I've just installed the latest version of SonarLint and launched a full SonarLint analysis on the code of our new trainee who has put some non-static non-injected members in a Spring singleton just like in this example :
#Controller
public class HelloWorld {
private String name = null;
#RequestMapping("/greet", method = GET)
public String greet(String greetee) {
if (greetee != null) {
this.name = greetee;
}
return "Hello " + this.name; // if greetee is null, you see the previous user's data
}
}
https://rules.sonarsource.com/java/tag/spring/RSPEC-3749
So I was hoping that SonarLint would detect it, but no (I have other advices, but nothing about this).
Is this rule part of a special set which need to be activated in some conf somewhere ?
As you intuitively thought, rule squid:S3749 is not part of the quality profile by default (usually called SonarWay). It consequently won't be executed with a fresh install of SonarLint, without proper configuration.
From there, you have two options to enable the rule:
Connect SonarLint to a SonarQube instance or SonarCloud, which would allow you to configure and synchronize quality profiles for all your projects automatically, executing the rules which are expected for each projects
With latest versions of SonarLint (I tried with version 4.1 for eclipse), you should be able to enable rules directly through the plugin configuration, but this won't be shared with others working on the project.
Note that unfortunately, there is currently no way on https://rules.sonarsource.com/ to see the information about quality profiles (I'm making the internal feedback right now in order to maybe fix this in the future)
Related
I am updating a web app from Spring Boot 2.2.4 to 2.5.6 and have used Open Rewrite to handle the tedium. The run configuration in IntelliJ has spring-boot:run -Dspring.profiles.active=local -f pom.xml in the command line (this has been working with 2.2.4). After adding a try/catch to main, to actually learn why I kept getting exit code 1 with no additional info, I found java.lang.IllegalArgumentException: Could not resolve placeholder 'spring.profiles.active' in value "classpath:application-${spring.profiles.active}.properties" to be the root issue.
Apparently passing local on the command line for spring.profiles.active is now ignored… So, I added it to application.yml which gives me a message about how it is invalid to use spring.profiles.active. I found that the currently active profile should now be in config.activate.on-profile.active so I switched to that and then did a project wide search for spring.profiles.active and replaced every single instance with config.activate.on-profile.active.
I ran the project again and again got the message that it could resolve the placeholder spring.profiles.active! I can't for the life of me figure out where that placeholder is coming from since it doesn't exist anywhere in the project now according to IntelliJ, not even in the ReadMe file!
Is there some secret place I need to look to purge this old placeholder from existence?
I ran into the same issue and found a link to a github issue where a workaround was provided.
Create a class:
public class JunitProfileResolver implements ActiveProfilesResolver {
private static final String PROFILE_JUNIT = "test";
#Override
public String[] resolve(Class<?> testClass) {
System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME, PROFILE_JUNIT);
return new String[] { PROFILE_JUNIT };
}
}
And use it like:
#ActiveProfiles(profiles = "test", resolver = JunitProfileResolver.class)
public class MyTest {
For me this solves the problem.
I was working on injecting of groovy scripts dynamically in Java. So before executing those scripts, I want to get sure of that they do not have potential bugs using SpotBugs (static code analyzer).
Here is the Psuedo-Code:
Here it should return the infinite loop bug.
String script = "class Hello { static void main(String []args) { def i = 0; while ( i <= 0) { i = i - 1; } } } ";
List<Bugs> bugs = SpotBugs.getBugs(script);
if (bugs == null) {
execute(script);
}
So how to do the SpotBugs.getBugs(script) using java, the input script will not be hard-coded as in above example, but will be dynamically fetched.
Easiest API
The easiest way is to write the compiled code to class files (in a temp directory if needed). By having compiled class as file, you will be able to use the FindBugs class which provide an API to configure the scope and rules without playing with internal classes that are subject to changes.
Groovy dynamic (default) vs static compiling
However, the main obstacle you'll face is that groovy bytecode is too obfuscated for SpotBugs. For the call to function abc(), you will not see an invoke to method abc in the bytecode. It will be a reference to a global functions map that is created at runtime. Groovy has a mode to compile to a less dynamic format. This mode does not allow functions to be created at runtime. You can check the configuration to instruct the compiler for the static mode in this test repo: https://github.com/find-sec-bugs/find-sec-bugs-demos/tree/master/groovy-simple. This is, however, a Gradle compilation not a programmatic API that received a String as code.
seems like SpotBugs should run using maven, which means it will package and include only the groovy scripts that are valid.
hence, you will not need to check before execution.
I have an Enum inside a jar that I have produced myself. This jar is a dependency of a second jar, which uses the enum values.
Now, the second jar is a logging framework, whereas the first jar in this case is the model classes of the logging framework.
I am trying to implement this logging framework into a web application that I have made. Long story short, it still needs some work, but I am stuck on a single problem. An error in the framework's configuration initialization is caught as an exception, and it calls a method. This method has an Enum value as one of it's parameters. However, I get a java.lang.NoSuchFieldError on this enum.
The Enum value was ERROR, so i figured it could be a coincidence. But when I changed it to BABYLOVE the error message changed as well.
I've checked for redundancies and/or possible overlappings in class/enum names, but there are none that I can find.
Sequence of order:
Web App calls for initialization of logging-framework (direct dependency)
logging-framework has issues loading it's own configuration, and throws an exception
Exception is handeled, and a method is called to register the error
The method is called with several parameters, one which is an enum value from logging-framework-model.jar, which is a transitive dependency of the web app
The web-app throws an exception
java.lang.NoSuchFieldError: BABYLOVE
at logging.framework.Constants.<clinit>(Constants.java:52)
at logging.framework.Logger.<init>(Logger.java:60)
at logging.framework.LogContext.getLoggerFromContext(LogContext.java:95)
at logging.framework.LogContext.getCurrent(LogContext.java:48)
at action.navigation.CalendarElementEditorAction.execute(CalendarElementEditorAction.java:39)
Truncated. see log file for complete stacktrace
Constants, line 51-52:
public static final Event ConfigValidationFailed =
EventLogHelper.getEvent(EventLogSource.LoggingFramework, EventLogEntryType.BABYLOVE");
EventLogEntryType:
#XmlType(name = "EventLogEntryType")
#XmlEnum
public enum EventLogEntryType {
//for test purposes, should be removed. This variable is given a name that can not be confused with standard names in error messages, like Error and Warning can.
#XmlEnumValue("BabyLove")
BABYLOVE("BabyLove"),
#XmlEnumValue("Error")
ERROR("Error"),
#XmlEnumValue("Warning")
WARNING("Warning"),
#XmlEnumValue("Information")
INFORMATION("Information"),
#XmlEnumValue("SuccessAudit")
SUCCESSAUDIT("SuccessAudit"),
#XmlEnumValue("FailureAudit")
FAILUREAUDIT("FailureAudit");
private final String value;
EventLogEntryType(String v) {
value = v;
}
public String value() {
return value;
}
public static EventLogEntryType fromValue(String v) {
for (EventLogEntryType c: EventLogEntryType .values()) {
if (c.value.equals(v)) {
return c;
}
}
throw new IllegalArgumentException(v);
}
I don't know if it matters, but I am using maven2 to deal with my dependencies.
I was told to check if the versions of my dependencies had mismatches, and after checking the war's content, I found that to be the problem.
My webapp is one of two very similar ones, that both has a dependency to a jar containing some base model and business logic classes. I had previously added the logging framework (version 1) to that project's pom.xml. So the logging framework 1.0 was a transitive dependency of the web app, while the logging framework 2.0 was a direct dependency of the web app. I am guessing that direct dependencies has precedence over transitive dependencies, so 2.0 was the one who was packaged into my war. However, since the logging framework is composed of a framework (direct dependency), and a set of model classes (transitive dependency), the war was packaged with logging framework model version 1.0.
After I unpacked the war, and found this, it was a pretty easy process to find out where it was wrongly imported, and I ended up with only logging framework version 2.0 for the complete set.
I encountered a compilation issue under Linux.
I'm compiling java programs on Linux; the target use is both Linux and Windows.
The code check if in there are platform specific classes (as shown in the code below).
So if the code is running under Linux, the specific Windows code will not be executed.
The issue arise on the use of a platform specific class Win32MediaTray
The compile error reported is
PrinterScanner.java:9: error: cannot find symbol
import sun.print.Win32MediaTray;
^
Is it possible to compile it under Linux? Or is it just impossible?
I can use some workaround (reflection?)
Needless to say that the compilation under Windows gives no errors.
Thankyou for your help.
For reference, the code behind this issue is the following:
private String getTrayName(Media media) {
String result = "id:" + media.getValue();
boolean isWin32 = media.getClass().getName().equals("sun.print.Win32MediaTray");
if (isWin32) {
Win32MediaTray w32 = (Win32MediaTray) media;
result = result + ",winId:" + w32.winID;
}
return result;
}
I believe that the class you are trying to use is sun.print.Win32MediaTray.
And the answer is that you cannot use it ... or compile a class that uses it ... on a Linux release of Java. That class is not included in the rt.jar file on a Linux release of Java.
Furthermore, you shouldn't be using it. The Java documentation makes it very clear that application code should not make use of classes in the sun.* package hierarchy.
If you have no choice but to do this, then your best bet is to use reflection to fetch the value of that w32Id field. You'll also need to deal with the case where the media object is not an instance of the Win32MediaTray class. Beware that you are relying on implementation details that Oracle says specifically that you shouldn't. There is a risk that they will change (without notice!) in some future Windows release.
The other alternatives are:
Implement your own platform adapter classes with a different one for each platform. These have to be compiled separately on each platform, and then dynamically loaded.
Implement separate codebases for each platform.
To make the compiler happy you could implement a dummy class named sun.print.Win32MediaTray and make it available both on the compile and runtime classpath. The class doesn't need to work, it only has to be API compatible (same signatures and return types, but in this case you only really need to extend Media and have a public int winID), so that you can satisfy both the compiler and the verifier.
At runtime, the version included in rt.jar should be loaded on Windows thanks to loading delegation. On Linux, the dummy version is the only one available, but you stated that the program checks for the platform and executes another branch of code, so it shouldn't cause your program to fail.
For example, with the following class on the classpath:
package sun.print;
import javax.print.attribute.standard.Media;
public class Win32MediaTray extends Media {
public int winID = 0xBADC0DE;
protected Win32MediaTray(int value) {
super(value);
}
static {
System.out.println("Won't see me on Windows");
}
}
I managed to run this program on Windows:
public class Main {
public static void main(String[] args) {
PrintService[] services = PrintServiceLookup.lookupPrintServices(null, null);
for (PrintService svc : services ) {
DocFlavor flavor = DocFlavor.SERVICE_FORMATTED.PAGEABLE;
Object o = svc.getSupportedAttributeValues(Media.class, flavor, null);
if (o != null && o.getClass().isArray()) {
for (Media media : (Media[]) o) {
if ( media instanceof Win32MediaTray )
System.out.println( ((Win32MediaTray) media).winID );
}
}
}
}
}
The message in the static initializer is not printed on Windows, because the definition that is actually loaded is the one from rt.jar. Obviously, the code can be compiled on any platform.
How about putting the code that uses windows-specific stuff into a separate jar; then you can compile and include that jar on windows, and leave it off systems otherwise.
One standard way to do this is to have one or more interfaces used by your application code; you can have a factory provide the implementing classes or inject them with Spring or whatever. But I think rather than "how can I compile this on Linux" your question should be "I have this Windows dependency in an app targeted at multiple operating systems, how do I handle it?"
When I launch an SWT application (via an Eclipse launch profile), I receive the following stack trace:
Exception in thread "main" java.lang.NoClassDefFoundError: org/eclipse/jface/resource/FontRegistry
at org.eclipse.jface.resource.JFaceResources.getFontRegistry(JFaceResources.java:338)
at org.eclipse.jface.window.Window.close(Window.java:313)
at org.eclipse.jface.dialogs.Dialog.close(Dialog.java:971)
at org.eclipse.jface.dialogs.ProgressMonitorDialog.close(ProgressMonitorDialog.java:348)
at org.eclipse.jface.dialogs.ProgressMonitorDialog.finishedRun(ProgressMonitorDialog.java:582)
at org.eclipse.jface.dialogs.ProgressMonitorDialog.run(ProgressMonitorDialog.java:498)
at com.blah.si.workflow.SWTApplication.main(SWTApplication.java:135)
Now, the things that make this odd:
When I change the project build path and replace jface.jar with the source project (same version - 3.3.1), the error goes away.
Other applications I have that use the same jar, and a copy of the same launch profile and project, all works fine.
This is NOT a ClassNotFoundException. The class is on the classpath. If I attach source to the jar, I can debug into the getFontRegistry method. The method will execute successfully several times before eventually throwing a NoClassDefFoundError on line 338. Line 337 is a "if variable == null" statement checking to see if a static variable has been initialized. Line 338 is initializing it if it is not already initialized. The first time through, the null check fails, and the initialization is performed. On subsequent passes through the method, the null check passes, and thus the already-initialized static value is returned. On the final pass (the one that fails,) the null check fails again (even though the static variable has already been initialized) and when it tries to re-initialize the static variable, the NoClassDefFoundError is thrown. Here is the relevant source (starting with line 336, note that fontRegistry is a private static variable that is set in no other place):
.
public static FontRegistry getFontRegistry() {
if (fontRegistry == null) {
fontRegistry = new FontRegistry(
"org.eclipse.jface.resource.jfacefonts");
}
return fontRegistry;
}
.
I have already gotten a fresh copy of the jar (to ensure it isn't corrupted,) deleted my .classpath and .project files and started a fresh project, and recreated the launch profile. No change.
Because of the peculiarities in #3 above, I'm suspecting some kind of wierd classloader behavior - it seems as if that final pass through the method is in another classloader?
Ideas?
Update: The answer provided by Pourquoi Litytestdata prompted me to pay attention to what happens in the try block just above line 458 of ProgressMonitorDialog. Indeed, that code was throwing an exception, which was being gobbled by the finally block. The root cause was ANOTHER missing class (the missing class was not JFontRegistry or any of its directly related classes, but another that was spider-web dependencied in an edge case.) I'm upvoting all answers pointing me to pay attention to the classpath, and accepting Pourquoi's, because it was the breakthrough. Thanks to all.
It sounds like you are missing a JAR file that holds a dependency, as mentioned in this blog entry from July 2006, written by Sanjiv JIVAN:
Difference between ClassNotFoundException and NoClassDefFoundError
A ClassNotFoundException is thrown when the reported class is not found by the ClassLoader.
This typically means that the class is missing from the CLASSPATH.
It could also mean that the class in question is trying to be loaded from another class which was loaded in a parent ClassLoader and hence the class from the child ClassLoader is not visible.
This is sometimes the case when working in more complex environments like an App Server (WebSphere is infamous for such ClassLoader issues).
People often tend to confuse java.lang.NoClassDefFoundError with java.lang.ClassNotFoundException. However there's an important distinction.
For example an exception (an error really since java.lang.NoClassDefFoundError is a subclass of java.lang.Error) like
java.lang.NoClassDefFoundError:
org/apache/activemq/ActiveMQConnectionFactory
does not mean that the ActiveMQConnectionFactory class is not in the CLASSPATH.
In fact, its quite the opposite.
It means that the class ActiveMQConnectionFactory was found by the ClassLoader however when trying to load the class, it ran into an error reading the class definition.
This typically happens when the class in question has static blocks or members which use a Class that's not found by the ClassLoader.
So to find the culprit, view the source of the class in question (ActiveMQConnectionFactory in this case) and look for code using static blocks or static members.
If you don't have access the the source, then simply decompile it using JAD.
On examining the code, say you find a line of code like below, make sure that the class SomeClass in in your CLASSPATH.
private static SomeClass foo = new SomeClass();
Tip : To find out which jar a class belongs to, you can use the web site jarFinder. This allows you to specify a class name using wildcards and it searches for the class in its database of jars.
jarhoo allows you to do the same thing but its no longer free to use.
If you would like to locate the which jar a class belongs to in a local path, you can use a utility like jarscan. You just specify the class you'd like to locate and the root directory path where you'd like it to start searching for the class in jars and zip files.
I think the stacktrace presented above is concealing the real problem here. Below is the code in the method run within
org.eclipse.jface.dialogs.ProgressMonitorDialog (with a comment added by me):
public void run(boolean fork, boolean cancelable,
IRunnableWithProgress runnable) throws InvocationTargetException,
InterruptedException {
setCancelable(cancelable);
try {
aboutToRun();
// Let the progress monitor know if they need to update in UI Thread
progressMonitor.forked = fork;
ModalContext.run(runnable, fork, getProgressMonitor(), getShell()
.getDisplay());
} finally {
finishedRun(); // this is line 498
}
}
The second-from-bottom line in Jared's stacktrace is line 498 of this class, which is the call to finishedRun() within the finally block. I suspect that the real cause is an exception being thrown in the try block. Since the code in the finally block also throws an exception, the original exception is lost.
To get a better handle on if it is a class loader issue go through the code where it works and add:
try
{
final Class clazz;
final ClassLoader loader;
clazz = Class.forName("org/eclipse/jface/resource/FontRegistry");
loader = clazz.getClassLoader();
System.out.println("The classloader at step 1 is: " + loader);
}
catch(final Throwable ex)
{
ex.printStackTrace();
}
And then do the same thing where you are getting the NoClassDefFoundError and see if the class loaders are different.
Then you will be able to ensure that it is the ClassLoader that is different. Can you report back with what happens with this? Depending on what the result is I might have more ideas.
To add to the excellent TofuBeer's answer, since NoClassDefFoundError indicates that:
class org.eclipse.jface.resource.FontRegistry was found by the ClassLoader,
but can not been loaded without triggering an error, like having static blocks or members which use a Class that's not found by the ClassLoader.
Let's look at org.eclipse.jface.resource.FontRegistry source code:
It does not have any static variable initialization (nor does its superclasses).
Let's look at org.eclipse.jface.resource.JFaceResources source code
The getFontRegistry() function in which the Error is triggered is using the static variable fontRegistry:
/**
* The JFace font registry; <code>null</code> until lazily initialized or
* explicitly set.
*/
private static FontRegistry fontRegistry = null;
Thus, it begs raises the question: why a static initialized variable would suddenly be considered null again ?
Because somehow FontRegistry or JFaceResources get unloaded by the gc ?!
If a field is declared static, there exists exactly one incarnation of the field, no matter how many instances (possibly zero) of the class may eventually be created. A static field, sometimes called a class variable, is incarnated when the class is initialized (§12.4).
So it doesn't matter whether instances of the class exist at any time, the field will exist as long as the Class itself has been loaded.
If this were a eclipse Plugin, this could have been related to this FAQ entry
Here is a typical scenario for a new user:
You are writing a plug-in that extends plug-in XYZ.
To get it to compile, you add a reference to the JAR file for plug-in XYZ to your project’s build path either from the Java Build Path property page or by editing the .classpath file.
When you launch a runtime workbench, the following surprising error is reported: java.lang.NoClassDefFoundError: XYZ.SomeClass.
Do not start looking in the Plug-ins and Fragments tab in the launch configuration for the runtime workbench.
That tab influences only which plug-ins are used for your runtime workbench and whether they are loaded from the workspace or from the Eclipse install directory.
Instead, start looking in the plug-in manifest.
Edit the plugin.xml file and ensure that XYZ is mentioned as a required plug-in.
Then, save the plugin.xml file.
This will update the project’s build path automatically.
Never manually edit the .classpath file when you are writing a plug-in.
The plug-in Manifest Editor simply overwrites any changes you make to it. Not very civilized, but that is the way it works.
If you try to load the class FontRegistry on your own (like TofoBeer described), you will find out that classes of the following JAR are dependent classes if using FontRegistry.
org.eclipse.core.commands_xxxxx.jar
You must add this JAR to your build path.