When I use Sonarqube to scan my code, I get a Security Hotspot issue (Make sure that this logger's configuration is safe) for the following line:
serviceCollection.AddSingleton(new LoggerFactory().AddLambdaLogger(loggerOptions));
How would I resolve this issue?
Related
I am trying to debug the Spring Boot application with cmd "./gradlew bootRun --debug-jvm", earlier it was working fine but now when I am trying to build with cmd and trying to debug the code, my application is not going up. It is building without any error but still, application is not going up.
getting Listening for transport dt_socket at address: 5005 this message too.
IDK what happened , and i changed nothing in build.gradle, what can be the reason?
Debug can be turned on in different ways. Check the value of GRADLE_OPTS environment variable and org.gradle.jvmargs Java system property.
Latter can be set in different places: on the project level (in gradle.properties in project root) or in global config ~/.gradle/gradle.properties.
Setting suspend to n will allow you to both run the process in debug mode and do not wait for the debugger.
More info can be found here
I need, for performance reasons, get rid of org.jooq.tools.LoggerListener DEBUG log messages in Spring Boot application running inside Docker. None of the Spring Boot options like (Docker) env variable LOGGING_LEVEL_ORG_JOOQ=INFO in docker-compose.yml or Java system property -Dlogging.level.org.jooq=INFO passed to docker container in entry.sh do not remove these DEBUG messages reporting query execution details. Both option have been checked at Docker container level.
Even custom logback-perf.xml conf file, as in https://github.com/jOOQ/jOOQ/blob/master/jOOQ-examples/jOOQ-spring-boot-example/src/main/resources/logback.xml with DEBUG->INFO, pointed by LOGGING_CONFIG env var from docker-compose.yml does not prevent these debug messages. I have verified that the custom logback-perf.xml conf file is in use by changing appender patterns.
The best way to remove those messages in jOOQ directly, is to specify Settings.executeLogging = false, see here.
Obviously, there are also ways to set up loggers correctly, but I cannot see what you did from your description, or why that failed.
I have a spring boot app (1.5.10.RELEASE) that logs great when running as a standalone application in Eclipse IDE. I am using spring config and the properties file says this:
logging.level.com.myco.impl=DEBUG
logging.path=/log/myService
When I run as a standalone application, I see everything I see logged to the console and to a file in the above directory (called spring.log).
I then build my "uber jar" and run in like this:
java -jar my-service-0.1.0.jar. I see all the console logging just like running in IDE. I can see it looking for my configuration in spring config but I do not see any log file created.
I could use some ideas on what to look at.
In short - I (almost :-) ) believe that you have not set proper permissions on the logging path as pointed in the comments. The logging configurations seem quite simple and are described here. You can't get these wrong easily and yours seem OK.
The tricky part is how to diagnose the exact problem. For example on my system if I change the owner of the logging directory I can reproduce the behaviour with the uber jar that you described.
Next - I guess we both use slf4j with logback (e.g. coming because of spring-boot-starter). The laziest and quickest approach to understand what's wrong is to print the logback status messages as explained here. For example - programatically - there are other options too but I'll take the dirtiest :-) . Put this somewhere in your code:
LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory();
// print logback's internal status
StatusPrinter.print(lc);
LOGGER.debug("Some other message");
If I do that in my sample app (boot 1.5.10.RELEASE) I can immediately see the problem printed in the console along with many more status messages:
23:23:07,857 |-ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - openFile(/tmp/so/spring.log,true) call failed. java.io.FileNotFoundException: /tmp/so/spring.log (Permission denied)
at java.io.FileNotFoundException: /tmp/so/spring.log (Permission denied)
See comments above. I did not include a jar I needed that was critical for reinitializing the logging system once it contacted spring cloud.
The issue may be a bug in Spring Boot 1.5.10, see:
https://github.com/spring-projects/spring-boot/issues/11951
I've faced similar issue when application cannot run, because log file was owned by root user and not available to change by application user.
Try to upgrade Spring Boot to 1.5.11 -- issue fixed in this version.
I installed springxd 1.0.1 release. I configured spring-xd to run in HTTPS mode by enabling the SSL properties as specified in https://github.com/spring-projects/spring-xd/wiki/Application-Configuration#enabling-https. I am able to start the xd admin and containers successfully after that. I set the httpSSL.properties as well. However, I am not able to get the xd shell properly. or admin UI to run. I know I have to specify these new ssl properties for them to use, but I am not sure where. The output when I run xd shell is:
1.0.1.RELEASE | Admin Server Target: http://localhost:9393
-------------------------------------------------------------------------------
Error: Unable to contact XD Admin Server at 'http://localhost:9393'.
Please execute 'admin config info' for more details.
-------------------------------------------------------------------------------
Welcome to the Spring XD shell. For assistance hit TAB or type "help".
server-unknown:>
When I try the admin-ui, I just get a 'Connection Interrupted' error.
EDIT: I tried basic authentication by enabling the properties in servers.yml. With this I am able to get the admin-ui to work, but shell still does not work. I am trying to find which configurations I need to set to make this work unsuccessfully. Any help is greatly appreciated.
Any pointers are greatly appreciated.
thanks much,
AG
Asha,
A few clarifications:
You do not need to change httpSSL.properties, that is necessary only for configuring HTTPS for the HTTP source.
Since you've enabled https, you must change the target URL accordingly, as follows:
xd:> admin config server https://localhost:9393
(please note that the protocol is https now)
If you also enable Basic security, you must add the configuration parameters to the configuration command, as in this example:
xd:> admin config server --uri https://localhost:9393 --username adminUserName --password adminPassword
(As described in the reference documentation)
Hope this helps,
Marius
I cannot get the proxy configuration to work for SonarQube 4.0 so that I can install plugins.
When i open http://localhost:9000/updatecenter/available it displays the error: "Not connected to update center. Please check your internet connection and logs."
In sonar.log I read: "org.sonar.api.utils.HttpDownloader$HttpException: Fail to download [http://update.sonarsource.org/update-center.properties]. Response code: 403"
In sonar.properties I configured it with the same proxy which I use for other programs:
sonar.updatecenter.activate=true
http.proxyHost=<host>
http.proxyPort=<port>
http.proxyUser=<username>
http.proxyPassword=<password>
I tried the same to configure in wrapper.properties, but it didn't work either by the way.
For the proxy host I tried the short and the full name. For the username I tried just the username and with <DOMAINNAME>\<username> and <DOMAINNAME>\\<username>.
Nothing of it worked. Any ideas?
My proxy configuration works and looks the following way:
http.proxyHost=proxy.domain.de
http.proxyPort=8888
Note that there is no "http://" or anything else before the URL.
Also, I do not use proxy authentication, so I left "proxyUser" and "proxyPassword" commented out.
For those running SonarQube in Docker, I had no luck with any suggestion mentioned here. But I found following solution that worked for me (here):
docker run -d sonarqube -Dhttp.proxyHost=<myproxy.url.com> -Dhttp.proxyPort=<port>
and equivalent of this in a docker-compose notation:
services:
sonarqube:
image: sonarqube
command: -Dhttp.proxyHost=<myproxy.url.com> -Dhttp.proxyPort=<port>
Just an information: I had this problem also.
I can see the PlugIns but cannot download it. The problem is, you have to add this line into your sonar.properties, for the https:
# https-proxy
sonar.web.javaAdditionalOpts=-Dhttps.proxyHost=xxxxx -Dhttps.proxyPort=xxxx -Dhttps.proxyUser=xxxx -Dhttps.proxyPassword=xxxx
I used the official documentation and it works:
Using the Update Center behind a Proxy
http.proxyHost=<your.proxy.host>
http.proxyPort=<yout.proxy.port>
Regards,
At sonar.properties set the proxy without "http://", only http.proxyHost=myproxy.domain.pt
Another suggestion is to also add this lines on wrapper.conf:
wrapper.java.additional.3=-Dhttp.proxySet=true
wrapper.java.additional.4=-Dhttp.proxyHost=myproxy.domain.pt
wrapper.java.additional.5=-Dhttp.proxyPort=myproxy.port
wrapper.java.additional.6=-Dhttps.proxyHost=myproxy.domain.pt
wrapper.java.additional.7=-Dhttps.proxyPort=myproxy.port
Careful if you have a docker volume, remove it before deploy the new one with this configuration, or otherwise it will keep the original configuration
Appart from http, don't forget to set your https proxy configuration in sonar.properties (update server is behind HTTPS):
https.proxyHost=<host>
https.proxyPort=<port>
https.proxyUser=<username>
https.proxyPassword=<password>