Adobe Experience Manager Sites & More

Rohan_Garg · 9/14/23

Hi All,

We have recently had this build issue come up in our deployment pipeline which states the following -

Rule - CQRules:CQBP-84

Issue - The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code.

This is being reported at below file locations -

Netcentric:accesscontroltool-package:3.0.9

The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code. Detected in biz.netcentric.cq.tools.actool.dumpservice.impl.DumpServiceImpl$1 contained in /apps/netcentric/actool/install/accesscontroltool-bundle-3.0.9.jar.

The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code. Detected in biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthInstallerUserManagerPrefetchingImpl$1 contained in /apps/netcentric/actool/install/accesscontroltool-bundle-3.0.9.jar.

The weird part is the issue has started showing up recently (It was not there in our last build done on Sept 08, 2023)

Any ideas on how to troubleshoot this issue? As far as I can tell the netcentric jar is using Query interface and thus lies beyond our custom application codebase.

@aanchal-sikka, @arunpatidar, @EstebanBustamante, @Jörg_Hoh, @Harwinder-singh,

aanchal-sikka · 9/14/23

Hello @Rohan_Garg

The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671

The fix is currently in review https://github.com/apache/jackrabbit-oak/pull/1121

Should be available in next version of netcentric tool

Aanchal Sikka

View solution in original post

aanchal-sikka · 9/14/23

Hello @Rohan_Garg

The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671

The fix is currently in review https://github.com/apache/jackrabbit-oak/pull/1121

Should be available in next version of netcentric tool

Aanchal Sikka

MATTHEW_AST · 9/14/23

Can the AEM code quality pipeline be fixed to not randomly fail builds due to new issues it finds with existing dependency packages that haven't been changed since the last build?

MATTHEW_AST · 9/14/23

In our case, the server we're deploying to is running some older version of jackrabbit oak-core: 1.22.13. This issue looks like it was introduced in 1.56.0, which means somehow the cloud pipeline is scanning against the latest versions of packages that don't even apply to the server that's being deployed to. This is a serious issue with the code quality pipeline.

aanchal-sikka · 9/14/23

@MATTHEW_AST

Adobe is continuously enhancing the platform. Once they update CM rules, they would expect the code to comply as per the latest ones.

I agree to your point, that there should be some notification sent in advance, to cross-verify our code against the upcoming rules updates. May be a pipeline that has early updates and can be used to verify code.

Aanchal Sikka

gmalagondla · 9/15/23

Thanks @aanchal-sikka. I am still facing the issue today. Do we need to update anything from our end or is it Adobe's fix? Our CI pipelines are failing with the same issue. Could you please advise

File Location	Line Number	Issue	Type	Severity	Effort	Rule	Tags	Documentation
adobe/consulting:acs-aem-commons-content:5.3.4	0	The product interface org.apache.jackrabbit.api.JackrabbitSession annotated with @ProviderType should not be implemented by custom code. Detected in com.adobe.acs.commons.wrap.jackrabbit.JackrabbitSessionIWrap contained in /apps/acs-commons/install/acs-aem-commons-bundle-5.3.4.jar.	Bug	Critical	30m	CQRules:CQBP-84	cqsoftwarequality	https://www.adobe.com/go/aem_cmcq_cqbp-84_en

aanchal-sikka · 9/15/23

Hello @gmalagondla

Please monitor the updates via following link

The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671

The Netcentric team would need to release a new version on ACL tool with the fix
We would need to update the version of the ACL package in the code

Adobe won't be able to fix the code, unless they lower the priority of the rule. I have no idea, if thats possible.

Aanchal Sikka

gmalagondla · 9/15/23

Thanks @aanchal-sikka for the quick response.

ssinghai · 9/18/23

Hi,

Was anyone able to fix this issue?

I tried using the latest accesscontrol version 3.0.9 but had no luck with this issue.

Please let me know if anyone was able to fix this.

Adobe Experience Manager Sites & More

AEM Project Build Issue - CQRules:CQBP-84 - Netcentric:accesscontroltool-package - product interface org.apache.jackrabbit.api.security.user.Query should not be implemented by custom code.

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe