Option to disable log4J dependency download from Maven
101 views
Skip to first unread message
Renish K.R
Jan 24, 2024, 7:09:43 AMJan 24
to qaf users
Our company security team is not allowing us to run QAF framework because of the log4j 1.2.12 package download. VM vulnerability scanner picks up log4j vulnerability and blocks the VM. I can't find any entry in pom.xml except the log4j properties path. Any help in disabling log4j or upgrading to log4j 2 will be of great help.
cjayswal
Jan 24, 2024, 10:55:11 AMJan 24
to qaf users
Which version of qaf you are using?
Latest version doesn't have log4j dependency.
Renish K.R
Jan 24, 2024, 5:16:48 PMJan 24
to qaf users
I'm using QAF version "4.0.0-RC2". I have attached pom.xml below.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.qmetry</groupId>
<artifactId>qaf-blank-project-maven</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>qaf-blank-project-maven</name>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<testSuiteFile>config/testrun_config.xml</testSuiteFile>
<sourceVersion>1.8</sourceVersion>
<targetVersion>1.8</targetVersion>
<qaf.version>4.0.0-RC2</qaf.version>
<selenium.version>4.16.1</selenium.version>
<webdrivermanager.version>LATEST</webdrivermanager.version>
<test.results.dir>test-results</test.results.dir>
<run.time>${maven.build.timestamp}</run.time>
<lib.dir>${project.basedir}/lib</lib.dir>
<resource.dir>${project.basedir}/resources</resource.dir>
<output.dir>${test.results.dir}/${run.time}</output.dir>
<maven.build.timestamp.format>dd_MMM_yyyy_hh_mm_aa</maven.build.timestamp.format>
<testng.report.title>QAF Demo</testng.report.title>
</properties>
<repositories>
<repository>
<id>jai</id>
<url>https://repository.jboss.org/nexus/content/repositories/thirdparty-releases</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>${selenium.version}</version>
</dependency>
<dependency>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
<version>${qaf.version}</version>
</dependency>
<dependency>
<groupId>io.github.bonigarcia</groupId>
<artifactId>webdrivermanager</artifactId>
<version>${webdrivermanager.version}</version>
</dependency>
<dependency>
<groupId>com.qmetry</groupId>
<artifactId>qaf-support</artifactId>
<version>${qaf.version}</version>
<exclusions>
<exclusion>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- https://mvnrepository.com/artifact/com.aventstack/extentreports -->
<dependency>
<groupId>com.aventstack</groupId>
<artifactId>extentreports</artifactId>
<version>5.1.1</version>
</dependency>
<dependency>
<groupId>com.opencsv</groupId>
<artifactId>opencsv</artifactId>
<version>3.7</version>
</dependency>
<dependency>
<groupId>com.atlassian</groupId>
<artifactId>onetime</artifactId>
<version>2.0.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
<execution>
<id>repo-editor</id>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
<configuration>
<mainClass>com.qmetry.qaf.automation.tools.RepoEditor</mainClass>
<classpathScope>test</classpathScope>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerVersion>${sourceVersion}</compilerVersion>
<source>${sourceVersion}</source>
<target>${targetVersion}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<version>1.15.0</version>
<executions>
<execution>
<id>test-compile</id>
<goals>
<goal>test-compile</goal>
</goals>
</execution>
</executions>
<configuration>
<source>${sourceVersion}</source>
<target>${targetVersion}</target>
<showWeaveInfo>true</showWeaveInfo>
<complianceLevel>${sourceVersion}</complianceLevel>
<aspectLibraries>
<aspectLibrary>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
</aspectLibrary>
</aspectLibraries>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.9</version>
<configuration>
<suiteXmlFiles>
<suiteXmlFile>${testSuiteFile}</suiteXmlFile>
</suiteXmlFiles>
<reportsDirectory>${test.results.dir}/${run.time}</reportsDirectory>
<systemPropertyVariables>
<org.uncommons.reportng.xml-dialect>testng</org.uncommons.reportng.xml-dialect>
<org.uncommons.reportng.escape-output>false</org.uncommons.reportng.escape-output>
<log4j.configuration>file:///${resource.dir}/log4j.properties</log4j.configuration>
<outputDir>${output.dir}</outputDir>
<test.results.dir>${output.dir}/html</test.results.dir>
<json.report.root.dir>${test.results.dir}</json.report.root.dir>
<json.report.dir>${output.dir}/json</json.report.dir>
<selenium.screenshots.dir>${output.dir}/img</selenium.screenshots.dir>
<selenium.screenshots.relative.path>../img</selenium.screenshots.relative.path>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.eclipse.m2e</groupId>
<artifactId>lifecycle-mapping</artifactId>
<version>1.0.0</version>
<configuration>
<lifecycleMappingMetadata>
<pluginExecutions>
<pluginExecution>
<pluginExecutionFilter>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<versionRange>[1.0,)</versionRange>
<goals>
<goal>test-compile</goal>
<goal>compile</goal>
</goals>
</pluginExecutionFilter>
<action>
<execute />
</action>
</pluginExecution>
</pluginExecutions>
</lifecycleMappingMetadata>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.qmetry</groupId>
<artifactId>qaf-blank-project-maven</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>qaf-blank-project-maven</name>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<testSuiteFile>config/testrun_config.xml</testSuiteFile>
<sourceVersion>1.8</sourceVersion>
<targetVersion>1.8</targetVersion>
<qaf.version>4.0.0-RC2</qaf.version>
<selenium.version>4.16.1</selenium.version>
<webdrivermanager.version>LATEST</webdrivermanager.version>
<test.results.dir>test-results</test.results.dir>
<run.time>${maven.build.timestamp}</run.time>
<lib.dir>${project.basedir}/lib</lib.dir>
<resource.dir>${project.basedir}/resources</resource.dir>
<output.dir>${test.results.dir}/${run.time}</output.dir>
<maven.build.timestamp.format>dd_MMM_yyyy_hh_mm_aa</maven.build.timestamp.format>
<testng.report.title>QAF Demo</testng.report.title>
</properties>
<repositories>
<repository>
<id>jai</id>
<url>https://repository.jboss.org/nexus/content/repositories/thirdparty-releases</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>${selenium.version}</version>
</dependency>
<dependency>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
<version>${qaf.version}</version>
</dependency>
<dependency>
<groupId>io.github.bonigarcia</groupId>
<artifactId>webdrivermanager</artifactId>
<version>${webdrivermanager.version}</version>
</dependency>
<dependency>
<groupId>com.qmetry</groupId>
<artifactId>qaf-support</artifactId>
<version>${qaf.version}</version>
<exclusions>
<exclusion>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- https://mvnrepository.com/artifact/com.aventstack/extentreports -->
<dependency>
<groupId>com.aventstack</groupId>
<artifactId>extentreports</artifactId>
<version>5.1.1</version>
</dependency>
<dependency>
<groupId>com.opencsv</groupId>
<artifactId>opencsv</artifactId>
<version>3.7</version>
</dependency>
<dependency>
<groupId>com.atlassian</groupId>
<artifactId>onetime</artifactId>
<version>2.0.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
<execution>
<id>repo-editor</id>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
<configuration>
<mainClass>com.qmetry.qaf.automation.tools.RepoEditor</mainClass>
<classpathScope>test</classpathScope>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerVersion>${sourceVersion}</compilerVersion>
<source>${sourceVersion}</source>
<target>${targetVersion}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<version>1.15.0</version>
<executions>
<execution>
<id>test-compile</id>
<goals>
<goal>test-compile</goal>
</goals>
</execution>
</executions>
<configuration>
<source>${sourceVersion}</source>
<target>${targetVersion}</target>
<showWeaveInfo>true</showWeaveInfo>
<complianceLevel>${sourceVersion}</complianceLevel>
<aspectLibraries>
<aspectLibrary>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
</aspectLibrary>
</aspectLibraries>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.9</version>
<configuration>
<suiteXmlFiles>
<suiteXmlFile>${testSuiteFile}</suiteXmlFile>
</suiteXmlFiles>
<reportsDirectory>${test.results.dir}/${run.time}</reportsDirectory>
<systemPropertyVariables>
<org.uncommons.reportng.xml-dialect>testng</org.uncommons.reportng.xml-dialect>
<org.uncommons.reportng.escape-output>false</org.uncommons.reportng.escape-output>
<log4j.configuration>file:///${resource.dir}/log4j.properties</log4j.configuration>
<outputDir>${output.dir}</outputDir>
<test.results.dir>${output.dir}/html</test.results.dir>
<json.report.root.dir>${test.results.dir}</json.report.root.dir>
<json.report.dir>${output.dir}/json</json.report.dir>
<selenium.screenshots.dir>${output.dir}/img</selenium.screenshots.dir>
<selenium.screenshots.relative.path>../img</selenium.screenshots.relative.path>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.eclipse.m2e</groupId>
<artifactId>lifecycle-mapping</artifactId>
<version>1.0.0</version>
<configuration>
<lifecycleMappingMetadata>
<pluginExecutions>
<pluginExecution>
<pluginExecutionFilter>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<versionRange>[1.0,)</versionRange>
<goals>
<goal>test-compile</goal>
<goal>compile</goal>
</goals>
</pluginExecutionFilter>
<action>
<execute />
</action>
</pluginExecution>
</pluginExecutions>
</lifecycleMappingMetadata>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
cjayswal
Jan 25, 2024, 10:33:01 AMJan 25
to qaf users
You can remove
<log4j.configuration>file:///${resource.dir}/log4j.properties</log4j.configuration>
It is useless.
Renish K.R
Jan 25, 2024, 6:22:35 PMJan 25
to qaf users
It looks like the issue is with the entry below. Do you know if I need this? It is part of the blank maven project in the GitHub repo. Also, I would like to know the new logging option available in QAF.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<version>1.14.0</version>
<executions>
<execution>
<id>test-compile</id>
<goals>
<goal>test-compile</goal>
</goals>
</execution>
</executions>
<configuration>
<source>${sourceVersion}</source>
<target>${targetVersion}</target>
<showWeaveInfo>true</showWeaveInfo>
<complianceLevel>${sourceVersion}</complianceLevel>
<aspectLibraries>
<aspectLibrary>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
</aspectLibrary>
</aspectLibraries>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<executions>
<execution>
<id>test-compile</id>
<goals>
<goal>test-compile</goal>
</goals>
</execution>
</executions>
<configuration>
<source>${sourceVersion}</source>
<target>${targetVersion}</target>
<showWeaveInfo>true</showWeaveInfo>
<complianceLevel>${sourceVersion}</complianceLevel>
<aspectLibraries>
<aspectLibrary>
<groupId>com.qmetry</groupId>
<artifactId>qaf</artifactId>
</aspectLibrary>
</aspectLibraries>
</configuration>
</plugin>
cjayswal
Jan 27, 2024, 12:41:59 PMJan 27
to qaf users
Blank project is just for reference. You can modify your project dependencies, plugins and so on. BTW i don't think aspectj-maven-plugin has log4j dependency, make sure any other added dependencies doesn't have unwanted transient dependency.
Renish K.R
Jan 28, 2024, 11:16:55 PMJan 28
to qaf users
What is the logging mechanism used by QAF now? How can I log info in the terminal if Log4j is not used?
cjayswal
Feb 3, 2024, 10:41:29 PMFeb 3
to qaf users
Now, user can configure and use any logging framework of their choice. QAF doesn't force to use any specific logging framework.
Renish K.R
Feb 16, 2024, 6:35:02 AMFeb 16
to qaf users
Can you provide any example to implement log4j2 in QAF? It is not doing any QAF default loggings. Not sure whether I'm missing something.
# configuration syntax
status=ERROR
dest=err
name=PropertiesConfig
# publish console logs
appender.console.type=Console
appender.console.name=STDOUT
appender.console.layout.type=PatternLayout
appender.console.layout.pattern=[%-5level] %d{DEFAULT} %c:%L - %m%n
# capture logs
logger.app.name=com.ahq
logger.app.level=TRACE
logger.app.additivity=false
logger.app.appenderRef.console.ref=STDOUT
# root logger
rootLogger.level=info
I have added the following in Maven:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.22.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.22.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.22.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.22.1</version>
</dependency>
Also added a new property file (lo4j2,properties) inside resources:
# configuration syntax
status=ERROR
dest=err
name=PropertiesConfig
# publish console logs
appender.console.type=Console
appender.console.name=STDOUT
appender.console.layout.type=PatternLayout
appender.console.layout.pattern=[%-5level] %d{DEFAULT} %c:%L - %m%n
# capture logs
logger.app.name=com.ahq
logger.app.level=TRACE
logger.app.additivity=false
logger.app.appenderRef.console.ref=STDOUT
# root logger
rootLogger.level=info
Reply all
Reply to author
Forward
0 new messages