-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
spotbugs report: broken links with inner classes #236
Comments
Thanks for opening your first issue here! 😃 |
Note: charcode of |
The maven-surefire's fix is related to doxia's usage. SpotBugs does not use doxia, but it could be a good reference. @davewichers could you tell me which stylesheet (.xsl) you applied? I used |
I'm not specifying any stylesheet. Just using the default plugin. I am using it with the FindSecBugs plugin if that matters at all. The pom with my configuration is here: https://github.com/kwwall/esapi-java-legacy/tree/misc-cleanup (in this branch). So you should be able to clone that, then run: mvn compile site -DskipTests to reproduce the error messages I'm seeing (there are like 5 of them), and then go to the SpotBugs report generated and see the broken HTML I described. |
I run |
@davewichers Is it possible you could see about getting a pull request that might fix this issue? I looked at the links but wasn't completely clear on what needed done here to correc this problem. |
I have no idea how to correct this. I just noticed the bug and describe what the correct output should be. I also noticed related discussions on the same problem in other tools, and @KengoTODA decided this issue belongs to this project rather than SpotBugs itself. Basically, there is a step missing somewhere where a String needs to be decoded before being included in the output, as an encoded value of .24 is being output rather than the original $ character. |
Hey - its been 8 months. Any progress on this? I happened to notice it again today :-) |
Please reconfirm on latest and if possible a PR. This has not been looked at outside of notes here.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Dave Wichers ***@***.***>
Sent: Sunday, April 3, 2022 4:11:24 PM
To: spotbugs/spotbugs-maven-plugin ***@***.***>
Cc: Jeremy Landis ***@***.***>; Comment ***@***.***>
Subject: Re: [spotbugs/spotbugs-maven-plugin] spotbugs report: broken links with inner classes (#236)
Hey - its been 8 months. Any progress on this? I happened to notice it again today :-)
—
Reply to this email directly, view it on GitHub<#236 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI2SSS3PL3V56OEV2Q3VDH3OZANCNFSM4OQ2PSQA>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Pull Request? For what? I don't know how to fix this issue. I can confirm I'm using: Spotbugs-maven-plugin 4.6.0.0 and I still have this problem. |
@davewichers Is this sill an issue? |
Yes - Unless you've fixed it. Do you think you fixed it? |
Hi @davewichers, likely not fixed, was just checking due to time lapse here. I'm more or less now ready to release. Will take another look at this to see if I can resolve before release. Thanks. |
@davewichers Resolved this. Issue was a bit different than original posted here in that the 24 still remains and is fine. The actual issue was that $ was removed line above it which prevented click. Using esapi from roughly point in time you reported this from commit b6f8808e, I was able to produce this data area using existing release. The latest esapi isn't running this report at all so that was reason to drop back to that point to see the warnings and resolve it.
Note line 1 there, its missing $ between SecurityConfiguration and Threshold. After applying same fix that surefire did and dealing with how groovy handles closures, I was able to get this result.
Note 24 still exists but the first line has $ now. That $ fix is all that surefire was doing. Now the click works for that one. |
[fix] Resolve inner classes broken links per #236
I believe this is basically the same issue another tool had as documented here: https://issues.apache.org/jira/browse/SUREFIRE-1443
In my project, I noticed warnings like:
[warn] [XHTML Sink] Modified invalid anchor name: 'org.owasp.esapi.SecurityConfiguration$Threshold' to 'org.owasp.esapi.SecurityConfigurationThreshold'
But when I looked in the generated spotbugs.html file, I noticed the error on this line that was generated:
<h3><a name="org.owasp.esapi.SecurityConfiguration.24Threshold"></a>org.owasp.esapi.SecurityConfiguration$Threshold</h3>
Notice the .24 instead of the $ in the value of the name property. If it generated this:
<h3><a name="org.owasp.esapi.SecurityConfiguration$Threshold"></a>org.owasp.esapi.SecurityConfiguration$Threshold</h3>
Then the link to the anchor tag works. To fix this I think you simply need to decode the full classname before putting it's value in the name property. Not sure if that would get rid of this warning message or if that is something else. But this seems to fix the bug in the .html.
I'm using the 4.0.4 version of the spotbugs-maven-plugin to generate the report.
The text was updated successfully, but these errors were encountered: