Skip to content

Erroneous "java.lang.ClassNotFoundException: Exception while looking for class" errors #692

New issue
New issue
Closed as duplicate of#332
Closed as duplicate of#332
Erroneous "java.lang.ClassNotFoundException: Exception while looking for class" errors#692
Labels
bug
@basil

Description

@basil
basil
opened on Nov 6, 2022

Environment

Component Version
Maven 3.8.6
Java 11.0.16
SpotBugs 4.7.2
FindSecBugs 1.12.0

Steps to reproduce

  1. Ensure Java 11 and Maven 3.8.6 are installed.
  2. Run git clone https://github.com/jenkins/jenkins.git && cd jenkins
  3. Run mvn clean verify -DskipTests -Dspotbugs.debug -Dspotbugs.trace '-Dspotbugs.jvmArgs=-Dorg.slf4j.simpleLogger.defaultLogLevel=debug'

Expected results

Note: These are the actual results when running SpotBugs core without Find Security Bugs.

No "Missing class" errors should appear in the output, and no "The following classes needed for analysis were missing" message should be printed after running SpotBugs.

Actual results

Lots of "Missing class" exceptions are logged, for example:

     [java] [main] DEBUG edu.umd.cs.findbugs.AbstractBugReporter - Missing class
     [java] java.lang.ClassNotFoundException: Exception while looking for class makeConcatWithConstants
     [java]     at edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:94)
     [java]     at org.apache.bcel.Repository.lookupClass(Repository.java:65)
     [java]     at com.h3xstream.findsecbugs.injection.BasicInjectionDetector.getInjectionPoint(BasicInjectionDetector.java:79)
     [java]     at com.h3xstream.findsecbugs.injection.AbstractInjectionDetector.analyzeLocation(AbstractInjectionDetector.java:82)
     [java]     at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.analyzeMethod(AbstractTaintDetector.java:126)
     [java]     at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.visitClassContext(AbstractTaintDetector.java:79)
     [java]     at edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
     [java]     at edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
     [java]     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
     [java]     at edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
     [java]     at java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:242)
     [java]     at edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
     [java]     at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
     [java]     at edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
     [java]     at edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)
     [java] Caused by: edu.umd.cs.findbugs.classfile.MissingClassException: Resource not found: makeConcatWithConstants.class
     [java]     at edu.umd.cs.findbugs.classfile.engine.ClassDataAnalysisEngine.analyze(ClassDataAnalysisEngine.java:60)
     [java]     at edu.umd.cs.findbugs.classfile.engine.ClassDataAnalysisEngine.analyze(ClassDataAnalysisEngine.java:42)
     [java]     at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(AnalysisCache.java:261)
     [java]     at edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(ClassInfoAnalysisEngine.java:61)
     [java]     at edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(ClassInfoAnalysisEngine.java:38)
     [java]     at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(AnalysisCache.java:261)
     [java]     at edu.umd.cs.findbugs.ba.Hierarchy2.getXClass(Hierarchy2.java:282)
     [java]     at edu.umd.cs.findbugs.ba.Hierarchy2.getXClassFromDottedClassName(Hierarchy2.java:278)
     [java]     at edu.umd.cs.findbugs.ba.Hierarchy2.findInvocationLeastUpperBound(Hierarchy2.java:146)
     [java]     at edu.umd.cs.findbugs.ba.Hierarchy2.findDeclaredExceptions(Hierarchy2.java:490)
     [java]     at edu.umd.cs.findbugs.ba.type.TypeAnalysis.computeThrownExceptionTypes(TypeAnalysis.java:910)
     [java]     at edu.umd.cs.findbugs.ba.type.TypeAnalysis.computeBlockExceptionSet(TypeAnalysis.java:731)
     [java]     at edu.umd.cs.findbugs.ba.type.TypeAnalysis.computeThrownExceptionTypes(TypeAnalysis.java:474)
     [java]     at edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:417)
     [java]     at edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:86)
     [java]     at edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:378)
     [java]     at edu.umd.cs.findbugs.classfile.engine.bcel.TypeDataflowFactory.analyze(TypeDataflowFactory.java:83)
     [java]     at edu.umd.cs.findbugs.classfile.engine.bcel.TypeDataflowFactory.analyze(TypeDataflowFactory.java:43)
     [java]     at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:368)
     [java]     at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:321)
     [java]     at edu.umd.cs.findbugs.classfile.engine.bcel.CFGFactory.analyze(CFGFactory.java:160)
     [java]     at edu.umd.cs.findbugs.classfile.engine.bcel.CFGFactory.analyze(CFGFactory.java:65)
     [java]     at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:368)
     [java]     at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:321)
     [java]     at edu.umd.cs.findbugs.ba.ClassContext.getMethodAnalysis(ClassContext.java:1010)
     [java]     at edu.umd.cs.findbugs.ba.ClassContext.getMethodAnalysisNoDataflowAnalysisException(ClassContext.java:995)
     [java]     at edu.umd.cs.findbugs.ba.ClassContext.getCFG(ClassContext.java:301)
     [java]     at edu.umd.cs.findbugs.detect.FindUseOfNonSerializableValue.analyzeMethod(FindUseOfNonSerializableValue.java:143)
     [java]     at edu.umd.cs.findbugs.detect.FindUseOfNonSerializableValue.visitClassContext(FindUseOfNonSerializableValue.java:95)
     [java]     ... 9 more
     [java] Caused by: edu.umd.cs.findbugs.classfile.ResourceNotFoundException: Resource not found: makeConcatWithConstants.class
     [java]     at edu.umd.cs.findbugs.classfile.impl.ClassPathImpl.lookupResource(ClassPathImpl.java:162)
     [java]     at edu.umd.cs.findbugs.classfile.engine.ClassDataAnalysisEngine.analyze(ClassDataAnalysisEngine.java:53)
     [java]     ... 37 more

At the end of the SpotBugs invocation the following is printed:

     [java] Pass 2: Analyzing classes (2397 / 2397) - 100% completeDone with analysis
     [java] Analysis completed
     [java] The following classes needed for analysis were missing:
     [java]   makeConcatWithConstants
     [java]   accept
     [java]   apply
     [java]   test
     [java]   reportException
     [java]   save
     [java]   get
     [java]   call
     [java]   getString
     [java]   resolve
     [java]   check
     [java]   shouldRetry
     [java]   hash
     [java]   iterator
     [java]   compare
     [java]   execute
     [java]   run
     [java]   generateResponse
     [java]   weight
     [java]   applyAsInt
     [java]   visit
     [java]   loadUserByUsername
     [java]   authenticate
     [java]   uncaughtException
     [java]   isAllowed
     [java]   applyAsLong

Note

These errors do not occur with SpotBugs core, only when running Find Security Bugs.

In all cases these look like method names, not class names, pointing to a bug in Find Security Bugs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions