java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL
gtjarks opened this issue · 6 comments
gtjarks commented
Issue Description
If the Sonarqube rule: findsecbugs:XXE_VALIDATOR is active, a project results in Error: missing bug code for keySECXXEVAL
Environment
| Component | Version |
|---|---|
| SonarQube | Community Edition Version 9.9.4 (build 87374) |
| Sonar-FindBugs | v4.2.8 |
| Maven | 3.9.6 |
| Gradle | - |
| Java | 17 |
Stacktrace:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594:sonar (default-cli) on project eumw: Can not execute Findbugs: java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594:sonar (default-cli) on project eumw: Can not execute Findbugs
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:333)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.apache.maven.plugin.MojoExecutionException: Can not execute Findbugs
at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:66)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:108)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: java.lang.IllegalStateException: Can not execute Findbugs
at org.sonar.plugins.findbugs.FindbugsExecutor.execute (FindbugsExecutor.java:191)
at org.sonar.plugins.findbugs.FindbugsSensor.execute (FindbugsSensor.java:132)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse (AbstractSensorWrapper.java:64)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute (ModuleSensorsExecutor.java:88)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1 (ModuleSensorsExecutor.java:61)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy (ModuleSensorsExecutor.java:79)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute (ModuleSensorsExecutor.java:61)
at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart (SpringModuleScanContainer.java:82)
at org.sonar.core.platform.SpringComponentContainer.startComponents (SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute (SpringComponentContainer.java:167)
at org.sonar.scanner.scan.SpringProjectScanContainer.scan (SpringProjectScanContainer.java:403)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively (SpringProjectScanContainer.java:399)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively (SpringProjectScanContainer.java:396)
at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart (SpringProjectScanContainer.java:368)
at org.sonar.core.platform.SpringComponentContainer.startComponents (SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute (SpringComponentContainer.java:167)
at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart (SpringGlobalContainer.java:137)
at org.sonar.core.platform.SpringComponentContainer.startComponents (SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute (SpringComponentContainer.java:167)
at org.sonar.batch.bootstrapper.Batch.doExecute (Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy28.execute (Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:138)
at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:64)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:108)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: java.util.concurrent.ExecutionException: java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL
at java.util.concurrent.FutureTask.report (FutureTask.java:122)
at java.util.concurrent.FutureTask.get (FutureTask.java:205)
at org.sonar.plugins.findbugs.FindbugsExecutor.execute (FindbugsExecutor.java:182)
at org.sonar.plugins.findbugs.FindbugsSensor.execute (FindbugsSensor.java:132)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse (AbstractSensorWrapper.java:64)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute (ModuleSensorsExecutor.java:88)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1 (ModuleSensorsExecutor.java:61)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy (ModuleSensorsExecutor.java:79)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute (ModuleSensorsExecutor.java:61)
at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart (SpringModuleScanContainer.java:82)
at org.sonar.core.platform.SpringComponentContainer.startComponents (SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute (SpringComponentContainer.java:167)
at org.sonar.scanner.scan.SpringProjectScanContainer.scan (SpringProjectScanContainer.java:403)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively (SpringProjectScanContainer.java:399)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively (SpringProjectScanContainer.java:396)
at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart (SpringProjectScanContainer.java:368)
at org.sonar.core.platform.SpringComponentContainer.startComponents (SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute (SpringComponentContainer.java:167)
at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart (SpringGlobalContainer.java:137)
at org.sonar.core.platform.SpringComponentContainer.startComponents (SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute (SpringComponentContainer.java:167)
at org.sonar.batch.bootstrapper.Batch.doExecute (Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy28.execute (Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:138)
at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:64)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:108)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL
at edu.umd.cs.findbugs.DetectorFactoryCollection.getBugCode (DetectorFactoryCollection.java:509)
at edu.umd.cs.findbugs.SortedBugCollection.writeBugCodes (SortedBugCollection.java:673)
at edu.umd.cs.findbugs.SortedBugCollection.writeEpilogue (SortedBugCollection.java:579)
at edu.umd.cs.findbugs.SortedBugCollection.writeXML (SortedBugCollection.java:558)
at edu.umd.cs.findbugs.SortedBugCollection.writeXML (SortedBugCollection.java:467)
at edu.umd.cs.findbugs.XMLBugReporter.finish (XMLBugReporter.java:47)
at edu.umd.cs.findbugs.DelegatingBugReporter.finish (DelegatingBugReporter.java:89)
at edu.umd.cs.findbugs.DelegatingBugReporter.finish (DelegatingBugReporter.java:89)
at edu.umd.cs.findbugs.DelegatingBugReporter.finish (DelegatingBugReporter.java:89)
at edu.umd.cs.findbugs.FindBugs2.analyzeApplication (FindBugs2.java:1165)
at edu.umd.cs.findbugs.FindBugs2.execute (FindBugs2.java:309)
at org.sonar.plugins.findbugs.FindbugsExecutor$FindbugsTask.call (FindbugsExecutor.java:236)
at java.util.concurrent.FutureTask.run (FutureTask.java:264)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
gtoison commented
Thank you for reporting this, I think this is due to a new bug detector introduced in find-sec-bugs/find-sec-bugs#728
The problem should be fixed by find-sec-bugs/find-sec-bugs#728 once released.
In the meantime you might have an XML validator susceptible to XXE in your code. I think that fixing this (see https://openjdk.org/jeps/185) would solve the problem because the error happens when trying to report the bug