Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly parse method signatures with generic types #669

Merged
merged 1 commit into from Jan 26, 2022
Merged

Correctly parse method signatures with generic types #669

merged 1 commit into from Jan 26, 2022

Conversation

scottsteen
Copy link

Currently, the implementation assumes the signature will be of the format
(Ljava/lang/Object,Ljava/lang/Object), using a comma , separator.
This is not the case for compiled classes. Compiled signatures use a
semicolon ; as the separator as described in JVMS 4.2.

This commit delegates the SpotBugs' signature parser to ensure the parser
expects the format it is to be provided & reduces the maintenance overhead here.

Ref #668

Correctly parse method signatures with generic types
319bb68 
Currently, the implementation assumes the signature will be of the format
`(Ljava/lang/Object,Ljava/lang/Object)`, using a comma `,` separator.
This is not the case for compiled classes. Compiled signatures use a
semicolon `;` as the separator as described in [JVMS 4.2](https://docs.oracle.com/javase/specs/jvms/se17/html/jvms-4.html#jvms-ParameterDescriptor).

This commit delegates the `SpotBugs'` signature parser to ensure the parser
expects the format it is to be provided & reduces the maintenance overhead here.
@scottsteen scottsteen mentioned this pull request Jan 19, 2022
Closed
h3xstream
h3xstream approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@h3xstream h3xstream left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the great PR.

...ecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/spring/SignatureParserWithGeneric.java
argumentsTypes = paramAndReturn[0].split(",");

returnType = paramAndReturn[1];
GenericSignatureParser delegate = new GenericSignatureParser(signature);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent fix ! I am also all about code reuse. 👌

@h3xstream h3xstream merged commit 5b8713c into find-sec-bugs:master Jan 26, 2022
@h3xstream h3xstream added this to the version-1.12.0 milestone Jan 28, 2022
@h3xstream h3xstream added the bug label Jan 28, 2022
@KengoTODA KengoTODA mentioned this pull request Apr 15, 2022
Open
@r4fterman
Copy link

r4fterman commented May 21, 2023
edited

Hi there,
I still receive this issue when verifying my spring-boot project with spotbugs using find-sec-bugs:

Downloaded from central: https://repo.maven.apache.org/maven2/com/h3xstream/findsecbugs/findsecbugs-plugin/1.12.0/findsecbugs-plugin-1.12.0.jar (467 kB at 469 kB/s)
     [java] The following errors occurred during analysis:
     [java]   Exception analyzing com.controller.ConnectorController using detector com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
     [java]     java.lang.IllegalArgumentException: Invalid class name java/lang/String;Ljava/lang/String
     [java]       At edu.umd.cs.findbugs.classfile.ClassDescriptor.<init>(ClassDescriptor.java:59)
     [java]       At edu.umd.cs.findbugs.classfile.DescriptorFactory.getClassDescriptor(DescriptorFactory.java:128)
     [java]       At edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:90)
     [java]       At org.apache.bcel.Repository.lookupClass(Repository.java:65)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(SignatureParserWithGeneric.java:75)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.getArgumentsClasses(SignatureParserWithGeneric.java:54)
     [java]       At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.analyzeMethod(SpringEntityLeakDetector.java:108)
     [java]       At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.visitClassContext(SpringEntityLeakDetector.java:69)
     [java]       At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
     [java]       At edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
     [java]       At java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
     [java]       At edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
     [java]       At java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:242)
     [java]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
     [java]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
     [java]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
     [java]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)
     [java]   Exception analyzing com.controller.ConnectorJarController using detector com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
     [java]     java.lang.IllegalArgumentException: Invalid class name [Lorg/springframework/web/multipart/MultipartFile
     [java]       At edu.umd.cs.findbugs.classfile.ClassDescriptor.<init>(ClassDescriptor.java:59)
     [java]       At edu.umd.cs.findbugs.classfile.DescriptorFactory.getClassDescriptor(DescriptorFactory.java:128)
     [java]       At edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:90)
     [java]       At org.apache.bcel.Repository.lookupClass(Repository.java:65)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(SignatureParserWithGeneric.java:69)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.getArgumentsClasses(SignatureParserWithGeneric.java:54)
     [java]       At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.analyzeMethod(SpringEntityLeakDetector.java:108)
     [java]       At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.visitClassContext(SpringEntityLeakDetector.java:69)
     [java]       At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
     [java]       At edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
     [java]       At java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
     [java]       At edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
     [java]       At java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:242)
     [java]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
     [java]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
     [java]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
     [java]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)
     [java] The following classes needed for analysis were missing:
     [java]   makeConcatWithConstants
     [java]   accept
     [java]   run
     [java]   getExitCode
     [java]   apply
[INFO] Done SpotBugs Analysis....

