Skip to content

Commit

Permalink
[MSHARED-1248] maven-dependency-analyzer should log instead of failing (
Browse files Browse the repository at this point in the history 
#89)

* [MSHARED-1248] maven-dependency-analyzer should log instead of failing
when analyzing a corrupted jar file
  • Loading branch information
@garydgregory
garydgregory authored Jun 25, 2023
1 parent 717e59f commit 51af550
Show file tree
Hide file tree
Showing 12 changed files with 64 additions and 2 deletions.
2 changes: 2 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,8 @@
<artifactId>apache-rat-plugin</artifactId>
<configuration>
<excludes combine.children="append">
<!-- Corrupted class files -->
<exclude>**/*.clazz</exclude>
<!-- binary class for unit test -->
<exclude>**/*.classx</exclude>
</excludes>
Expand Down
5 changes: 4 additions & 1 deletion ...main/java/org/apache/maven/shared/dependency/analyzer/asm/DependencyClassFileVisitor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,10 @@ public void visitClass(String className, InputStream in) {
} catch (IndexOutOfBoundsException e) {
// some bug inside ASM causes an IOB exception. Log it and move on?
// this happens when the class isn't valid.
logger.warn("Unable to process: " + className);
logger.warn("Unable to process: " + className, e);
} catch (IllegalArgumentException e) {
// [MSHARED-1248] should log instead of failing when analyzing a corrupted jar file
logger.warn("Byte code of '" + className + "' is corrupt", e);
}
}

Expand Down
59 changes: 58 additions & 1 deletion src/test/java/org/apache/maven/shared/dependency/analyzer/asm/ResultCollectorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@
import static org.assertj.core.api.Assertions.assertThat;

class ResultCollectorTest {

private static String ROOT = "src/test/resources/org/apache/maven/shared/dependency/analyzer";

Set<String> getDependencies(Class<?> inspectClass) throws IOException {
String className = inspectClass.getName();
String path = '/' + className.replace('.', '/') + ".class";
Expand All @@ -50,7 +53,61 @@ void testJava11Invoke() throws IOException {
"src/test/resources/org/apache/maven/shared/dependency/analyzer/commons-bcel-issue362/Bcel362.classx");
DependencyClassFileVisitor visitor = new DependencyClassFileVisitor();
try (InputStream is = Files.newInputStream(path)) {
visitor.visitClass(className, is);
visitor.visitClass("issue362.Bcel362", is);
}
}

@Test
public void testOssFuzz51980() throws IOException {
// Add a non-"class" suffix so that surefire does not try to read the file and fail the build
visitClass(ROOT + "/ossfuzz/issue51980/Test.class.clazz");
}

@Test
public void testOssFuzz51989() throws IOException {
visitClass(ROOT + "/ossfuzz/issue51989/Test.class.clazz");
}

@Test
public void testOssFuzz52168() throws IOException {
visitClass(ROOT + "/ossfuzz/issue52168/Test.class.clazz");
}

@Test
public void testOssFuzz53543() throws IOException {
visitClass(ROOT + "/ossfuzz/issue53543/Test.class.clazz");
}

@Test
public void testOssFuzz53544a() throws IOException {
visitClass(ROOT + "/ossfuzz/issue53544a/Test.class.clazz");
}

@Test
public void testOssFuzz53620() throws IOException {
visitClass(ROOT + "/ossfuzz/issue53620/Test.class.clazz");
}

@Test
public void testOssFuzz53676() throws IOException {
visitClass(ROOT + "/ossfuzz/issue53676/Test.class.clazz");
}

@Test
public void testOssFuzz54199() throws IOException {
visitClass(ROOT + "/ossfuzz/issue54119/Test.class.clazz");
}

@Test
public void testOssFuzz54254() throws IOException {
visitClass(ROOT + "/ossfuzz/issue54254/Test.class.clazz");
}

private void visitClass(String location) throws IOException {
Path path = Paths.get(location);
DependencyClassFileVisitor visitor = new DependencyClassFileVisitor();
try (InputStream is = Files.newInputStream(path)) {
visitor.visitClass("Test", is);
}
}

Expand Down
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51980/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51989/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue52168/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53543/Test.class.clazz
View file
Binary file not shown.
Binary file added ...esources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53544a/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53620/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53676/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54119/Test.class.clazz
View file
Binary file not shown.
Binary file added ...resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54254/Test.class.clazz
View file
Binary file not shown.

0 comments on commit 51af550

Please sign in to comment.