This is an automated email from the ASF dual-hosted git repository.
elharo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-dependency-analyzer.git
The following commit(s) were added to refs/heads/master by this push:
new 51af550 [MSHARED-1248] maven-dependency-analyzer should log instead
of failing (#89)
51af550 is described below
commit 51af550e753c4123008ff2f1c5686928e160bceb
Author: Gary Gregory <[email protected]>
AuthorDate: Sun Jun 25 08:50:27 2023 -0400
[MSHARED-1248] maven-dependency-analyzer should log instead of failing (#89)
* [MSHARED-1248] maven-dependency-analyzer should log instead of failing
when analyzing a corrupted jar file
---
pom.xml | 2 +
.../analyzer/asm/DependencyClassFileVisitor.java | 5 +-
.../analyzer/asm/ResultCollectorTest.java | 59 ++++++++++++++++++++-
.../analyzer/ossfuzz/issue51980/Test.class.clazz | Bin 0 -> 54 bytes
.../analyzer/ossfuzz/issue51989/Test.class.clazz | Bin 0 -> 88 bytes
.../analyzer/ossfuzz/issue52168/Test.class.clazz | Bin 0 -> 61 bytes
.../analyzer/ossfuzz/issue53543/Test.class.clazz | Bin 0 -> 57 bytes
.../analyzer/ossfuzz/issue53544a/Test.class.clazz | Bin 0 -> 49 bytes
.../analyzer/ossfuzz/issue53620/Test.class.clazz | Bin 0 -> 227530 bytes
.../analyzer/ossfuzz/issue53676/Test.class.clazz | Bin 0 -> 26 bytes
.../analyzer/ossfuzz/issue54119/Test.class.clazz | Bin 0 -> 24 bytes
.../analyzer/ossfuzz/issue54254/Test.class.clazz | Bin 0 -> 42 bytes
12 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 51490b7..7a900b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,6 +139,8 @@
<artifactId>apache-rat-plugin</artifactId>
<configuration>
<excludes combine.children="append">
+ <!-- Corrupted class files -->
+ <exclude>**/*.clazz</exclude>
<!-- binary class for unit test -->
<exclude>**/*.classx</exclude>
</excludes>
diff --git
a/src/main/java/org/apache/maven/shared/dependency/analyzer/asm/DependencyClassFileVisitor.java
b/src/main/java/org/apache/maven/shared/dependency/analyzer/asm/DependencyClassFileVisitor.java
index 292531e..8f70116 100644
---
a/src/main/java/org/apache/maven/shared/dependency/analyzer/asm/DependencyClassFileVisitor.java
+++
b/src/main/java/org/apache/maven/shared/dependency/analyzer/asm/DependencyClassFileVisitor.java
@@ -75,7 +75,10 @@ public class DependencyClassFileVisitor implements
ClassFileVisitor {
} catch (IndexOutOfBoundsException e) {
// some bug inside ASM causes an IOB exception. Log it and move on?
// this happens when the class isn't valid.
- logger.warn("Unable to process: " + className);
+ logger.warn("Unable to process: " + className, e);
+ } catch (IllegalArgumentException e) {
+ // [MSHARED-1248] should log instead of failing when analyzing a
corrupted jar file
+ logger.warn("Byte code of '" + className + "' is corrupt", e);
}
}
diff --git
a/src/test/java/org/apache/maven/shared/dependency/analyzer/asm/ResultCollectorTest.java
b/src/test/java/org/apache/maven/shared/dependency/analyzer/asm/ResultCollectorTest.java
index bcafd0e..2590bbc 100644
---
a/src/test/java/org/apache/maven/shared/dependency/analyzer/asm/ResultCollectorTest.java
+++
b/src/test/java/org/apache/maven/shared/dependency/analyzer/asm/ResultCollectorTest.java
@@ -33,6 +33,9 @@ import org.junit.jupiter.api.Test;
import static org.assertj.core.api.Assertions.assertThat;
class ResultCollectorTest {
+
+ private static String ROOT =
"src/test/resources/org/apache/maven/shared/dependency/analyzer";
+
Set<String> getDependencies(Class<?> inspectClass) throws IOException {
String className = inspectClass.getName();
String path = '/' + className.replace('.', '/') + ".class";
@@ -50,7 +53,61 @@ class ResultCollectorTest {
"src/test/resources/org/apache/maven/shared/dependency/analyzer/commons-bcel-issue362/Bcel362.classx");
DependencyClassFileVisitor visitor = new DependencyClassFileVisitor();
try (InputStream is = Files.newInputStream(path)) {
- visitor.visitClass(className, is);
+ visitor.visitClass("issue362.Bcel362", is);
+ }
+ }
+
+ @Test
+ public void testOssFuzz51980() throws IOException {
+ // Add a non-"class" suffix so that surefire does not try to read the
file and fail the build
+ visitClass(ROOT + "/ossfuzz/issue51980/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz51989() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue51989/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz52168() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue52168/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz53543() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue53543/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz53544a() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue53544a/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz53620() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue53620/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz53676() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue53676/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz54199() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue54119/Test.class.clazz");
+ }
+
+ @Test
+ public void testOssFuzz54254() throws IOException {
+ visitClass(ROOT + "/ossfuzz/issue54254/Test.class.clazz");
+ }
+
+ private void visitClass(String location) throws IOException {
+ Path path = Paths.get(location);
+ DependencyClassFileVisitor visitor = new DependencyClassFileVisitor();
+ try (InputStream is = Files.newInputStream(path)) {
+ visitor.visitClass("Test", is);
}
}
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51980/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51980/Test.class.clazz
new file mode 100644
index 0000000..314e094
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51980/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51989/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51989/Test.class.clazz
new file mode 100644
index 0000000..cce2039
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue51989/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue52168/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue52168/Test.class.clazz
new file mode 100644
index 0000000..e92207b
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue52168/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53543/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53543/Test.class.clazz
new file mode 100644
index 0000000..808e337
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53543/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53544a/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53544a/Test.class.clazz
new file mode 100644
index 0000000..5fbdd67
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53544a/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53620/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53620/Test.class.clazz
new file mode 100644
index 0000000..e263fcd
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53620/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53676/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53676/Test.class.clazz
new file mode 100644
index 0000000..c0ca857
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue53676/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54119/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54119/Test.class.clazz
new file mode 100644
index 0000000..4b405c3
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54119/Test.class.clazz
differ
diff --git
a/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54254/Test.class.clazz
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54254/Test.class.clazz
new file mode 100644
index 0000000..275741e
Binary files /dev/null and
b/src/test/resources/org/apache/maven/shared/dependency/analyzer/ossfuzz/issue54254/Test.class.clazz
differ
