How to deal with Findbugs error "Classfile header isn't 0xCAFEBABE in"

[stanislr]

Hello,
After upgrade Sonarqube server to version 6.7.4 and its compatible Findbugs plugin v.3.7 we get next error during the Sonar check:
Caused by: edu.umd.cs.findbugs.classfile.InvalidClassFileFormatException: Classfile header isn’t 0xCAFEBABE in ClassName.class

How can we get rid of this error?

[KengoTODA]

Could you share your .class file?

[stanislr]

Attaching
I have changed extension from .class to .zip as class files can not be uploaded here
UpdateASCFiles.zip

[KengoTODA]

I've checked this binary file. It seems that it has EFBFBD header, that is explained at https://blog.gdssecurity.com/labs/2015/2/18/when-efbfbd-and-friends-come-knocking-observations-of-byte-a.html

So I guess that you generated this .class file with some tools that isn't javac? Or edited by some editor? Please make sure that .class file is really generated by javac.

[stanislr]

Thanks for checking KengoToda.
Not sure how link you sent is related to the issue as in link it is explained about key generation and not file header type.
We tried to use Findbugs filters to skip this specific class during Sonar analysis but nothing worked.
Is there any other way to skip this file in analysis?
Also we would expect that Findbugs will not fail the whole analysis but only prints warning/info about file that failed in check and will continue to run.
Is any such enhancement may be done?

[ThrawnCA]

The relevance of the link is, if something created this class file by generating a sequence of bytes and then converting them to a String, before writing them to a file, then that would explain the EFBFBD sequence.

In any case, without the CAFEBABE header, it's not a valid class file.

[KengoTODA]

Is any such enhancement may be done?

SpotBugs has no full-time contributor nor supporter. So if you have suggestion, please raise PR by own... it should be easiest/fastest way to make it real.

[KengoTODA]

I'll close this stale issue, please feel free to reopen.