Source++ is an open-source live coding platform. Add breakpoints, logs, metrics, and tracing to live production applications

Related tags

Development Framework monitoring production live-coding debug developer-tools aop observability distributed-tracing skywalking
Overview

License GitHub release Build

Source++ is an open-source live coding platform. Add breakpoints, logs, metrics, and distributed tracing to live production software in real-time on-demand, right from your IDE or CLI.

Powered by Apache SkyWalking, Source++ enhances the software development experience with production debugging and development capabilities. Become a production-aware developer, understand code faster and deeper with developer-native observability technology, safely debug production applications with negligible to minimal overhead, and gain continuous insight into your application as it behaves in its natural environment.

Features

  • Live Instruments
    • Live Breakpoints: Non-Breaking Breakpoints
    • Live Logs: Just-in-Time Logging
    • Live Meters: Real-Time KPI Monitoring
    • Live Spans: User-Domain Tracing
  • Multi-instance debugging
  • Role-based access control
  • Instrument conditionals
  • Instrument TTL, sampling, rate limiting
  • Feedback whitelist/blacklist
  • PII redaction

Architecture

Get Started

Compiling Project

Follow this document.

Documentation

The Source++ documentation is available here.

Directory Structure

.
├── config              # Development setup, Detekt, etc.
├── docker              # Docker setup files
    ├── e2e             # End-to-end testing environment
    ├── spp-oap-server  # SkyWalking OAP (incl. Source++ processor) image
    └── spp-platform    # Live coding server image
├── documentation       # Documentation
├── gradle              # Gradle wrapper
├── interfaces          # Live coding clients
    ├── cli             # Command-line interface
    └── marker          # IDE plugin
├── platform            # Live coding server
    ├── common          # Common code
    ├── core            # Core code
    └── services        # Services
├── probes              # Live coding probes
    ├── jvm             # JVM support
    └── python          # Python support
├── processors          # Live coding processors
    ├── instrument      # Live instrument processing
    └── log-summary     # Log summary processing
└── protocol            # Communication protocol

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Please see the LICENSE file in our repository for the full text.

Comments
  • [auto-generated:-869634266] Unspecified error

    [auto-generated:-869634266] Unspecified error

    • Plugin Name: Source++
    • Plugin Version: 0.7.3.1
    • OS Name: Windows 11
    • Java Version: 17.0.4.1
    • App Name: IDEA
    • App Full Name: IntelliJ IDEA
    • App Version name: IntelliJ IDEA
    • Is EAP: false
    • App Build: IU-222.4345.14
    • App Version: 2022.2.3
    • Last Action: Unknown
    • title: [auto-generated:-869634266] Unspecified error
    Full StackTrace 
    
java.lang.NullPointerException
	at spp.jetbrains.marker.jvm.service.utils.JVMMarkerUtils.getFullyQualifiedName(JVMMarkerUtils.kt:561)
	at spp.jetbrains.marker.jvm.service.utils.JVMMarkerUtils.getFullyQualifiedName(JVMMarkerUtils.kt:389)
	at spp.jetbrains.marker.jvm.service.JVMArtifactNamingService.getFullyQualifiedName(JVMArtifactNamingService.kt:97)
	at spp.jetbrains.marker.service.ArtifactNamingService.getFullyQualifiedName(ArtifactNamingService.kt:56)
	at spp.jetbrains.marker.source.mark.api.ClassSourceMark.(ClassSourceMark.kt:45)
	at spp.jetbrains.marker.source.mark.guide.ClassGuideMark.(ClassGuideMark.kt:34)
	at spp.jetbrains.marker.source.SourceFileMarker.createClassSourceMark(SourceFileMarker.kt:317)
	at spp.jetbrains.marker.jvm.JVMGuideProvider.makeClassGuideMark$lambda-0(JVMGuideProvider.kt:64)
	at com.intellij.openapi.application.impl.ApplicationImpl.runReadAction(ApplicationImpl.java:915)
	at spp.jetbrains.marker.jvm.JVMGuideProvider.makeClassGuideMark(JVMGuideProvider.kt:58)
	at spp.jetbrains.marker.jvm.JVMGuideProvider.access$makeClassGuideMark(JVMGuideProvider.kt:33)
	at spp.jetbrains.marker.jvm.JVMGuideProvider$determineGuideMarks$1.visitElement(JVMGuideProvider.kt:48)
	at org.jetbrains.kotlin.psi.KtElementImplStub.accept(KtElementImplStub.java:52)
	at com.intellij.psi.impl.PsiElementBase.acceptChildren(PsiElementBase.java:58)
	at com.intellij.psi.JavaRecursiveElementVisitor.visitElement(JavaRecursiveElementVisitor.java:44)
	at spp.jetbrains.marker.jvm.JVMGuideProvider$determineGuideMarks$1.visitElement(JVMGuideProvider.kt:38)
	at org.jetbrains.kotlin.psi.KtElementImplStub.accept(KtElementImplStub.java:52)
	at com.intellij.psi.impl.PsiElementBase.acceptChildren(PsiElementBase.java:58)
	at com.intellij.psi.JavaRecursiveElementVisitor.visitElement(JavaRecursiveElementVisitor.java:44)
	at spp.jetbrains.marker.jvm.JVMGuideProvider$determineGuideMarks$1.visitElement(JVMGuideProvider.kt:38)
	at org.jetbrains.kotlin.psi.KtElementImplStub.accept(KtElementImplStub.java:52)
	at com.intellij.psi.impl.source.tree.SharedImplUtil.acceptChildren(SharedImplUtil.java:185)
	at com.intellij.psi.impl.source.PsiFileImpl.acceptChildren(PsiFileImpl.java:754)
	at spp.jetbrains.marker.jvm.JVMGuideProvider.determineGuideMarks(JVMGuideProvider.kt:36)
	at spp.jetbrains.marker.service.SourceGuideProvider$getProvider$1$1.determineGuideMarks(SourceGuideProvider.kt:50)
	at spp.jetbrains.marker.service.SourceGuideProvider.determineGuideMarks$lambda-6(SourceGuideProvider.kt:64)
	at com.intellij.openapi.application.ReadAction.lambda$run$1(ReadAction.java:59)
	at com.intellij.openapi.application.impl.ApplicationImpl.runReadAction(ApplicationImpl.java:941)
	at com.intellij.openapi.application.ReadAction.compute(ReadAction.java:68)
	at com.intellij.openapi.application.ReadAction.run(ReadAction.java:58)
	at spp.jetbrains.marker.service.SourceGuideProvider.determineGuideMarks(SourceGuideProvider.kt:61)
	at spp.jetbrains.marker.SourceMarker$getSourceFileMarker$1.invokeSuspend(SourceMarker.kt:104)
	at spp.jetbrains.marker.SourceMarker$getSourceFileMarker$1.invoke(SourceMarker.kt)
	at spp.jetbrains.marker.SourceMarker$getSourceFileMarker$1.invoke(SourceMarker.kt)
	at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1$1.invokeSuspend(ScopeExtensions.kt:61)
	at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1$1.invoke(ScopeExtensions.kt)
	at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1$1.invoke(ScopeExtensions.kt)
	at spp.jetbrains.ScopeExtensions.safeExecute(ScopeExtensions.kt:52)
	at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1.invokeSuspend(ScopeExtensions.kt:60)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)

    a:bug 
    opened by source-bot 5
  • Jetbrains plugin timing out

    Jetbrains plugin timing out

    I'm not sure if I set the platform up wrong, but I am getting errors in my IntelliJ logs:

    2022-07-20 18:19:48,634 [ 495191]   INFO - STDERR - (TIMEOUT,-1) Timed out after waiting 30000(ms) for a reply. address: __vertx.reply.334, repliedAddress: monitor.skywalking.service.currentService
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.eventbus.impl.ReplyHandler.handle(ReplyHandler.java:76)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.eventbus.impl.ReplyHandler.handle(ReplyHandler.java:24)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.VertxImpl$InternalTimerHandler.handle(VertxImpl.java:899)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.VertxImpl$InternalTimerHandler.handle(VertxImpl.java:866)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.EventLoopContext.emit(EventLoopContext.java:56)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.ContextImpl.emit(ContextImpl.java:274)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.EventLoopContext.emit(EventLoopContext.java:23)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.AbstractContext.emit(AbstractContext.java:53)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.EventLoopContext.emit(EventLoopContext.java:23)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.VertxImpl$InternalTimerHandler.run(VertxImpl.java:889)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:170)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:503)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at java.base/java.lang.Thread.run(Thread.java:829)

    I think I have the platform set up correctly because before these errors start, the plugin initializes successfully:

    2022-07-20 18:17:43,046 [ 369603]   INFO - STDOUT - 18:17:43.046 INFO  s.j.s.SourceMarkerPlugin - Discovering available services
2022-07-20 18:17:43,078 [ 369635]   INFO - STDOUT - 18:17:43.078 INFO  s.j.s.SourceMarkerPlugin - Live service available
2022-07-20 18:17:43,079 [ 369636]   INFO - STDOUT - 18:17:43.079 INFO  s.j.s.SourceMarkerPlugin - Live instruments available
2022-07-20 18:17:43,084 [ 369641]   INFO - STDOUT - 18:17:43.084 INFO  s.j.m.SourceMarker - Adding global source mark event listener: spp.jetbrains.sourcemarker.status.LiveStatusManager@6e5e403c
2022-07-20 18:17:43,092 [ 369649]   INFO - STDOUT - 18:17:43.091 INFO  s.j.s.SourceMarkerPlugin - Live views available
2022-07-20 18:17:43,092 [ 369649]   INFO - STDOUT - 18:17:43.092 DEBUG s.j.m.s.SkywalkingMonitor - Setting up Apache SkyWalking monitor
2022-07-20 18:17:43,093 [ 369650]   INFO - STDOUT - 18:17:43.093 DEBUG s.j.m.s.SkywalkingMonitor - Apache SkyWalking server: http://localhost:12800/graphql
2022-07-20 18:17:43,117 [ 369674]   INFO - STDOUT - 18:17:43.116 INFO  s.j.m.s.SkywalkingClient - Registering Apache SkyWalking codecs
2022-07-20 18:17:43,118 [ 369675]   INFO - STDOUT - 18:17:43.118 INFO  s.j.m.s.SkywalkingMonitor - Successfully setup Apache SkyWalking monitor
2022-07-20 18:17:43,119 [ 369676]   INFO - STDOUT - 18:17:43.118 INFO  s.j.s.p.PortalController - Initializing portal
2022-07-20 18:17:43,119 [ 369676]   INFO - STDOUT - 18:17:43.119 INFO  s.j.s.p.PortalController - Initializing portal server
2022-07-20 18:17:43,125 [ 369682]   INFO - STDOUT - 18:17:43.124 INFO  s.j.s.p.PortalController - Portal server initialized
2022-07-20 18:17:43,125 [ 369682]   INFO - STDOUT - 18:17:43.125 INFO  s.j.m.SourceMarker - Adding global source mark event listener: spp.jetbrains.sourcemarker.portal.PortalController$$Lambda$4783/0x00000001030c3440@63159e7c
2022-07-20 18:17:43,125 [ 369682]   INFO - STDOUT - 18:17:43.125 INFO  s.j.s.p.PortalController - Portal initialized
2022-07-20 18:17:43,134 [ 369691]   INFO - STDOUT - 18:17:43.134 INFO  s.j.s.s.LiveInstrumentManager - Found 0 active live status bars
    a:bug in:interface-jetbrains 
    opened by MrMineO5 5
  • Live Instrument integration testing

    Live Instrument integration testing

    @abdlquadri, take a look at https://github.com/sourceplusplus/live-platform/blob/master/platform/processor/live-instrument/src/test/kotlin/integration/SimplePrimitivesLiveInstrumentTest.kt for the new live instrument integration test structure.

    This is a self-contained test that adds a live breakpoint to itself and verifies data types and values. It uses dynamic line numbers through the use of addLineLabel(labelName). This allows you to build tests without having to worry about line numbers changing and supports adding multiple line number labels for more complex tests.

    I'll add more tests as I think of them but to get started please add tests verifying:

    Live Breakpoint

    • [x] Arrays and lists of each primitive type works
    • [x] Datatypes defined in LiveVariablePresentation are formatted correctly
    • [x] Multiple breakpoints can be placed one line number apart
    • [x] Multiple breakpoints can be placed on the same line number
    • [x] Large objects get rejected (search this repo for TWO_MB_ARR for an example of a large object)
    • [x] Deep objects get rejected (e.x. an object that contains an object four layers deep)
    • [x] Verify throttle works (LiveBreakpoint.throttle)
    • [x] Verify meta propagates (LiveBreakpoint.meta)
    • [x] Verify hit limit works (LiveBreakpoint.hitLimit)
    • [x] Verify expires at works (LiveBreakpoint.expiresAt)
    • [x] Verify condition works (LiveBreakpoint.condition)

    Live Log

    • [x] Ensure primitive types format correctly

    Live Meter

    • [ ] todo

    Live Span

    • [ ] todo

    If you need me to clarify anything, please let me know.

    to:live-instrument in:live-platform a:test 
    opened by BFergerson 4
  • Storage module tests

    Storage module tests

    Storage Module Integration Tests

    Description

    Adds

    1. integration.BaseStorageITTest,

    2. integration.MemoryStorageITTest and

    3. integration.RedisStorageITTest

    in order to verify storage module functions in both spp.platform.storage.MemoryStorage and spp.platform.storage.RedisStorage

    opened by abdlquadri 4
  • Platform error after getting redirected from login

    Platform error after getting redirected from login

    When logging in on the http port I got redirected to /auth with the body "Internal server error", this issue did not occur again after reloading the page, so it may only happen sometimes. See the stacktrace below.

    2022-07-26 17:31:36,045 - spp.platform.core.SourcePlatform -121844 [vert.x-eventloop-thread-7] ERROR [] - Failed request: /auth
java.lang.IllegalStateException: Request has already been read
        at io.vertx.core.http.impl.Http1xServerRequest.checkEnded(Http1xServerRequest.java:651) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.http.impl.Http1xServerRequest.handler(Http1xServerRequest.java:292) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.HttpServerRequestWrapper.handler(HttpServerRequestWrapper.java:104) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.handler.impl.BodyHandlerImpl.handle(BodyHandlerImpl.java:128) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.handler.impl.BodyHandlerImpl.handle(BodyHandlerImpl.java:46) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1267) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:126) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.handler.impl.SessionHandlerImpl.lambda$handle$6(SessionHandlerImpl.java:301) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.impl.future.FutureImpl$1.onSuccess(FutureImpl.java:91) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.impl.future.FutureImpl$ListenerArray.onSuccess(FutureImpl.java:262) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.impl.future.FutureBase.lambda$emitSuccess$0(FutureBase.java:54) ~[spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:503) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:995) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [spp-platform-core-0.5.5.jar:?]
        at java.lang.Thread.run(Unknown Source) [?:?]
    a:bug in:live-platform 
    opened by MrMineO5 4
  • Bump io.gitlab.arturbosch.detekt from 1.18.1 to 1.19.0

    Bump io.gitlab.arturbosch.detekt from 1.18.1 to 1.19.0

    Bumps io.gitlab.arturbosch.detekt from 1.18.1 to 1.19.0.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 4
  • Bump junit-jupiter-engine from 5.7.2 to 5.8.0

    Bump junit-jupiter-engine from 5.7.2 to 5.8.0

    Bumps junit-jupiter-engine from 5.7.2 to 5.8.0.

    Release notes

    Sourced from junit-jupiter-engine's releases.

    JUnit 5.8.0 = Platform 1.8.0 + Jupiter 5.8.0 + Vintage 5.8.0

    See Release Notes.

    JUnit 5.8.0-RC1 = Platform 1.8.0-RC1 + Jupiter 5.8.0-RC1 + Vintage 5.8.0-RC1

    See Release Notes.

    JUnit 5.8.0-M1 = Platform 1.8.0-M1 + Jupiter 5.8.0-M1 + Vintage 5.8.0-M1

    See Release Notes.

    Commits
    • 709fd6e Release 5.8
    • fa74055 Use text block
    • d36ea28 Declare service in module descriptor
    • 6c0bf02 Fix modular user guide tests by reading module jdk.httpserver
    • b6dff0d Add LauncherSessionListener example to user guide
    • 439084d Polish documentation for 5.8 GA
    • fa021ed Document published dependency scope change as potentially breaking
    • efb980c Polishing
    • 0bd6feb Remove link to package private class in Javadoc
    • 75538a7 Document that autoCloseArguments in @​ParameterizedTest is a potentially break...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 4
  • graphql-java-18.1.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

    graphql-java-18.1.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

    Vulnerable Library - graphql-java-18.1.jar

    GraphqL Java

    Path to dependency file: /platform/processor/live-instrument/build.gradle.kts

    Path to vulnerable library: /caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar

    Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

    Vulnerabilities

    | CVE | Severity | CVSS | Dependency | Type | Fixed in (graphql-java version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-37734 | High | 7.5 | graphql-java-18.1.jar | Direct | 18.3 | ❌ |

    Details

    CVE-2022-37734

    Vulnerable Library - graphql-java-18.1.jar

    GraphqL Java

    Path to dependency file: /platform/processor/live-instrument/build.gradle.kts

    Path to vulnerable library: /caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar

    Dependency Hierarchy:

    • :x: graphql-java-18.1.jar (Vulnerable Library)

    Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

    Found in base branch: master

    Vulnerability Details

    graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.

    Publish Date: 2022-09-12

    URL: CVE-2022-37734

    CVSS 3 Score Details (7.5)

    Base Score Metrics:

    • Exploitability Metrics:
      • Attack Vector: Network
      • Attack Complexity: Low
      • Privileges Required: None
      • User Interaction: None
      • Scope: Unchanged
    • Impact Metrics:
      • Confidentiality Impact: None
      • Integrity Impact: None
      • Availability Impact: High

    For more information on CVSS3 Scores, click here.

    Suggested Fix

    Type: Upgrade version

    Release Date: 2022-09-12

    Fix Resolution: 18.3

    Step up your Open Source Security Game with Mend here

    security vulnerability 
    opened by mend-bolt-for-github[bot] 3
  • jackson-databind-2.13.4.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

    jackson-databind-2.13.4.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

    Vulnerable Library - jackson-databind-2.13.4.jar

    General data-binding functionality for Jackson: works on core streaming API

    Library home page: http://github.com/FasterXML/jackson

    Path to dependency file: /platform/common/build.gradle.kts

    Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar

    Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

    Vulnerabilities

    | CVE | Severity | CVSS | Dependency | Type | Fixed in (jackson-databind version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-42003 | High | 7.5 | jackson-databind-2.13.4.jar | Direct | 2.13.4.1 | ❌ |

    Details

    CVE-2022-42003

    Vulnerable Library - jackson-databind-2.13.4.jar

    General data-binding functionality for Jackson: works on core streaming API

    Library home page: http://github.com/FasterXML/jackson

    Path to dependency file: /platform/common/build.gradle.kts

    Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar

    Dependency Hierarchy:

    • :x: jackson-databind-2.13.4.jar (Vulnerable Library)

    Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

    Found in base branch: master

    Vulnerability Details

    In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1

    Publish Date: 2022-10-02

    URL: CVE-2022-42003

    CVSS 3 Score Details (7.5)

    Base Score Metrics:

    • Exploitability Metrics:
      • Attack Vector: Network
      • Attack Complexity: Low
      • Privileges Required: None
      • User Interaction: None
      • Scope: Unchanged
    • Impact Metrics:
      • Confidentiality Impact: None
      • Integrity Impact: None
      • Availability Impact: High

    For more information on CVSS3 Scores, click here.

    Suggested Fix

    Type: Upgrade version

    Release Date: 2022-10-02

    Fix Resolution: 2.13.4.1

    Step up your Open Source Security Game with Mend here

    security vulnerability 
    opened by mend-bolt-for-github[bot] 3
  • Variable reference presentations differ from referenced variables

    Variable reference presentations differ from referenced variables 

    package spp.example.webapp.edge;

import org.springframework.stereotype.Component;

import javax.annotation.PostConstruct;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;

@Component
public class SingletonSelfReference implements Runnable {

    SingletonSelfReference selfReference;
    int i = 1;
    char c = 'h';
    String s = "hi";
    float f = 1.0f;
    long max = Long.MAX_VALUE;
    byte b = -2;
    short sh = Short.MIN_VALUE;
    double d = 00.23d;
    boolean bool = true;

    class ComplexObject {
        int i = 1;
    }
    ComplexObject complexObject = new ComplexObject();

