Encountering several errors related to the FindBugs plugin while running a build on Bamboo.

[TherenceMashego]

bamboo...sonar.txt

Issue Description

Environment

Component	Version
SonarQube	?????
Sonar-FindBugs	?????
Maven	?????
Gradle	?????
Java	?????

Code (If needed)

public class BugSample1 {
  public static void hello(String message) {
       
    //Something
    Runnable r = () -> System.out.println(message);
   
    r.run();
  }
}

[gtoison]

Thank you for reporting the issue and sharing the log
Could you please check what version of the plugin you're using? We would also need some way to reproduce the problem, for instance sharing the sources causing the issue

[TherenceMashego]

We are using version 4.2.6

[gtoison]

Thank you for the version, so you're pretty much on the latest which is good
Was it working before? (and then what was updated to get this error?)

Basically it will be impossible to diagnose the problem without the compiled .class files causing the crash, so for instance the com.sbg.mobile.android.platform.moremenu.termsandconditionsplugins.OSTTermsAndConditionsPluginCreator.class or com.sbg.mobile.android.platform.moremenu.termsandconditionsplugins.WebTraderTermsAndConditionsCreator files.
It would be great if you could share these files, or better yet a simple project reproducing the problem

[TherenceMashego]

Yes it was working on SonarQube 9.5 but since we updated the plugin to a later version(SonarQube 9.9) it's giving us errors.

[gtoison]

The SonarQube version shouldn't matter too much, but I guess you also updated the sonar-findbugs plugin at the same time?
Basically the analysis is running in your build, and then the results are shipped to the SonarQube server, so you'd have the same error if you were running SonarQube 9.5
Would you know what version of the plugin you were running previously?

In any case the code where it's crashing is fairly complex and was written a long time ago. It will be very hard to understand the problem without a way to reproduce the same. We would need for instance a sample .class file to look into it

[TherenceMashego]

We were running Version 4.0.4

[gtoison]

Ok, so that version of the plugin was using SpotBugs 4.4.0 (release in 2021) while the newer version you're using is SpotBugs 4.8.2

Do you think you can share a sample .class file reproducing the problem?

[TherenceMashego]

Hi please see the logs: https://tools.standardbank.co.za/bamboo/download/SMAAVCIS-SAP-JOB1/build_logs/SMAAVCIS-SAP-JOB1-2852.log

SMAAVCIS-SAP-JOB1-2852.log.txt

[gtoison]

Thank you for the log file but what I need to look into this is the compiled .class file triggering the problem. The sources are compiled into .class files and then SpotBugs analyses these .class files
The logs only tell me which classes caused the problems:

• com.sbg.mobile.android.platform.moremenu.termsandconditionsplugins.OSTTermsAndConditionsPluginCreator
• com.sbg.mobile.android.platform.moremenu.termsandconditionsplugins.WebTraderTermsAndConditionsCreator
• com.sbg.mobile.android.platform.settings.termsandconditions.TermsAndConditionsViewModel

Without these .class files I cannot look into the issue

[TherenceMashego]

Alright I will reach out to the user for the complied .class files.

[TherenceMashego]

Hi, I've reached out to the user and unfortunately the .class file cannot be shared at the moment.

[gtoison]

Thanks, is this the same issue as the separately reported spotbugs/spotbugs#2861?

Would it be possible to have some kind of anonymized version of the code for the problematic methods?
The analysis is crashing on:

• com.sbg.mobile.android.platform.moremenu.termsandconditionsplugins.OSTTermsAndConditionsPluginCreator.hasSystemPrincipalKey(Ljava/util/List;Lcom/sbg/model/framework/profile/enterprise/SystemPrincipalKey;)Z
• com.sbg.mobile.android.platform.moremenu.termsandconditionsplugins.WebTraderTermsAndConditionsCreator.hasSystemPrincipalKey(Ljava/util/List;Lcom/sbg/model/framework/profile/enterprise/SystemPrincipalKey;)Z
• com.sbg.mobile.android.platform.settings.termsandconditions.TermsAndConditionsViewModel.isTileInProfile(Lcom/sbg/model/framework/profile/enterprise/SystemPrincipalKey;)Z

There might be something unusal with the SystemPrincipalKey too since it seems to be used in the three methods

[TherenceMashego]

Yes, it is the same issue. The user is still discussing with their team on sharing the code. Is there anything else that we should be looking at for now?

[gtoison]

Some of the issues we've seen recently:

• Different compilers produce different bytecode so it might be relevant to know the exact compiler (and version) you're using
• Some build tools might be modifying the bytecode after compilation, for instance jacoco or Hibernate's enhancer. This might also be relevant to the problem
• Some build tools also update the bytecode depending on the java version

I don't know how an Android build typically works but anything producing (or modifying) the bytecode (i.e. the content of the .class files) might be doing something that SpotBugs is not handling properly.

Maybe what you can do would be to create a sample with something that also causes the error (but something you can share)

[TherenceMashego]

Good day, we have asked some of our users to test for us and if we still get the same issue we will share the file with you.