Giters

find-sec-bugs / find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Home Page:https://find-sec-bugs.github.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SpringEntityLeakDetector crashes with Map

nchandrashekar79 opened this issue · comments

commented

Environment

Component Version

| Java | 1.8 |
| SpotBugs | 4.5.3.0+ |
| FindSecBugs |1.12 |

Problem

Problem
SpringEntityLeakDetector does not seem to support the case when an argument is a Map:
java.lang.IllegalArgumentException: Invalid class name
java/lang/String;Ljava/util/List<Lcom/test/entity/HelloBean
At edu.umd.cs.findbugs.classfile.ClassDescriptor.(ClassDescriptor.java:59)
At edu.umd.cs.findbugs.classfile.DescriptorFactory.getClassDescriptor(DescriptorFactory.java:128)
At edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:90)
At org.apache.bcel.Repository.lookupClass(Repository.java:65)
At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(SignatureParserWithGeneric.java:75)
At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.getReturnClasses(SignatureParserWithGeneric.java:60)
At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.analyzeMethod(SpringEntityLeakDetector.java:112)
At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.visitClassContext(SpringEntityLeakDetector.java:69)

Code

@Controller
public class SpringEntityLeakController  {

	@RequestMapping("/api1")
	public HashMap<String, List<HelloBean>> getHelloBeans() {

		HashMap<String, List<HelloBean>> map = new HashMap<>();

		List<HelloBean> list = new ArrayList<>();

		list.add(new HelloBean("1", "name1"));
		list.add(new HelloBean("2", "name2"));
		map.put("data", list);
		return map;

	}

}

class HelloBean {
	String id;
	String name;



	public HelloBean(String id, String name) {
		super();
		this.id = id;
		this.name = name;
	}

}