Robot Framework's library to test REST interfaces utilizing Apache HttpClient
License: Apache License 2.0
Let's meet at the Market Square!
Welcome to MarketSquare, a community run collection of repositories for Robot Framework.
See https://marketsquare.github.io/ on how to request access/join the MarketSquare.
For more information about the MarketSquare organization see our FAQ.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Vulnerable Library - commons-codec-1.11.jarThe Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Path to dependency file: robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
Dependency Hierarchy:
Found in HEAD commit: 2a3f9d75c1adc10848305a695874ec8e3a625ab3
Vulnerability Details
Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.
Publish Date: 2019-05-20
URL: WS-2019-0379
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: apache/commons-codec@48b6157
Release Date: 2019-05-12
Fix Resolution: 1.13-RC1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - commons-collections-3.2.jarTypes that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Publish Date: 2015-12-15
URL: CVE-2015-6420
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420
Release Date: 2015-12-15
Fix Resolution: org.apache.commons:commons-collections4:4.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - commons-collections-3.2.jarTypes that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Publish Date: 2015-11-18
URL: CVE-2015-4852
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2015/11/17/19
Release Date: 2015-11-18
Fix Resolution: commons-collections:commons-collections:3.2.2
Step up your Open Source Security Game with WhiteSource here
If setting logging level to TRACE (just minimum level is enough, not need to be shown level), some tests fail with error Cannot create PyString with non-byte value. This happens e.g. at Acceptance.Get.Get Requests.
This is probably some Jython issue, as there's no calls related to that in the library's code or in the stacktrace.
Run: mvn clean verify -Dtests="Get Requests" -DrobotLogLevel=TRACE
Stacktrace:
java.lang.IllegalArgumentException:
at jdk.internal.reflect.GeneratedMethodAccessor51.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at pprint$py.pformat$10(C:/Users/hifi/git/robotframework/build/Lib/pprint.py:120)
at pprint$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/pprint.py)
at robot.utils.unic$py.prepr$6(C:/Users/hifi/git/robotframework/build/Lib/robot/utils/unic.py:70)
at robot.utils.unic$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/utils/unic.py)
at robot.variables.assigner$py.f$18(C:/Users/hifi/git/robotframework/build/Lib/robot/variables/assigner.py:109)
at robot.variables.assigner$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/variables/assigner.py)
at robot.output.loggerhelper$py.resolve_delayed_message$18(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py:106)
at robot.output.loggerhelper$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py)
at robot.output.loggerhelper$py.message$16(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py:98)
at robot.output.loggerhelper$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py)
at robot.output.xmllogger$py._write_message$8(C:/Users/hifi/git/robotframework/build/Lib/robot/output/xmllogger.py:63)
at robot.output.xmllogger$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/xmllogger.py)
at robot.output.xmllogger$py.log_message$7(C:/Users/hifi/git/robotframework/build/Lib/robot/output/xmllogger.py:57)
at robot.output.xmllogger$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/xmllogger.py)
at robot.output.logger$py._log_message$23(C:/Users/hifi/git/robotframework/build/Lib/robot/output/logger.py:184)
at robot.output.logger$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/logger.py)
at robot.output.output$py.message$12(C:/Users/hifi/git/robotframework/build/Lib/robot/output/output.py:69)
at robot.output.output$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/output.py)
at robot.output.loggerhelper$py.write$10(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py:63)
at robot.output.loggerhelper$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py)
at robot.output.loggerhelper$py.trace$4(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py:41)
at robot.output.loggerhelper$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/output/loggerhelper.py)
at robot.variables.assigner$py.assign$17(C:/Users/hifi/git/robotframework/build/Lib/robot/variables/assigner.py:111)
at robot.variables.assigner$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/variables/assigner.py)
at robot.model.testcase$py.visit$8(C:/Users/hifi/git/robotframework/build/Lib/robot/model/testcase.py:78)
at robot.model.testcase$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/testcase.py)
at robot.model.itemlist$py.visit$12(C:/Users/hifi/git/robotframework/build/Lib/robot/model/itemlist.py:76)
at robot.model.itemlist$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/itemlist.py)
at robot.model.visitor$py.visit_suite$2(C:/Users/hifi/git/robotframework/build/Lib/robot/model/visitor.py:89)
at robot.model.visitor$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/visitor.py)
at robot.model.testsuite$py.visit$21(C:/Users/hifi/git/robotframework/build/Lib/robot/model/testsuite.py:174)
at robot.model.testsuite$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/testsuite.py)
at robot.model.itemlist$py.visit$12(C:/Users/hifi/git/robotframework/build/Lib/robot/model/itemlist.py:76)
at robot.model.itemlist$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/itemlist.py)
at robot.model.visitor$py.visit_suite$2(C:/Users/hifi/git/robotframework/build/Lib/robot/model/visitor.py:89)
at robot.model.visitor$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/visitor.py)
at robot.model.testsuite$py.visit$21(C:/Users/hifi/git/robotframework/build/Lib/robot/model/testsuite.py:174)
at robot.model.testsuite$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/model/testsuite.py)
at robot.run$py.main$3(C:/Users/hifi/git/robotframework/build/Lib/robot/run.py:452)
at robot.run$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/run.py)
at robot.utils.application$py._execute$10(C:/Users/hifi/git/robotframework/build/Lib/robot/utils/application.py:94)
at robot.utils.application$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/utils/application.py)
at robot.utils.application$py.execute_cli$5(C:/Users/hifi/git/robotframework/build/Lib/robot/utils/application.py:49)
at robot.utils.application$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/utils/application.py)
at robot.run$py.run_cli$7(C:/Users/hifi/git/robotframework/build/Lib/robot/run.py:492)
at robot.run$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/run.py)
at robot.jarrunner$py._run$3(C:/Users/hifi/git/robotframework/build/Lib/robot/jarrunner.py:67)
at robot.jarrunner$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/jarrunner.py)
at robot.jarrunner$py.run$2(C:/Users/hifi/git/robotframework/build/Lib/robot/jarrunner.py:60)
at robot.jarrunner$py.call_function(C:/Users/hifi/git/robotframework/build/Lib/robot/jarrunner.py)
at org.robotframework.RobotRunner.run(RobotRunner.java:77)
at org.robotframework.RobotFramework.run(RobotFramework.java:61)
at org.robotframework.mavenplugin.AcceptanceTestMojo.executeRobot(AcceptanceTestMojo.java:73)
at org.robotframework.mavenplugin.AcceptanceTestMojo.subclassExecute(AcceptanceTestMojo.java:68)
at org.robotframework.mavenplugin.AbstractMojoWithLoadedClasspath.execute(AbstractMojoWithLoadedClasspath.java:53)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:191)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Error is content specific, as only that test (of get tests) seem to be failing because of it.
I'm new to robot in general, and I I'm trying to test this module but getting: No module named HttpRequestLibrary
Tried:
java -cp "./robotframework-httprequestlibrary-0.0.13-jar-with-dependencies.jar" -jar robotframework-3.1.1.jar mytests.robot
Can you point me out where the error is? Thanks!
${dict}= Create Dictionary clientRole=true composite=false containerId=${userid} id=${roleid}
@{list}= Create List ${dict}
${response}= Post Request ${KEYCLOAK-SERVICE-NAME} uri=xxxxx/xxxx data=${list}
Leads to an error java.lang.IllegalStateException: Expected BEGIN_ARRAY but was BEGIN_OBJECT at line 1 column 3 path $[0]
Does not work either when trying to give the payload as string:
${data_string}= Set Variable [{"id": "${roleid}","name": "${rolename}", "scopeParamRequired": "false"}]
${response}= Post Request ${KEYCLOAK-SERVICE-NAME} uri=xxxxx/xxxx data=${data_string}
Hello,
I noticed that the httprequestlibrary throws an error when returning a response that contains the German double quotes („“) or the capital Eszett (ẞ). I tried to do some debugging, and it seems that the error might be in the Javalib-Core 2.0.x library, but I can't be sure.
This doesn't seem to be the case with other German special characters (e.g. üäößÜÖÄ).
Kind regards,
Simeon
Issue with setting below system property in the library initialization
System.setProperty("org.apache.commons.logging.Log", "com.github.hi_fi.httprequestlibrary.utils.RobotLogger")
When parsing JSON starting as array ([{}]), Pretty prining throws error
java.lang.IllegalStateException: Expected BEGIN_ARRAY but was BEGIN_OBJECT at line 1 column 3 path $[0]
Problem specified at: https://github.com/google/gson/blob/master/UserGuide.md#TOC-Collections-Limitations
Vulnerable Library - jython-2.7.0.jarJython is an implementation of the high-level, dynamic, object-oriented language Python written in 100% Pure Java, and seamlessly integrated with the Java platform. It thus allows you to run Python on any Java platform.
Library home page: http://www.jython.org/
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: epository/org/python/jython/2.7.0/jython-2.7.0.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
Publish Date: 2017-07-06
URL: CVE-2016-4000
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000
Release Date: 2017-07-06
Fix Resolution: org.python:jython:2.7-rc1,org.python:jython-standalone:2.7-rc1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - httpclient-4.5.2.jarApache HttpComponents Client
Library home page: http://hc.apache.org/httpcomponents-client
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.5.2/httpclient-4.5.2.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.
Publish Date: 2019-05-30
URL: WS-2017-3734
CVSS 2 Score Details (5.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/HTTPCLIENT-1803
Release Date: 2019-05-30
Fix Resolution: 4.5.3
Step up your Open Source Security Game with WhiteSource here
There is no method that can delete one (or all) sessions. Python library has Delete All Sessions for example.
I tried to run Get.robot within my own jar. This issue is not reproduced with a build against RF 2.8.7
[ ERROR ] Adding keyword 'optionsRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'getJsonResponse' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'toJson' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'prettyPrintJson' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'getResponseStatusCode' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'getRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'responseCodeShouldBe' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'responseShouldContain' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'putRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'deleteRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'postRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'headRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'createSession' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'createDigestSession' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ ERROR ] Adding keyword 'patchRequest' to library 'HttpRequestLibrary' failed: TypeError: <java function runKeyword 0x2> is not a Python function
[ WARN ] Imported library 'HttpRequestLibrary' contains no keywords.
Adding commons-logging helped. Check pom.xml for this.
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
Stack trace:
java.lang.RuntimeException:
at org.robotframework.javalib.library.AnnotationLibrary.retrieveInnerException(AnnotationLibrary.java:148)
at org.robotframework.javalib.library.AnnotationLibrary.runKeyword(AnnotationLibrary.java:130)
at robot.model.testcase$py.visit$7(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/testcase.py:74)
at robot.model.testcase$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/testcase.py)
at robot.model.itemlist$py.visit$11(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/itemlist.py:75)
at robot.model.itemlist$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/itemlist.py)
at robot.model.visitor$py.visit_suite$2(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/visitor.py:88)
at robot.model.visitor$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/visitor.py)
at robot.model.testsuite$py.visit$19(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/testsuite.py:161)
at robot.model.testsuite$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/testsuite.py)
at robot.model.itemlist$py.visit$11(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/itemlist.py:75)
at robot.model.itemlist$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/itemlist.py)
at robot.model.visitor$py.visit_suite$2(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/visitor.py:88)
at robot.model.visitor$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/visitor.py)
at robot.model.testsuite$py.visit$19(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/testsuite.py:161)
at robot.model.testsuite$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/model/testsuite.py)
at robot.run$py.main$3(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/run.py:452)
at robot.run$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/run.py)
at robot.utils.application$py._execute$10(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/utils/application.py:94)
at robot.utils.application$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/utils/application.py)
at robot.utils.application$py.execute_cli$5(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/utils/application.py:49)
at robot.utils.application$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/utils/application.py)
at robot.run$py.run_cli$7(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/run.py:489)
at robot.run$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/run.py)
at robot.jarrunner$py._run$3(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/jarrunner.py:64)
at robot.jarrunner$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/jarrunner.py)
at robot.jarrunner$py.run$2(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/jarrunner.py:57)
at robot.jarrunner$py.call_function(/Users/jmalinen/Documents/workspace/robotframework/build/Lib/robot/jarrunner.py)
at org.robotframework.RobotRunner.run(RobotRunner.java:74)
at org.robotframework.RobotFramework.run(RobotFramework.java:61)
at org.robotframework.mavenplugin.AcceptanceTestMojo.executeRobot(AcceptanceTestMojo.java:73)
at org.robotframework.mavenplugin.AcceptanceTestMojo.subclassExecute(AcceptanceTestMojo.java:68)
at org.robotframework.mavenplugin.AbstractMojoWithLoadedClasspath.execute(AbstractMojoWithLoadedClasspath.java:53)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: java.lang.NoClassDefFoundError: org/apache/commons/logging/Log
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:760)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at com.github.hi_fi.httprequestlibrary.utils.RestClient.<init>(RestClient.java:48)
at com.github.hi_fi.httprequestlibrary.keywords.Session.createSession(Session.java:32)
at org.robotframework.javalib.reflection.KeywordInvoker.invoke(KeywordInvoker.java:50)
at org.robotframework.javalib.beans.annotation.AnnotationKeywordExtractor$1.execute(AnnotationKeywordExtractor.java:62)
at org.robotframework.javalib.library.KeywordFactoryBasedLibrary.runKeyword(KeywordFactoryBasedLibrary.java:37)
at org.robotframework.javalib.library.AnnotationLibrary.runKeyword(AnnotationLibrary.java:128)
... 221 more
Caused by: java.lang.ClassNotFoundException: org.apache.commons.logging.Log
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 242 more
Types that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Publish Date: 2017-11-09
URL: CVE-2015-7501
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1279330
Release Date: 2017-11-09
Fix Resolution: commons-collections:commons-collections:3.2.2;org.apache.commons:commons-collections4:4.1
Step up your Open Source Security Game with WhiteSource here
The simple update from 0.0.15 to 0.0.16 broke tests. Here is how Open Browser keyword fails:
java.lang.RuntimeException:
at org.robotframework.javalib.reflection.KeywordInvoker.invoke(KeywordInvoker.java:65)
at org.robotframework.javalib.beans.annotation.AnnotationKeywordExtractor$1.execute(AnnotationKeywordExtractor.java:66)
at org.robotframework.javalib.library.KeywordFactoryBasedLibrary.runKeyword(KeywordFactoryBasedLibrary.java:40)
at org.robotframework.javalib.library.AnnotationLibrary.runKeyword(AnnotationLibrary.java:129)
at robot.model.visitor$py.visit_suite$2(C:\Users\hifi\git\robotframework\build\Lib\robot\model\visitor.py:88)
at robot.model.visitor$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\visitor.py)
at robot.model.testsuite$py.visit$19(C:\Users\hifi\git\robotframework\build\Lib\robot\model\testsuite.py:168)
at robot.model.testsuite$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\testsuite.py)
at robot.model.itemlist$py.visit$11(C:\Users\hifi\git\robotframework\build\Lib\robot\model\itemlist.py:71)
at robot.model.itemlist$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\itemlist.py)
at robot.model.visitor$py.visit_suite$2(C:\Users\hifi\git\robotframework\build\Lib\robot\model\visitor.py:88)
at robot.model.visitor$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\visitor.py)
at robot.model.testsuite$py.visit$19(C:\Users\hifi\git\robotframework\build\Lib\robot\model\testsuite.py:168)
at robot.model.testsuite$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\testsuite.py)
at robot.model.itemlist$py.visit$11(C:\Users\hifi\git\robotframework\build\Lib\robot\model\itemlist.py:71)
at robot.model.itemlist$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\itemlist.py)
at robot.model.visitor$py.visit_suite$2(C:\Users\hifi\git\robotframework\build\Lib\robot\model\visitor.py:88)
at robot.model.visitor$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\visitor.py)
at robot.model.testsuite$py.visit$19(C:\Users\hifi\git\robotframework\build\Lib\robot\model\testsuite.py:168)
at robot.model.testsuite$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\model\testsuite.py)
at robot.run$py.main$3(C:\Users\hifi\git\robotframework\build\Lib\robot\run.py:448)
at robot.run$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\run.py)
at robot.utils.application$py._execute$10(C:\Users\hifi\git\robotframework\build\Lib\robot\utils\application.py:94)
at robot.utils.application$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\utils\application.py)
at robot.utils.application$py.execute_cli$5(C:\Users\hifi\git\robotframework\build\Lib\robot\utils\application.py:49)
at robot.utils.application$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\utils\application.py)
at robot.run$py.run_cli$7(C:\Users\hifi\git\robotframework\build\Lib\robot\run.py:488)
at robot.run$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\run.py)
at robot.jarrunner$py._run$3(C:\Users\hifi\git\robotframework\build\Lib\robot\jarrunner.py:64)
at robot.jarrunner$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\jarrunner.py)
at robot.jarrunner$py.run$2(C:\Users\hifi\git\robotframework\build\Lib\robot\jarrunner.py:57)
at robot.jarrunner$py.call_function(C:\Users\hifi\git\robotframework\build\Lib\robot\jarrunner.py)
at org.robotframework.RobotRunner.run(RobotRunner.java:74)
at org.robotframework.RobotFramework.run(RobotFramework.java:61)
at org.robotframework.mavenplugin.AcceptanceTestMojo.executeRobot(AcceptanceTestMojo.java:73)
at org.robotframework.mavenplugin.AcceptanceTestMojo.subclassExecute(AcceptanceTestMojo.java:68)
at org.robotframework.mavenplugin.AbstractMojoWithLoadedClasspath.execute(AbstractMojoWithLoadedClasspath.java:53)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:192)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:347)
at org.apache.maven.wrapper.BootstrapMainStarter.start(BootstrapMainStarter.java:39)
at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.java:122)
at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.java:61)
Caused by: java.lang.IllegalArgumentException: wrong number of arguments
at org.robotframework.javalib.reflection.KeywordInvoker.invoke(KeywordInvoker.java:63)
... 245 more
Versions:
<robotframework-plugin.version>1.6.0</robotframework-plugin.version>
<robotframework-selenium.version>3.141.59.26535</robotframework-selenium.version>
<robotframework.version>3.1.2</robotframework.version> Vulnerable Library - commons-codec-1.9.jarThe Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/proper/commons-codec/
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability.
Publish Date: 2007-10-07
URL: WS-2009-0001
CVSS 2 Score Details (4.8)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - commons-collections-3.2.jarTypes that extend and augment the Java Collections Framework.
Library home page: http://jakarta.apache.org/commons/collections/
Path to dependency file: /tmp/ws-scm/robotframework-httprequestlibrary/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar
Dependency Hierarchy:
Found in HEAD commit: 329644a75da0d24042c61972ed10d496db9829c4
Vulnerability Details
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
Publish Date: 2017-12-11
URL: CVE-2017-15708
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708
Release Date: 2017-12-11
Fix Resolution: org.apache.synapse:Apache-Synapse:3.0.1;commons-collections:commons-collections:3.2.2
Step up your Open Source Security Game with WhiteSource here
Sometimes, one has to set up a RF stack with Java without having the luxury of Maven access (now that's ironic). In these cases, it would be nice to have documentation what additional jars (like gson?) this library needs to work
Using robotframework-maven-plugin 1.4.7 and robotframework-httprequestlibrary 0.0.9
In our tests, we are creating sessions with debug=False, example:
Create Session ${SESSION_NAME} ${SERVICE-URL} headers=${headers} debug=False
Still there appears a lot of these debug log writings to console when we execute the tests:
DEBUG Connection manager is shutting down
DEBUG Connection manager is shutting down
DEBUG Connection manager shut down
DEBUG Connection manager is shutting down
DEBUG Connection manager shut down
DEBUG Connection manager is shutting down
DEBUG Connection manager shut down
DEBUG Connection manager is shutting down
DEBUG Connection manager shut down
We are using this library over not 100% stable network connection. Packets get lost sometimes without reaching the destination leading to timeouts leading to our TA builds to fail on random. Possibility to define retry count and interval would be really valuable to us. These do exists in python request library, so could similar be implemented to this library?
http://bulkan.github.io/robotframework-requests/
max_retries: The maximum number of retries each connection should attempt.
backoff_factor: The pause between for each retry
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.