-
Notifications
You must be signed in to change notification settings - Fork 583
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
java.io.IOException: Wrong magic bytes of ... #497
Comments
Hello, could you let us know which version of SpotBugs you're using? |
I’m using version 3.1.0 (manually set the version) |
@KengoTODA, anyone? |
Please remove Log4j2Plugins.dat from auxilarry class path. This is not a zip / jar file which need to be there. |
The compilation process automatically generates this file. Yet it might still be a good idea to not look for class files in the |
We look into MANIFEST.MF and read libraries specified by the class path attribute. So can you please check which MANIFEST.MF provides the offending entry? |
There is no such file. However during the compilation process log4j2 creates the dat file in the classes dir. If it helps, I'll create a minimal test repo. |
I am running into an identical issue for a different file type. We are using the Apache XMLBeans project which creates ".xsb" binary files in the classpath that is required for the library to function. When Spotbugs attempts to scan these files it logs a stacktrace and since there are a large number of these files it causes our build logs to be unmanageable. There needs to be some type of mechanism for telling SpotBugs to not scan certain file types, or just have it only scan ".class" files. |
Probably staying with ".class" files only would be the best way. Anyone wants to contribute a fix? |
I tried to look into making a patch for this but wasn't sure of the best way to proceed. The method I am not sure of a good solution to proceed. I considered both an allowed or rejected list of suffixes, but both suffer from the same problem of potentially being incomplete and unintentionally excluding files from processing. I'd be happy to contribute if anybody has an idea on how to proceed. |
@briehman : I guess you mean the last "if" block in the
The code above is very optimistic :-) I think in the last if block above we can afford to read few bytes from the beginning of the file to check if this has a valid zip header (see for example https://en.wikipedia.org/wiki/List_of_file_signatures). If not, I would log a warning and return some dummy "empty" IScannableCodeBase instance. |
That seems reasonable. I didn’t find a ready-made utility function, but |
Performing the magic number check seems less resilient than letting the If so, it seems reasonable to assume in the final I'm coming at this without prior context so let me know if I'm missing something important regarding why this might behave differently. |
It doesn't even have to be a warning. Because there can be plenty of non class files in the classpath and that would be spammy. |
As a user who is seeing this problem, I would love the ability to simply disable the output when it encounters this problem, echoing what @briehman mentioned above about it being potentially spammy. It may simply be a problem with how our source sets are configured in gradle, but we have In our case, simply being able to disable the error output, or potentially pass in a list of file types to omit would solve our problem. Also, trying to act the the JVM classpath and silently ignore any errors with files would fit our needs as well. |
If I get it right, #529 fixes this one, closing. |
Hi. When running spotbugs on my test classes through gradle I get the following error:
The build then fails because of this.
I believe it is caused by the log4j2 plugin I have in my test code to capture log output.
A possible solution could be silently ignoring these errors if it is not a class file or not even reading non-class files.
findbugsproject/findbugs#157 seems to be related.
The text was updated successfully, but these errors were encountered: