Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

spotlessXmlApply task is never completing #308

Closed
JLLeitschuh opened this issue Oct 5, 2018 · 18 comments
Closed

spotlessXmlApply task is never completing #308

JLLeitschuh opened this issue Oct 5, 2018 · 18 comments
Labels

Comments

@JLLeitschuh
Copy link
Member

Running ./gradlew spotlessXmlApply the :spotlessXml task is never completing.

spotless {
    xml {
        eclipse()
    }
}

This is a little bit of the output running with the gradle --info flag:

All projects evaluated.
Selected primary task ':spotlessXmlApply' from project :
Tasks to be executed: [task ':spotlessXml', task ':spotlessXmlApply']
:spotlessXml (Thread[Task worker for ':',5,main]) started.

> Task :spotlessXml
Caching disabled for task ':spotlessXml': Caching has not been enabled for the task
Task ':spotlessXml' is not up-to-date because:
  No history is available.
All input files are considered out-of-date for incremental task ':spotlessXml'.
<-------------> 0% EXECUTING [1m 17s]
> :spotlessXml

After this, the process gets hung up.

Spotless version: 3.15.0.

------------------------------------------------------------
Gradle 4.10.1
------------------------------------------------------------

Build time:   2018-09-12 11:33:27 UTC
Revision:     76c9179ea9bddc32810f9125ad97c3315c544919

Kotlin DSL:   1.0-rc-6
Kotlin:       1.2.61
Groovy:       2.4.15
Ant:          Apache Ant(TM) version 1.9.11 compiled on March 23 2018
JVM:          1.8.0_92 (Oracle Corporation 25.92-b14)
OS:           Mac OS X 10.13.6 x86_64

@fvgh
Copy link
Member

fvgh commented Oct 5, 2018

@JLLeitschuh Do you have a little bit more input. I applied the formatter in spotlessSelf.gradle and also in a small sample.

@JLLeitschuh
Copy link
Member Author

This might be caused by spotless trying to format a file that is opened by another process? Is there any way I could tell that?

@fvgh
Copy link
Member

fvgh commented Oct 8, 2018 via email

@JLLeitschuh
Copy link
Member Author

It's listed in the original issue, but anyways: OS: Mac OS X 10.13.6 x86_64.

@fvgh
Copy link
Member

fvgh commented Oct 8, 2018 via email

@fvgh
Copy link
Member

fvgh commented Oct 9, 2018 via email

@JLLeitschuh
Copy link
Member Author

Why would the formatter/linter be downloading the XSD or DTD's? I want my formatter to format, not ensure that the XML is valid.

@fvgh
Copy link
Member

fvgh commented Oct 9, 2018 via email

@nedtwigg nedtwigg added the bug label Oct 16, 2018
@fvgh
Copy link
Member

fvgh commented Oct 20, 2018

@JLLeitschuh I was quite busy the last two weeks. With my small sample, I was not able to reproduce the problem, but I found that the debug output from gradle is quite good. In my example I get the following debug output:

> Task :spotlessXml 
12:48:54.667 [DEBUG] [sun.net.www.protocol.http.HttpURLConnection] sun.net.www.MessageHeader@58202e3d5 pairs: {GET http://java.sun.com/xml/ns/javaee/javaee_5.xsd HTTP/1.1: null}{User-Agent: Java/1.8.0_181}{Host: java.sun.com}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Proxy-Connection: keep-alive}
12:48:55.012 [DEBUG] [sun.net.www.protocol.http.HttpURLConnection] sun.net.www.MessageHeader@7ed3c1b89 pairs: {null: HTTP/1.1 301 Moved Permanently}{Location: http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/javaee_5.xsd}{Server: BigIP}{Content-Length: 0}{Date: Sat, 20 Oct 2018 10:48:55 GMT}{X-Cache: MISS from ###)}{Connection: keep-alive}
12:48:55.013 [DEBUG] [sun.net.www.protocol.http.HttpURLConnection] Redirected from http://java.sun.com/xml/ns/javaee/javaee_5.xsd to http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/javaee_5.xsd
12:48:55.014 [DEBUG] [sun.net.www.protocol.http.HttpURLConnection] sun.net.www.MessageHeader@58202e3d5 pairs: {GET http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/javaee_5.xsd HTTP/1.1: null}{User-Agent: Java/1.8.0_181}{Host: www.oracle.com}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Proxy-Connection: keep-alive}
...

