find-sec-bugs
find-sec-bugs copied to clipboard
Published
20 hours ago •
find-sec-bugs
find-sec-bugs
SpringEntityLeakDetector crashes with Map
Environment
| Component | Version |
|---|---|
| Java | 1.8 |
| SpotBugs | 4.5.3.0+ |
| FindSecBugs | 1.12 |
Problem
Problem
SpringEntityLeakDetector does not seem to support the case when an argument is a Map:
java.lang.IllegalArgumentException: Invalid class name
java/lang/String;Ljava/util/List<Lcom/test/entity/HelloBean
At edu.umd.cs.findbugs.classfile.ClassDescriptor.<init>(ClassDescriptor.java:59)
At edu.umd.cs.findbugs.classfile.DescriptorFactory.getClassDescriptor(DescriptorFactory.java:128)
At edu.umd.cs.findbugs.AnalysisCacheToRepositoryAdapter.loadClass(AnalysisCacheToRepositoryAdapter.java:90)
At org.apache.bcel.Repository.lookupClass(Repository.java:65)
At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(SignatureParserWithGeneric.java:75)
At com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.getReturnClasses(SignatureParserWithGeneric.java:60)
At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.analyzeMethod(SpringEntityLeakDetector.java:112)
At com.h3xstream.findsecbugs.spring.SpringEntityLeakDetector.visitClassContext(SpringEntityLeakDetector.java:69)
Code
@Controller
public class SpringEntityLeakController {
@RequestMapping("/api1")
public HashMap<String, List<HelloBean>> getHelloBeans() {
HashMap<String, List<HelloBean>> map = new HashMap<>();
List<HelloBean> list = new ArrayList<>();
list.add(new HelloBean("1", "name1"));
list.add(new HelloBean("2", "name2"));
map.put("data", list);
return map;
}
}
class HelloBean {
String id;
String name;
public HelloBean(String id, String name) {
super();
this.id = id;
this.name = name;
}
}
