Erroneous "`java.lang.ClassNotFoundException`: Exception while looking for class" errors
basil opened this issue · comments
Environment
Component | Version |
---|---|
Maven | 3.8.6 |
Java | 11.0.16 |
SpotBugs | 4.7.2 |
FindSecBugs | 1.12.0 |
Steps to reproduce
- Ensure Java 11 and Maven 3.8.6 are installed.
- Run
git clone https://github.com/jenkins/jenkins.git && cd jenkins
- Run
mvn clean verify -DskipTests -Dspotbugs.debug -Dspotbugs.trace '-Dspotbugs.jvmArgs=-Dorg.slf4j.simpleLogger.defaultLogLevel=debug'
Expected results
Note: These are the actual results when running SpotBugs core without Find Security Bugs.
No "Missing class" errors should appear in the output, and no "The following classes needed for analysis were missing" message should be printed after running SpotBugs.
Actual results
Lots of "Missing class" exceptions are logged, for example:
[java] [main] DEBUG edu.umd.cs.findbugs.AbstractBugReporter - Missing class
[java] java.lang.ClassNotFoundException: Exception while looking for class makeConcatWithConstants
[java] at edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:94)
[java] at org.apache.bcel.Repository.lookupClass(Repository.java:65)
[java] at com.h3xstream.findsecbugs.injection.BasicInjectionDetector.getInjectionPoint(BasicInjectionDetector.java:79)
[java] at com.h3xstream.findsecbugs.injection.AbstractInjectionDetector.analyzeLocation(AbstractInjectionDetector.java:82)
[java] at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.analyzeMethod(AbstractTaintDetector.java:126)
[java] at com.h3xstream.findsecbugs.injection.AbstractTaintDetector.visitClassContext(AbstractTaintDetector.java:79)
[java] at edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
[java] at edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
[java] at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[java] at edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
[java] at java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:242)
[java] at edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
[java] at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
[java] at edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
[java] at edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)
[java] Caused by: edu.umd.cs.findbugs.classfile.MissingClassException: Resource not found: makeConcatWithConstants.class
[java] at edu.umd.cs.findbugs.classfile.engine.ClassDataAnalysisEngine.analyze(ClassDataAnalysisEngine.java:60)
[java] at edu.umd.cs.findbugs.classfile.engine.ClassDataAnalysisEngine.analyze(ClassDataAnalysisEngine.java:42)
[java] at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(AnalysisCache.java:261)
[java] at edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(ClassInfoAnalysisEngine.java:61)
[java] at edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(ClassInfoAnalysisEngine.java:38)
[java] at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(AnalysisCache.java:261)
[java] at edu.umd.cs.findbugs.ba.Hierarchy2.getXClass(Hierarchy2.java:282)
[java] at edu.umd.cs.findbugs.ba.Hierarchy2.getXClassFromDottedClassName(Hierarchy2.java:278)
[java] at edu.umd.cs.findbugs.ba.Hierarchy2.findInvocationLeastUpperBound(Hierarchy2.java:146)
[java] at edu.umd.cs.findbugs.ba.Hierarchy2.findDeclaredExceptions(Hierarchy2.java:490)
[java] at edu.umd.cs.findbugs.ba.type.TypeAnalysis.computeThrownExceptionTypes(TypeAnalysis.java:910)
[java] at edu.umd.cs.findbugs.ba.type.TypeAnalysis.computeBlockExceptionSet(TypeAnalysis.java:731)
[java] at edu.umd.cs.findbugs.ba.type.TypeAnalysis.computeThrownExceptionTypes(TypeAnalysis.java:474)
[java] at edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:417)
[java] at edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:86)
[java] at edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:378)
[java] at edu.umd.cs.findbugs.classfile.engine.bcel.TypeDataflowFactory.analyze(TypeDataflowFactory.java:83)
[java] at edu.umd.cs.findbugs.classfile.engine.bcel.TypeDataflowFactory.analyze(TypeDataflowFactory.java:43)
[java] at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:368)
[java] at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:321)
[java] at edu.umd.cs.findbugs.classfile.engine.bcel.CFGFactory.analyze(CFGFactory.java:160)
[java] at edu.umd.cs.findbugs.classfile.engine.bcel.CFGFactory.analyze(CFGFactory.java:65)
[java] at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:368)
[java] at edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:321)
[java] at edu.umd.cs.findbugs.ba.ClassContext.getMethodAnalysis(ClassContext.java:1010)
[java] at edu.umd.cs.findbugs.ba.ClassContext.getMethodAnalysisNoDataflowAnalysisException(ClassContext.java:995)
[java] at edu.umd.cs.findbugs.ba.ClassContext.getCFG(ClassContext.java:301)
[java] at edu.umd.cs.findbugs.detect.FindUseOfNonSerializableValue.analyzeMethod(FindUseOfNonSerializableValue.java:143)
[java] at edu.umd.cs.findbugs.detect.FindUseOfNonSerializableValue.visitClassContext(FindUseOfNonSerializableValue.java:95)
[java] ... 9 more
[java] Caused by: edu.umd.cs.findbugs.classfile.ResourceNotFoundException: Resource not found: makeConcatWithConstants.class
[java] at edu.umd.cs.findbugs.classfile.impl.ClassPathImpl.lookupResource(ClassPathImpl.java:162)
[java] at edu.umd.cs.findbugs.classfile.engine.ClassDataAnalysisEngine.analyze(ClassDataAnalysisEngine.java:53)
[java] ... 37 more
At the end of the SpotBugs invocation the following is printed:
[java] Pass 2: Analyzing classes (2397 / 2397) - 100% completeDone with analysis
[java] Analysis completed
[java] The following classes needed for analysis were missing:
[java] makeConcatWithConstants
[java] accept
[java] apply
[java] test
[java] reportException
[java] save
[java] get
[java] call
[java] getString
[java] resolve
[java] check
[java] shouldRetry
[java] hash
[java] iterator
[java] compare
[java] execute
[java] run
[java] generateResponse
[java] weight
[java] applyAsInt
[java] visit
[java] loadUserByUsername
[java] authenticate
[java] uncaughtException
[java] isAllowed
[java] applyAsLong
Note
These errors do not occur with SpotBugs core, only when running Find Security Bugs.
In all cases these look like method names, not class names, pointing to a bug in Find Security Bugs.