S2070 (DeprecatedHashAlgorithmCheck) - Sonar-Java 3.5 - NPE at JavaPropertiesHelper.retrievedPropertyDefaultValue

39 views
Skip to first unread message

dfl...@objectif-informatique.fr

unread,
Aug 31, 2015, 8:52:59 AM8/31/15
to SonarQube
Hi,

With Sonar-Java 3.5, we got an NullPointerException at org.sonar.java.checks.helpers.JavaPropertiesHelper.retrievedPropertyDefaultValue when SonarQube analyze the following code and the classes are compiled :

Class A {
    public static final String ALG_SHA1 = "SHA1";
}

Class B extends A {
    void myMethod() {
        MessageDigest md = null;
        md = MessageDigest.getInstance(ALG_SHA1);
    }
}

StackTrace :
org.sonar.squidbridge.api.AnalysisException: SonarQube is unable to analyze file : '***.java'
    at org.sonar.java.ast.JavaAstScanner.simpleScan(JavaAstScanner.java:102)
    at org.sonar.java.ast.JavaAstScanner.scan(JavaAstScanner.java:75)
    at org.sonar.java.ast.JavaAstScanner.scanSingleFile(JavaAstScanner.java:140)
    at org.sonar.java.siop.checks.verifier.JavaCheckVerifier.scanFile(JavaCheckVerifier.java:87)
    at org.sonar.java.siop.checks.verifier.JavaCheckVerifier.verifyNoIssue(JavaCheckVerifier.java:74)
    at org.sonar.java.siop.checks.DeprecatedHashAlgorithmCheckTest.detected2(DeprecatedHashAlgorithmCheckTest.java:26)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
    at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
    at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:67)
Caused by: java.lang.NullPointerException
    at org.sonar.java.checks.helpers.JavaPropertiesHelper.retrievedPropertyDefaultValue(JavaPropertiesHelper.java:57)
    at org.sonar.java.checks.helpers.JavaPropertiesHelper.retrievedPropertyDefaultValue(JavaPropertiesHelper.java:46)
    at org.sonar.java.checks.DeprecatedHashAlgorithmCheck.algorithm(DeprecatedHashAlgorithmCheck.java:128)
    at org.sonar.java.checks.DeprecatedHashAlgorithmCheck.onMethodInvocationFound(DeprecatedHashAlgorithmCheck.java:105)
    at org.sonar.java.checks.methods.AbstractMethodDetection.checkInvocation(AbstractMethodDetection.java:52)
    at org.sonar.java.checks.methods.AbstractMethodDetection.visitNode(AbstractMethodDetection.java:43)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visit(SubscriptionVisitor.java:89)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visitChildren(SubscriptionVisitor.java:115)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visit(SubscriptionVisitor.java:91)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visitChildren(SubscriptionVisitor.java:115)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visit(SubscriptionVisitor.java:91)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visitChildren(SubscriptionVisitor.java:115)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visit(SubscriptionVisitor.java:91)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visitChildren(SubscriptionVisitor.java:115)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visit(SubscriptionVisitor.java:91)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visitChildren(SubscriptionVisitor.java:115)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.visit(SubscriptionVisitor.java:91)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.scanTree(SubscriptionVisitor.java:72)
    at org.sonar.java.ast.visitors.SubscriptionVisitor.scanFile(SubscriptionVisitor.java:65)
    at org.sonar.java.checks.SubscriptionBaseVisitor.scanFile(SubscriptionBaseVisitor.java:33)
    at org.sonar.java.model.VisitorsBridge.visitFile(VisitorsBridge.java:123)
    at org.sonar.java.ast.JavaAstScanner.simpleScan(JavaAstScanner.java:94)
    ... 26 more


For information, with the following classes

Class A {
    public static final String ALG_SHA1 = "SHA1";
}

Class B1 {

    void myMethod() {
        MessageDigest md = null;
        md = MessageDigest.getInstance(A.ALG_SHA1);
    }
}

Class B2 {
    public static String ALG_SHA1 = "SHA1";

    void myMethod() {
        MessageDigest md = null;
        md = MessageDigest.getInstance(ALG_SHA1);
    }
}

We got false-negatives but no NPE. The analysis completed successfully.


Regards,

Denis

Nicolas Peru

unread,
Aug 31, 2015, 9:17:37 AM8/31/15
to dfl...@objectif-informatique.fr, SonarQube
Hi Denis, 

Thanks for the feedback, this is indeed a bug in the JavaPropertiesHelper : https://jira.sonarsource.com/browse/SONARJAVA-1247 

Cheers, 

Nicolas PERU | SonarSource
Senior Developer
http://sonarsource.com


--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/f74ded89-c86e-40bd-b75c-54136a310bd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages