Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test failure : Invalid VNA after location #192

Closed
h3xstream opened this issue May 25, 2016 · 2 comments
Closed

Test failure : Invalid VNA after location #192

h3xstream opened this issue May 25, 2016 · 2 comments
Labels
blocker bug
Milestone
version-1.4.6

Comments

@h3xstream
Copy link
Member

h3xstream commented May 25, 2016
edited
Loading

JstlOutDetectorWeblogicTest is failing. It seems to be related to the bytecode structure.

Tests run: 169, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 66.941 sec <<< FAILURE! - in TestSuite
jspEscape_weblogic(com.h3xstream.findsecbugs.jsp.JstlOutDetectorWeblogicTest)  Time elapsed: 0.503 sec  <<< FAILURE!
java.lang.AssertionError: Invalid VNA after location   97: aconst_null[1](1) in basic block 27 in jsp_servlet.__test._jsp__tag0(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.jsp.PageContext, javax.servlet.jsp.tagext.JspTag, javax.servlet.jsp.tagext.JspTag)
        at edu.umd.cs.findbugs.ba.npe.IsNullValueAnalysis.transferInstruction(IsNullValueAnalysis.java:360)
        at edu.umd.cs.findbugs.ba.npe.IsNullValueAnalysis.transferInstruction(IsNullValueAnalysis.java:72)
        at edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:135)
        at edu.umd.cs.findbugs.ba.npe.IsNullValueAnalysis.transfer(IsNullValueAnalysis.java:282)
        at edu.umd.cs.findbugs.ba.npe.IsNullValueAnalysis.transfer(IsNullValueAnalysis.java:72)
        at edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.getFactAtLocation(AbstractDataflowAnalysis.java:84)
        at edu.umd.cs.findbugs.ba.Dataflow.getFactAtLocation(Dataflow.java:501)
        at edu.umd.cs.findbugs.detect.LoadOfKnownNullValue.analyzeMethod(LoadOfKnownNullValue.java:129)
        at edu.umd.cs.findbugs.detect.LoadOfKnownNullValue.visitClassContext(LoadOfKnownNullValue.java:62)
        at edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
        at edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089)
        at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283)
        at com.h3xstream.findbugs.test.service.FindBugsLauncher.analyze(FindBugsLauncher.java:131)
        at com.h3xstream.findbugs.test.service.FindBugsLauncher.analyze(FindBugsLauncher.java:68)
        at com.h3xstream.findbugs.test.BaseDetectorTest.analyze(BaseDetectorTest.java:58)
        at com.h3xstream.findsecbugs.jsp.JstlOutDetectorWeblogicTest.jspEscape_weblogic(JstlOutDetectorWeblogicTest.java:43)


Results :

Failed tests:
  JstlOutDetectorWeblogicTest.jspEscape_weblogic:43->BaseDetectorTest.analyze:58 Invalid VNA after location   97: aconst_null[1](1) in basic block 27 in jsp_servlet.__test._jsp__tag0(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.jsp.PageContext, javax.servlet.jsp.tagext.JspTag, javax.servlet.jsp.tagext.JspTag)
@h3xstream h3xstream added the bug label May 25, 2016
@h3xstream h3xstream added this to the version-1.4.6 milestone May 25, 2016
@formanek
Copy link
Contributor

All tests are passing on my machine and even Travis CI is green for my recent pull request :)

h3xstream added a commit that referenced this issue May 25, 2016
@h3xstream
Temporarily disable unstable test with WebLogic bytecode #192
bd5314a 
New proposal for custom injection #172
@h3xstream h3xstream removed the blocker label May 26, 2016
h3xstream added a commit that referenced this issue May 31, 2016
@h3xstream
Fix invalid VNA after location #192
6827e92
@h3xstream
Copy link
Member Author

@formanek
It seems that the problem was cause by unsafe iteration in BadHexadecimalConversionDetector.
6827e92#diff-69602855c0071701d3989ac68f5c8fbfL78

I accidentally commit that change which was unrelated to the Custom Injection detector.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocker bug
Projects
None yet
Milestone
version-1.4.6
Development

No branches or pull requests
2 participants
@h3xstream @formanek