I have read here that the log4j library can be "nested" within other files that are deployed with an application.
I can find files with 'log4j' in the filename but don't know how to find log4j in these "nested jars". Is there a way to do this from the command line?
update
This question has moved to SuperUser here.
Run the following command search for log4j jar files in an application:
dir /s /b <application_root>\*log4j*.jar
If any files are displayed, check the version number that is part of the file name. For example Tomcat\webapps\ROOT\WEB-INF\lib\log4j-core-2.15.0.jar is version 2.15.
If the version is between 2 and 2.14 (2.15 is not vulnerable), the application is vulnerable to CVE-2021-44228 and one of the following mitigations must be applied.
Related
Actually, I'm trying to add new language to Streama Media Server. I downloaded source code, added new language file (as guided here). After that, I want to build a jar with that project, I build it with IntelliJ Idea 2021.1 (here is how I did). So, When I run that jar file (in Ubunt 20.04), it fails and gives this error: Screenshot
When you have made adjustments to the source code, it is likely that you will want to create a new .jar file and deploy it on your server. For this, you can use a simple command:
# for unix based systems
**./gradlew assemble**
# for windows
**./gradlew.bat assemble**
This will create 2 new .jar files under build/libs,
streama-{version}.jar
streama-{version}.jar.original
all you will need is the streama-{version}.jar.
This file is an executable, so you can just copy it into your deployment directory / your server and start it as usual.
I want to copy a data file from a directory in my source tree to the directory of the linked app so it's available at runtime, on Windows only. There appear to be two suggested techniques: use a post target dependency to issue a DOS copy command (Including resource files in Qt Creator build directory) or use an install step (Copy a file to the build directory after compiling project with Qt), but I cannot make either work in the way I would like.
The former requires me to use qmake path variables to generate my source and destination paths, but they contain backslash path separators, which the DOS copy command cannot handle.
The install solution forces other users of my project to set up a post build step in Qt Creator before it will work (one per configuration, in fact) and I would like to avoid this, as I want to make my project work with a default Qt Creator installation.
Is there any way to do this apparently simple task that can be wholly defined in the .pro file for the project? For example, is there a way to expand qmake path variables in a platform specific way?
Though these commands run ONLY after the executable is ACTUALLY linked, this solution doesn't require an external batch file. Note: this a Windows-only solution:
From our .pri file:
win32 {
...
# Copy the appropriate dll files into the target destination directory.
QMAKE_TBB_LIBDIR = $$quote($$PWD/MySource/MyLibs/$${PLATFORM_NAME}/vc9)
QMAKE_POST_LINK = copy /y $${replace(QMAKE_TBB_LIBDIR, /, \\)}\\*.dll > $${replace($$quote(DESTDIR), /, \\)}
...
}
This places a command in the Makefile that copies all the .dll files in MyLibs/x64 or MyLibs/Win32 into the destination directory.
However, if the executable did not need to be linked, then the .dlls are NOT copied.
The post build batch file would not have this limitation.
I want to create one executable JAR file which contains other JAR libraries. But when I execute the JAR, it gives an error of class path problem.
How do I solve the class-path problem?
I think you can try it like this;
Here is a simple example for you question. First, we assume we have a project directory like D:\javademo. In this working directory we then create a main class HelloWorld.java and thtat contains our other JAR files, like commons-lang.jar. Now, we must archive our main classes HelloWorld and commons-lang.jar into test.jar file.
First we must edit our manifest file so that we can specify our class-path and main-class
like this:
Manifest-Version: 1.0
Created-By: tony example
Class-Path: test.jar commons-lang.jar
Main-Class: org.tony.java.HelloWorld
We named this file test.mf. Now we use the jar command to generate our JAR file like this:
jar -cvfm test.jar test.mf -C ./ .
Then it will generate the JAR file test.jar. You can use this command to run this main class using java command:
java -jar test.jar
That is my solution. I hope it give you something helpful...
You should use third-party libraries for it. For example, OneJar. You'll have to build the final JAR file using the OneJar tool (like Ant task) instead of standard JRE's tools.
On running such a JAR file, OneJar's service class is launched instead of yours. This class then loads JAR files packed inside, as well as your classes, and run your main class.
There are similar questions and answers already. For example: Stack Overflow question Easiest way to merge a release into one JAR file.
I created simple Java Servlet: WelcomeServlet.java.
Than, I tried compile this file via:
javac WelcomeServlet.java
In result I see compile error:
package javax.servlet doesn't exit
I try find solution for this error with Google. And I find first part of answer: java compiler doesnt see servlet-api.jar file.
I know, that Apache Tomcat in it lib folder contains servlet-api.jar file.
So, I have this file, but where I must copy this file??
I try different folders:
echo %JAVA_HOME%
C:\Program Files\Java\jdk1.6.0_26
%PATH% contains this line: C:\Program Files\Java\jdk1.6.0_26\bin
So, I copy in:
%JAVA_HOME%\bin
%JAVA_HOME%\lib
%JAVA_HOME%\jre\lib
And in result same error.
And only after I copy servlet-api.jar in directory:
%JAVA_HOME%\jre\lib\ext
compilation complite sucessful.
My question: Why? Why I must copy in folder %JAVA_HOME%\jre\lib\ext ??
Where This moment describe in documentation?
And other question we have some official docs or specifications that describe folder structure for jdk folder??
You'll need to specify the directory or directories you want the compiler to search by using the -classpath command line option when running javac. The reason the compiler found your .jar in %JAVA_HOME%\jre\lib\ext is because it searches the extension directories by default.
This is for Java 1.5, but I believe it is more or less still correct:
http://docs.oracle.com/javase/1.5.0/docs/tooldocs/findingclasses.html
The link Shaun provides is a more complete answer. But in short, using the classpath is the best way to introduce 3rd party or external (to the JDK/JRE) libraries. The classpath is a concept much like the %PATH% or the $PATH variables, but specifies locations for java to use for lookup rather than the shell to use for lookup of executables.
The classpath provides the java compiler or java virtual machine a list of items to use when searching for resources. This "path" may include directories or files. It will typically include jar files and sometimes locations of configuration files. Many Java based lookup schemes for files configuration or otherwise use some variant of what is accomplished by [Class#getResourceAsStream()][1]'s use of walking the Classpath.
I have rarely seen an incident where putting a jar file in the lib/ext location was preferred to utilizing the Classpath.
The classpath is typically an environment variable (%CLASSPATH% or $CLASSPATH) or specified on the command line when running java or javac (e.g. -cp or -classpath see the help from the executable you are running).
Build tools such as Ant and Maven will also provide abstractions to defining the list of jars to be utilized by your applications and are highly recommended to be used for any length of repetitive change code, build, test, run cycles.
I have a bunch of JAR files (from a maven2 project) and maven reports some package could not be found (org.openanzo.client.jena to be exact). I want to dig into the JAR files downloaded as the result of maven dependency resolution and find what packages are thus available from these JAR files. Insights?
UPDATE: Apparently, the only good solution to inspect insides of a jar file is the "jar" utility or one can use the facilities of their IDE to do so.
jar tvf filename.jar will show you the contents of a jar file without requiring you to extract it.
But I think that maybe what you are really trying to do is find the right coordinates for the dependency that you are missing, since obviously none of the ones you have right now are supplying the package you are looking for (in other words, checking their contents is not likely to help you).
I confess that the first place I would suggest to check is Sonatype's public Nexus instance. A search for your example turns up nothing, though. Usually that means the project is not trying to get their stuff into Maven Central or other major repositories (which is okay), so you have to resort to a web search. Usually the first two sections of the package tell you where to look (openanzo.org in your case).
If you are on Linux or a Mac, you could go to the terminal at the root of the folder containing your JARs and type:
# grep -ri "org.openanzo.client.jena" *
It will return a recursive list of all JAR files that contain that package name. If it returns 0 results, then none of those JARS contain that package.
If you wanted to do a more exhaustive search, you could unJAR the JAR files. The directory structure and .class files will be organized by packages in folders.
# jar xvf filename.jar
If you are on Windows, you can unJAR a JAR file using a tool such as 7Zip.
#Carsten
you do not have to rename a .jar file to .zip. You can directly open the jar file in winzip/or other zip utility (assuming windows OS)
#ashy_32bit
try using "jar class finder" eclipse plugin from IBM. Simple plugin for finding classes (if you know the class name)
OR
as carsten suggested... set the jar files as lib files and manually look it up
OR
create a batch file called a.bat (where you have all your jar files directly under a single folder) and paste the following 4 lines
#ECHO OFF
dir /b *.jar > allJarFilesList.txt
FOR /F %%A IN (allJarFilesList.txt) DO jar -tf %%A > list_of_packages.txt
FOR %%B IN (list_of_packages.txt) DO FIND /I "com/sun" %%B
NOTE the "com/sun" in the last line.. it is hard coded, you can pass as argument as well...
I know this is very basic form and can be improved "a lot" like looking up in various sub directories.
hope this helps :-)
.jar files are just ZIP compressed archives, rename it to zip, open it with your favourite unzip programm, and traverse through the directory.
If you add the jar file to a eclipse project, you can traverse through the lib in th project explorer.
HTH
Assuming maven downloaded the jar files,the files will be loaded in to a local repository.
You could use maven browser that comes packaged with Eclipse to browse and search for artifacts in your repository.(usually in userdir/.m2/repository)
Note:You can explore your repository directly if you want. You will understand the packages that were downloaded. But I suggest using the plugin.
If you are using Intellij IDEA, each project contains a tree called External Library that allows you to search and explore your libraries.