New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cyclic symlinks put dependency check into a loop. #285
Comments
I added an option to the CLI 1.2.12-SNAPSHOT so that you can specify the depth that symbolic links will be followed. Currently, the default value is 0 indicating symbolic links will not be followed. More testing of this patch are needed before I will close this issue. --Jeremy |
Thank you. I'll test it tomorrow and update with results. Quick thing I noticed while scanning the code: |
Manually merged the changes from 5b8d3de, 7b092f7. "--symLink" appears in the list of options, passed 0 to it to ignore symlinks. When I pass the files as "-s /my/path/*/.jar". In the console I get When I pass the files as "-s /my/path/**" or "-s /my/path/" it seems to go into the loop again, continuously writing to the log file "FINE: Path passed to scanFile(File) is not a file: /usr/local/apache/lib_php/php/lib_php/php......" |
Realized my mistake in the first patch; this should be fixed now. I'll test on my linux box in the next day or two. |
Thanks for reporting the bug. I have made one final tweak to the patch and have tested the patch. --Jeremy |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Stumbled upon an issue with cyclic symlink which puts dependency check into a loop
Scanning /usr/local/apache which has the following inside
/usr/local/apache/lib_php/
/usr/local/apache/lib_php/php -> ../lib_php
My command line looks like this
./bin/dependencycheck-cli.sh -a MyPrj -s /usr/local/apache/ -l MyPrj.log
Once it hits the "lib_php" it goes into a loop, writing continuously to the log file something like
"FINE: Path passed to scanFile(File) is not a file: /usr/local/apache/lib_php/php/lib_php/php......"
if I change the scan path to "/usr/local/apache/*/.jar" it stops writing to the log file but instead writes to the terminal: "Skipping symbolic link /usr/local/apache/lib_php/php/lib_php/php......" eventually running out of memory here DirectoryScanner.java:notFollowedSymlinks.add(file.getAbsolutePath());
I know killing the horse does not fix the leg but could there be a way to detect cyclic symlinks? or ignore symlinks all together? or have an ignore list where I can specify a path to ignore for during recursive scans?
The text was updated successfully, but these errors were encountered: