Highlighted
Super Contributor.. eelgheez Super Contributor..
Super Contributor..
1198 views

Fortify 19.1.1 MacOS stalls with a @NotNull on an enum member

 

The following small piece of Java code appears to stall the translator of Fortify 19.1.0 and 19.1.1 on MacOS.  Attaching the source code and the debug log.  Comparing with the debug support log of the 18.20 translation shows a use of a "JavaJDT" JavaFrontEnd in versions 19.1.x.

- logger:com.fortify.sca.frontend.JavaFrontEnd marker:USER thread:sourceanalyzer-11
+ logger:com.fortify.sca.frontend.javaJDT.JavaFrontEnd marker:USER thread:sourceanalyzer-11

The stall occurs at a spot in the log where version 18.20 JavaFrontEnd would output "Resolution stage 1.1".

 

// Person.java
package foo;

import javax.validation.constraints.NotNull;

public class Person {

    @NotNull
    public Person.Gender gender;

    public enum Gender {
        M, F
    }
}

 

 

 

 

$ javac -version
javac 1.8.0_191

$ javac -cp ${HOME}/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar Person.java

$ /Applications/Fortify/Fortify_SCA_and_Apps_19.1.1/bin/sourceanalyzer -cp ${HOME}/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar -verbose -logfile Person-fortify.log Person.java
Fortify Static Code Analyzer 19.1.1.0010 (using JRE 1.8.0_181)
[warning]: Assuming Java source level to be 1.8 as it was not specified. Note that the default value may change in future versions.
Processing /Users/latypil/MVA-Web-API/Person.java
^C

$ cat Person-fortify.log
[2019-06-07 00:20:46.653 WARN  12003]
Assuming Java source level to be 1.8 as it was not specified. Note that the default value may change in future versions.
[2019-06-07 00:20:46.655 INFO  1450]
Processing /Users/latypil/fortify-bug/Person.java

$ cat Person-fortify_FortifySupport.log
[2019-06-07 00:20:45.943 INFO  ]
loggerConfig:
   level:INFO
   filename:Person-fortify.log
   appendLogFile:true
   installLoggingPrintStreams:true

   logger:com.fortify.logging.log4j2.LoggerFactory marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=NONE} NDC:[]
[2019-06-07 00:20:46.024 INFO  ]
message suppression file not found /Applications/Fortify/Fortify_SCA_and_Apps_19.1.1/Core/config/suppressions.json
   logger:com.fortify.messaging.MessageSuppressor marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=NONE} NDC:[]
[2019-06-07 00:20:46.026 INFO  ]
0 suppressions loaded
   logger:com.fortify.sca.cmd.CommandLine marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=NONE} NDC:[]
[2019-06-07 00:20:46.026 INFO  ]
message level adjustment file not found: /Applications/Fortify/Fortify_SCA_and_Apps_19.1.1/Core/config/levels.json
   logger:com.fortify.logging.log4j2.LevelAdjuster marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=NONE} NDC:[]
[2019-06-07 00:20:46.027 INFO  ]
0 level adjustments loaded
   logger:com.fortify.sca.cmd.CommandLine marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=NONE} NDC:[]
[2019-06-07 00:20:46.053 INFO  ]
Fortify Static Code Analyzer 19.1.1.0010 (using JRE 1.8.0_181)
   logger:com.fortify.sca.Main marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=INFO_VERBOSE, stdout=true} NDC:[]
[2019-06-07 00:20:46.055 INFO  ]
Args:
["-cp", "/Users/latypil/.m2/repository/javax/validation/validation-api/2.0.1.Final/validation-api-2.0.1.Final.jar", "-verbose", "-logfile", "Person-fortify.log", "Person.java"]
   logger:com.fortify.sca.Main marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=LOG_STATUS} NDC:[]
[2019-06-07 00:20:46.055 INFO  ]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=3000 -Xmx15032385536 -Xss16M"
   logger:com.fortify.sca.Main marker:DEV thread:sourceanalyzer-11
   MDC:{msgId=-1, severity=LOG_STATUS} NDC:[]
[2019-06-07 00:20:46.653 WARN  12003]
Assuming Java source level to be 1.8 as it was not specified. Note that the default value may change in future versions.
   logger:com.fortify.sca.frontend.javaJDT.JavaFrontEnd marker:USER thread:sourceanalyzer-11
   MDC:{frontend=JavaFrontEnd, msgId=12003, prefix=[warning]: , severity=WARNING, stderr=true, step=SRC_PARSE} NDC:[]
[2019-06-07 00:20:46.654 INFO  ]
Translating 1 java files
   logger:com.fortify.sca.frontend.javaJDT.JavaFrontEnd marker:DEV thread:sourceanalyzer-11
   MDC:{frontend=JavaFrontEnd, msgId=-1, prefix=[warning]: , severity=LOG_STATUS, step=SRC_PARSE} NDC:[]
[2019-06-07 00:20:46.655 INFO  1450]
Processing /Users/latypil/fortify-bug/Person.java
   logger:com.fortify.sca.frontend.javaJDT.JavaFrontEnd marker:USER thread:sourceanalyzer-11
   MDC:{frontend=JavaFrontEnd, msgId=1450, pass=Processing, prefix=[warning]: , severity=INFO_VERBOSE, sourceInfo=Person.java, stdout=true, step=SRC_PARSE} NDC:[]

 

 

0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Fortify 19.1.1 MacOS stalls with a @NotNull on an enum member

@eelgheez if you have entitlement for support, please open a ticket for further investigation as this may need to be sent to development for further analysis.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.