Missing files from ASM library

[YaroslavRenhevych]

Please copy package org.objectweb.asm.tree into aspectjweaver or remove classes aj.org.objectweb.asm.commons.TryCatchBlockSorter and aj.org.objectweb.asm.commons.JSRInlinerAdapter that import classes from aj.org.objectweb.asm.tree because Veracode scanner determines these imports from aj.org.objectweb.asm.tree. as the issue Missing Supporting Files

[kriegaex]

Thanks for your inquiry. Please, next time describe the issue a bit better to save me some effort for digging into it. Do not just throw something over the fence.

From AspectJ's perspective, those classes from asm-tree are unused and do not cause any issues. Technically, asm-commons has a dependency on asm-tree, which is why your tool reported it. I have yet to think about whether I really want to shade more classes into AspectJ artifacts, bloating them without any immediate benefit, just to satisfy a reporting tool. For now, I recommend to exclude those classes from being reported. If AspectJ ever uses those tool classes, we can still add them.

[YaroslavRenhevych]

Hi @kriegaex Sorry if I didn't make it clear. Can we then remove from AspectJ classes that reference to asm-tree?

[kriegaex]

No, I want to avoid unnecessarily complex configuration for shaded dependencies. Furthermore, removal might have to be recursive, if the removed classes are also referenced by others.