    @PostConstruct
    public void init() {
        selfReference = this;
        ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor();
        executorService.scheduleAtFixedRate(this, 0, 2, TimeUnit.SECONDS);
    }

    @Override
    public void run() {
        System.out.println(selfReference);
    }
}

    image

    a:bug in:interface-jetbrains in:probe-jvm of:small-effort 
    opened by BFergerson 3
  • Fields that are not exported by their module cause the parent object to fail

    Fields that are not exported by their module cause the parent object to fail

    When the JVM probe generates debug information for objects, it reads their fields. If one of those fields is not exported, the entire object is marked with EXCEPTION_OCCURRED rather than just that field. Unable to make field sun.net.httpserver.ExchangeImpl sun.net.httpserver.HttpExchangeImpl.impl accessible: module jdk.httpserver does not "opens sun.net.httpserver" to unnamed module @2da3b078

    a:bug in:probe-jvm of:medium-effort 
    opened by MrMineO5 3
  • [auto-generated:576460491] Unspecified error

    [auto-generated:576460491] Unspecified error

    • Plugin Name: Source++
    • Plugin Version: 0.7.6.1
    • OS Name: Windows 10
    • Java Version: 17.0.5
    • App Name: PyCharm
    • App Full Name: PyCharm
    • App Version name: PyCharm
    • Is EAP: false
    • App Build: PY-223.8214.51
    • App Version: 2022.3.1
    • Last Action: Unknown
    • title: [auto-generated:576460491] Unspecified error
    Full StackTrace 
    
java.lang.NullPointerException
	at liveplugin.implementation.common.Ide_utilKt$livePluginNotificationGroup$2.invoke(ide-util.kt:45)
	at liveplugin.implementation.common.Ide_utilKt$livePluginNotificationGroup$2.invoke(ide-util.kt:44)
	at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
	at liveplugin.implementation.common.Ide_utilKt.getLivePluginNotificationGroup(ide-util.kt:44)
	at liveplugin.implementation.LivePluginProjectLoader.projectOpened(LivePluginProjectLoader.kt:34)
	at spp.jetbrains.sourcemarker.SourceMarkerPlugin.init(SourceMarkerPlugin.kt:160)
	at spp.jetbrains.sourcemarker.SourceMarkerPlugin.init$default(SourceMarkerPlugin.kt:140)
	at spp.jetbrains.sourcemarker.SourceMarkerPlugin$runActivity$1.invokeSuspend(SourceMarkerPlugin.kt:136)
	at spp.jetbrains.sourcemarker.SourceMarkerPlugin$runActivity$1.invoke(SourceMarkerPlugin.kt)
	at spp.jetbrains.sourcemarker.SourceMarkerPlugin$runActivity$1.invoke(SourceMarkerPlugin.kt)
	at spp.jetbrains.ScopeExtensions$safeRunBlocking$1.invokeSuspend(ScopeExtensions.kt:31)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
	at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
	at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
	at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
	at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
	at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
	at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
	at spp.jetbrains.ScopeExtensions.safeRunBlocking(ScopeExtensions.kt:29)
	at spp.jetbrains.sourcemarker.SourceMarkerPlugin.runActivity(SourceMarkerPlugin.kt:136)
	at com.intellij.ide.startup.impl.StartupManagerImpl.runActivityAndMeasureDuration(StartupManagerImpl.kt:340)
	at com.intellij.ide.startup.impl.StartupManagerImpl.access$runActivityAndMeasureDuration(StartupManagerImpl.kt:66)
	at com.intellij.ide.startup.impl.StartupManagerImpl$runPostStartupActivities$2$3.invoke$lambda$0(StartupManagerImpl.kt:295)
	at com.intellij.openapi.project.DumbServiceImpl.doRun(DumbServiceImpl.java:388)
	at com.intellij.openapi.project.DumbServiceImpl.updateFinished(DumbServiceImpl.java:380)
	at com.intellij.openapi.project.TrackedEdtActivityService$TrackedEdtActivity.run(TrackedEdtActivityService.java:66)
	at com.intellij.openapi.application.TransactionGuardImpl.runWithWritingAllowed(TransactionGuardImpl.java:209)
	at com.intellij.openapi.application.TransactionGuardImpl.access$100(TransactionGuardImpl.java:21)
	at com.intellij.openapi.application.TransactionGuardImpl$1.run(TransactionGuardImpl.java:191)
	at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:813)
	at com.intellij.openapi.application.impl.ApplicationImpl$3.run(ApplicationImpl.java:429)
	at com.intellij.openapi.application.impl.FlushQueue.doRun(FlushQueue.java:74)
	at com.intellij.openapi.application.impl.FlushQueue.runNextEvent(FlushQueue.java:114)
	at com.intellij.openapi.application.impl.FlushQueue.flushNow(FlushQueue.java:36)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:779)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:730)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:724)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:749)
	at com.intellij.ide.IdeEventQueue.defaultDispatchEvent(IdeEventQueue.java:909)
	at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.java:756)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$5(IdeEventQueue.java:437)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:772)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$6(IdeEventQueue.java:436)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:105)
	at com.intellij.ide.IdeEventQueue.performActivity(IdeEventQueue.java:615)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$7(IdeEventQueue.java:434)
	at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:813)
	at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.java:480)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)

    a:bug in:interface-jetbrains 
    opened by source-bot 0
  • server-core-9.3.0.jar: 1 vulnerabilities (highest severity is: 9.8)

    server-core-9.3.0.jar: 1 vulnerabilities (highest severity is: 9.8)

    Vulnerable Library - server-core-9.3.0.jar

    Path to dependency file: /platform/processor/live-instrument/build.gradle.kts

    Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

    Found in HEAD commit: 49415828fea9410c30058b2d511a068285856cc6

    Vulnerabilities

    | CVE | Severity | CVSS | Dependency | Type | Fixed in (server-core version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-1471 | High | 9.8 | snakeyaml-1.33.jar | Transitive | N/A* | ❌ |

    *For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

    Details

    CVE-2022-1471

    Vulnerable Library - snakeyaml-1.33.jar

    YAML 1.1 parser and emitter for Java

    Library home page: https://bitbucket.org/snakeyaml/snakeyaml

    Path to dependency file: /platform/processor/live-view/build.gradle.kts

    Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

    Dependency Hierarchy:

    • server-core-9.3.0.jar (Root Library)
      • :x: snakeyaml-1.33.jar (Vulnerable Library)

    Found in HEAD commit: 49415828fea9410c30058b2d511a068285856cc6

    Found in base branch: master

    Vulnerability Details

    SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.

    Publish Date: 2022-12-01

    URL: CVE-2022-1471

    CVSS 3 Score Details (9.8)

    Base Score Metrics:

    • Exploitability Metrics:
      • Attack Vector: Network
      • Attack Complexity: Low
      • Privileges Required: None
      • User Interaction: None
      • Scope: Unchanged
    • Impact Metrics:
      • Confidentiality Impact: High
      • Integrity Impact: High
      • Availability Impact: High

    For more information on CVSS3 Scores, click here.

    Step up your Open Source Security Game with Mend here

    security vulnerability 
    opened by mend-bolt-for-github[bot] 0
Releases(0.7.6.1)
Owner
Source++
The open-source live coding platform
Source++
GitHub
A small, yet full-featured framework that allows building View-based Android applications

Conductor A small, yet full-featured framework that allows building View-based Android applications. Conductor provides a light-weight wrapper around

BlueLine Labs 3.9k Jan 6, 2023
Rosie is an Android framework to create applications following the principles of Clean Architecture.

Rosie The only way to make the deadline—the only way to go fast—is to keep the code as clean as possible at all times. — Robert C. Martin in Clean Cod

Karumi 1.8k Dec 28, 2022
A full-featured framework that allows building android applications following the principles of Clean Architecture.

EasyMVP A powerful, and very simple MVP library with annotation processing and bytecode weaving. EasyMVP eliminates the boilerplate code for dealing w

null 1.3k Nov 19, 2022
Add new features for reverse engineering, such as: renaming of classes, fields, methods, variables, reference graphs and more.

Super JADX features Add new features for reverse engineering, such as: renaming of classes, fields, methods, variables, reference graphs and more. bas

null 284 Dec 28, 2022
A data-binding Presentation Model(MVVM) framework for the Android platform.

PLEASE NOTE, THIS PROJECT IS NO LONGER BEING MAINTAINED. As personal time contraints, I am currently unable to keep up. Please use official android da

RoboBinding open source 1.3k Dec 9, 2022
Cross-platform framework for building truly native mobile apps with Java or Kotlin. Write Once Run Anywhere support for iOS, Android, Desktop & Web.

Codename One - Cross Platform Native Apps with Java or Kotlin Codename One is a mobile first cross platform environment for Java and Kotlin developers

Codename One 1.4k Dec 23, 2022
The most complete and powerful data-binding library and persistence infra for Kotlin 1.3, Android & Splitties Views DSL, JavaFX & TornadoFX, JSON, JDBC & SQLite, SharedPreferences.

Lychee (ex. reactive-properties) Lychee is a library to rule all the data. ToC Approach to declaring data Properties Other data-binding libraries Prop

Mike 112 Dec 9, 2022
Android common lib, include ImageCache, HttpCache, DropDownListView, DownloadManager, Utils and so on

android-common-lib 关于我,欢迎关注 微博:Trinea 主页:trinea.cn 邮箱:trinea.cn#gmail.com 微信:codek2 主要包括:缓存(图片缓存、预取缓存、网络缓存)、公共View(下拉及底部加载更多ListView、底部加载更多ScrollView、

Trinea 5k Dec 30, 2022
A Job Queue specifically written for Android to easily schedule jobs (tasks) that run in the background, improving UX and application stability.

This Project is Deprecated! Thanks to everybody who've used Android Priority JobQueue. It was designed in a world where there was no JobScheduler, RxJ

Yigit Boyar 3.4k Dec 31, 2022
🚀Plugin for Android Studio And IntelliJ Idea to generate Kotlin data class code from JSON text ( Json to Kotlin )

JsonToKotlinClass Hi, Welcome! This is a plugin to generate Kotlin data class from JSON string, in another word, a plugin that converts JSON string to

Seal 2.8k Jan 3, 2023
Android app built with MVP architectural approach and uses Marvel Comics API that allows developers everywhere to access information about Marvel's vast library of comics. :zap:

Villains & Heroes Android app built with MVP architectural approach and uses Marvel Comics API that allows developers everywhere to access information

André Mion 53 Jul 13, 2022
kotlin-core - A full framework for making Android apps. Based on Anko and Kotson.

kotlin-core This package is not Android-specific, and can be used across platforms. However, for a good example of use in Android, take a look at kotl

Lightning Kite 36 Oct 3, 2022
A fully-customizable Open-Source Android application platform with plethora of animation and customizations for all kinds of community events like technical fests, college programs and competitions. Modify and Build as per your requirements without coding from scratch!.

College Fest Application A fully-customizable Open-Source Android application platform with plethora of animation and customizations for all kinds of

Google Developer Student Clubs - JGEC 11 Oct 12, 2021
An open source application to make your own android applications without coding!

Stif An Open source project for building Android Application at a go both with and without coding. This project was inspired from Scratch and Sketchwa

Nethical org 5 Aug 28, 2021
Open-source weight and body metrics tracker, with support for Bluetooth scales

Open-source weight and body metrics tracker, with support for Bluetooth scales

OliE 1.3k Jan 4, 2023
Android-coding-challenge - Vien Health Android coding challenge

Vien Health Android coding challenge Tasks There's a series of tasks to complete

Ezekiel Sebastine 1 Jun 27, 2022
An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.

Maintained by SEA team, ThoughtWorks Inc. Read this in other languages: English, 简体中文 Table of Contents About the Project Usage How to Compute Contrib

Thoughtworks 277 Jan 7, 2023
Team management service is a production ready and fully tested service that can be used as a template for a microservices development.

team-mgmt-service Description Team management service is a production ready and fully tested service that can be used as a template for a microservice

Albert Llousas Ortiz 18 Oct 10, 2022
Android app for implementing vision transformer(computationally heavy) in production.

Android app for implementing vision transformer(computationally heavy) in production.

Mann Patel 3 Nov 14, 2022
Trail is a simple logging system for Java and Android. Create logs using the same API and the library will detect automatically in which platform the code is running.

Trail Trail is a simple logging system for Java and Android. Create logs using the same API and the library will detect automatically in which platfor

Mauricio Togneri 13 Aug 29, 2022