Can you provide your output? Maybe it gives me a better idea, where the problem might be...

@JLLeitschuh
Copy link
Member Author

I'll see what I can do on monday, sure.

@DJViking
Copy link

I experienced the same problem using spotless-gradle-plugin 3.15. It would not do any formatting.

spotless {
    xml {
        indentWithSpaces(2)
    }
}

Moving to a newer spotless 3.18 that now has changed the XML configuration to eclipseWtp I now can format my XML again.

spotless {
    format 'xml', {
        target fileTree('.') {
            include '**/*.xml', '**/*.xsd'
            exclude '**/build/**'
        }

        eclipseWtp('xml').configFile 'config/spotless/spotless.xml.prefs'
    }
}

Sadly though it does more than I want, when using the eclipse configuration. In comparison with xmllint, it breaks lines after the lineWidth, and it formats comment sections making them "ugly" and unreadable.

The lineWidth problem I can circumvent by setting it to a high value 500.
However I have not yet found a way for it to avoid formatting comments.

@fvgh
Copy link
Member

fvgh commented Feb 13, 2019

@DJViking I am surprised to hear that the formatting did not work with spotless-gradle-plugin 3.15. As stated before, I was never able to reproduce the problem. For spotless-gradle-plugin 3.18 nothing has changed on the XML processor, except the scripting syntax. But the old syntax is still supported. Both syntax using internally the same functions. I would really appreciate some trace logs from gradle demonstrating the problem.

About the "ugly and unreadable" formatting:
I am afraid, I cannot do anything about it. I would recommend that you use Eclipse to find configuration settings that suites you. Anyhow, you can disable comment formatting by:
formatCommentText=false

The properties you configure in the Eclipse GUI are stored in
.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.xml.core.prefs

@JLLeitschuh
Copy link
Member Author

JLLeitschuh commented Feb 13, 2019

12:48:55.013 [DEBUG] [sun.net.www.protocol.http.HttpURLConnection] Redirected from http://java.sun.com/xml/ns/javaee/javaee_5.xsd to http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/javaee_5.xsd

Hold on. @fvgh. If you're seeing HTTP get requests inside of your XML parser that means that the parser is vulnerable to XXE.

We need to fix this so that the spotless XML formatter is not making external entity requests.

We can't have our linting infrastructure making web requests. Especially web requests over HTTP as those can be maliciously intercepted by a MITM.

Here's an example where this has been a serious problem in the past.

https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/

CC: @nedtwigg

@DJViking
Copy link

DJViking commented Feb 13, 2019

About the "ugly and unreadable" formatting:
I am afraid, I cannot do anything about it. I would recommend that you use Eclipse to find configuration settings that suites you. Anyhow, you can disable comment formatting by:
formatCommentText=false

Thanks for the heads up. It was there all along in Eclipse, staring me right in the face, but I did not see it.

@fvgh
Copy link
Member

fvgh commented Feb 13, 2019

@JLLeitschuh I admit that the WTP should respect the resolveExternalEntities configuration, which is per default false. I will investigate.

Anyhow, please open a new issue for this topic. To be hones, it is not urgent for me. Every formatter can contain holes in its parsing step. With external URIs it is easier to get something into the parser unnoticed, that is true.

@nedtwigg
Copy link
Member

Can we close this one @JLLeitschuh?

@JLLeitschuh
Copy link
Member Author

I no longer have access to the repository that had this problem.

New job. I now work for Gradle! 😄

@nedtwigg
Copy link
Member

Congrats! Gradle is very lucky, and so are the rest of us! Since this issue is unlikely to see more action, I'll close it for now.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants