Dependencycheck: Quitting dependency-check during an update leaves stale lock file

Created on 8 Dec 2017  路  6Comments  路  Source: jeremylong/DependencyCheck

Launch dependency-check and, while it is performing a database update, press CTRL-C to quit the process. Immediately launch dependency-check again and the tool hangs after printing:

[dependency-check] SLF4J: Class path contains multiple SLF4J bindings.
[dependency-check] SLF4J: Found binding in [jar:file:/Users/chris/packages/dependency-check-ant/dependency-check-ant.jar!/org/slf4j/impl/StaticLoggerBinder.class]
[dependency-check] SLF4J: Found binding in [jar:file:/Users/chris/packages/dependency-check-ant/lib/dependency-check-ant-3.0.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
[dependency-check] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
[dependency-check] SLF4J: Actual binding is of type [org.owasp.dependencycheck.ant.logging.AntLoggerFactory]

A bit of Googling led me to this issue: https://github.com/jeremylong/DependencyCheck/issues/1000

Deleting the lock file allowed me to resume my work.

It would be nice if dependency-check would clean-up after itself in case it gets interrupted. (If possible). Otherwise, perhaps https://github.com/jeremylong/DependencyCheck/issues/1000 is enough to mitigate this problem.

I happen to be using the Apache ant task, if that makes any difference.

(Thanks for the great tool!)

bug enhancement
Source
picture ChristopherSchultz

All 6 comments

I'll do some research on this one - some changes that need to be made are updating the error reporting per issue #1000 and updating the purge task (and related) to remove the lock file.

jeremylong picture jeremylong on 10 Dec 2017
👍1

I haven't dived into the code for dependency-check. If it's somewhat straightforward, I might be able to produce a PR.

ChristopherSchultz picture ChristopherSchultz on 11 Dec 2017

Thanks for reporting this issue - I got to learn something new regarding shutdown hooks. This makes ODC much more stable!

jeremylong picture jeremylong on 12 Dec 2017
🎉1

Thanks for the quick response!

ChristopherSchultz picture ChristopherSchultz on 12 Dec 2017

Hello,

Are we planning to handle these stale locks on KILL signals? Am I wrong to point out this solution only handles SIGINT?

djjorjinho picture djjorjinho on 13 Jul 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 27 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jkrusic19 picture jkrusic19  路  3Comments
dnet picture dnet  路  3Comments
benji picture benji  路  3Comments
tediroca picture tediroca  路  3Comments
aravindparappil46 picture aravindparappil46  路  4Comments