Is the fix release with version 1.12.0 or coming later?

Regards, R4FT3R

@ctmay4
Copy link

ctmay4 commented Sep 26, 2023

I'm also still getting this error so definitely not fixed in 1.12.0.

     [java] The following errors occurred during analysis:
     [java]   Exception analyzing com.imsweb.seertransfer.controller.CustomErrorController using detector com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
     [java]     java.lang.IllegalArgumentException: Invalid class name java/lang/String;Ljava/lang/String
     [java]       At edu.umd.cs.findbugs.classfile.ClassDescriptor.<init>(ClassDescriptor.java:59)
     [java]       At edu.umd.cs.findbugs.classfile.DescriptorFactory.getClassDescriptor(DescriptorFactory.java:128)
     [java]       At edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:90)
     [java]       At org.apache.bcel.Repository.lookupClass(Repository.java:180)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(SignatureParserWithGeneric.java:75)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.getArgumentsClasses(SignatureParserWithGeneric.java:54)
     [java]       At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.analyzeMethod(SpringEntityLeakDetector.java:108)
     [java]       At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.visitClassContext(SpringEntityLeakDetector.java:69)
     [java]       At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
     [java]       At edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
     [java]       At java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
     [java]       At edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
     [java]       At java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:247)
     [java]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
     [java]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
     [java]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
     [java]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)

@3mmasun
Copy link

3mmasun commented Oct 9, 2023

Same issue, using 1.12.0

@ataraxie
Copy link

Same here. Doesn't seem to be fixed in 1.12.0.

@scottsteen
Copy link
Author

Can someone that is still facing this create a new issue with a minimum reproducible example? You will likely get more traction that way.

@pavelorehov
Copy link

pavelorehov commented Feb 13, 2024
edited

Created #724

Same for me, it fails on return value of method:
public Map<String, String> test1()

Try that simple class:

import java.util.Map;

import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {

	// fails
	/*
	 * [java] The following errors occurred during analysis:
     [java]   Exception analyzing TestController using detector com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector
     [java]     java.lang.IllegalArgumentException: Invalid class name java/lang/String;Ljava/lang/String
     [java]       At edu.umd.cs.findbugs.classfile.ClassDescriptor.<init>(ClassDescriptor.java:59)
     [java]       At edu.umd.cs.findbugs.classfile.DescriptorFactory.getClassDescriptor(DescriptorFactory.java:128)
     [java]       At edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:90)
     [java]       At org.apache.bcel.Repository.lookupClass(Repository.java:180)
     [java]       At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(SignatureParserWithGeneric.java:75)
	 */
	@GetMapping(value = "/test1", produces = MediaType.APPLICATION_JSON_VALUE)
    public Map<String, String> test1() {
		return Map.of();
	}
	
	// work
	@GetMapping(value = "/test2", produces = MediaType.TEXT_PLAIN_VALUE)
    public String test2() {
		return "OK";
	}
}

@pavelorehov pavelorehov mentioned this pull request Feb 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h3xstream h3xstream h3xstream approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
version-1.12.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@scottsteen @r4fterman @ctmay4 @3mmasun @ataraxie @pavelorehov @h3xstream