78)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:346)
at org.ojbc.util.camel.security.saml.SAMLTokenUtils.createStaticAssertionWithCustomAttributes(SAMLTokenUtils.java:99)
at org.ojbc.util.camel.saml.TestSAMLTokenUtils.testCreateAssertionWithCustomAttributes(TestSAMLTokenUtils.java:145)
Results :
Tests in error:
SQLLoggingProcessorTest.testDocumentObject:103->setupExchange:214 » WSSecurity
SQLLoggingProcessorTest.testRedaction:131->setupExchange:214 » WSSecurity clas...
SQLLoggingProcessorTest.testRedactionWithNullValue:119->setupExchange:214 » WSSecurity
SQLLoggingProcessorTest.testStringObject:111->setupExchange:214 » WSSecurity c...
TestSAMLTokenUtils.testCreateAssertionWithCustomAttributes:145 » WSSecurity cl...
TestSAMLTokenUtils.testCreateAssertionWithCustomAttributesWithNull:38 » WSSecurity
Tests run: 11, Failures: 0, Errors: 6, Skipped: 0
I'm guessing there are some other setup tasks that I need to do too. Any thoughts?
Thanks!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.