[7.6.0] NPE when loading the plugin

[ben-manes]

I tried upgrading from 7.4.7, but unfortunately it fails with the error below. This certainly could be my mistake. I verified in the gradle debug log that it has the new jar on the classpath for the project.

$ gradle caffeine:spotbugsMain -Dspotbugs
Configuration cache is an incubating feature.
Configuration on demand is an incubating feature.
Calculating task graph as no configuration cache is available for tasks: caffeine:spotbugsMain

> Task :caffeine:spotbugsMain FAILED
Exception in thread "main" java.lang.NullPointerException
        at edu.umd.cs.findbugs.PluginLoader.getPluginDescriptor(PluginLoader.java:1194)
        at edu.umd.cs.findbugs.PluginLoader.init(PluginLoader.java:737)
        at edu.umd.cs.findbugs.PluginLoader.<init>(PluginLoader.java:210)
        at edu.umd.cs.findbugs.PluginLoader.getPluginLoader(PluginLoader.java:1378)
        at edu.umd.cs.findbugs.Plugin.addCustomPlugin(Plugin.java:671)
        at edu.umd.cs.findbugs.Plugin.addCustomPlugin(Plugin.java:663)
        at edu.umd.cs.findbugs.Plugin.loadCustomPlugin(Plugin.java:655)
        at edu.umd.cs.findbugs.Plugin.loadCustomPlugin(Plugin.java:648)
        at edu.umd.cs.findbugs.FindBugsCommandLine.handleOptionWithArgument(FindBugsCommandLine.java:147)
        at edu.umd.cs.findbugs.TextUICommandLine.handleOptionWithArgument(TextUICommandLine.java:619)
        at edu.umd.cs.findbugs.config.CommandLine.parse(CommandLine.java:333)
        at edu.umd.cs.findbugs.config.CommandLine.parse(CommandLine.java:300)
        at edu.umd.cs.findbugs.FindBugs.processCommandLine(FindBugs.java:345)
        at edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1221)

[boris-petrov]

Same here. Also, a changelog of fixed/changed things would be nice. :)

[davidburstromspotify]

Same here. This is with the com.github.spotbugs:5.0.13 Gradle plugin.

[mebigfatguy]

Seems to work ok from the gui, and i have no idea about gradle, so if someone wants to fix it, i'll merge, otherwise....

[ben-manes]

Maybe @KengoTODA can help debug this? From the PluginLoader code, it seems to call the getPluginDescriptor() before the classLoader has been initialized. The failure seems to occur when it looks for and does not find findbugs.xml and is generating an exception message with the problematic resource url.

[ben-manes]

Ran it at command line with debug logging enabled,

sb747.log.txt sb760.log.txt

[ben-manes]

The issue is due to the transitive dependencies that were added by this plugin version (jakarta.xml.bind-api, jakarta.activation-api). The spotbugs-gradle-plugin instructs that external plugins should be added to the spotbugsPlugins configuration, which resolves to include your new dependencies (which should instead be on the classpath). Removing these at the command line succeeds, and therefore removing transitives from the maven resolution fixes the problem.

dependencies.create("com.mebigfatguy.sb-contrib:sb-contrib:${pluginVersions.spotbugsContrib}") {
  transitive = false
}

I presume those transitives are only needed if the application uses them too, so it could be provided scoped. Otherwise, the spotbugs-gradle-plugin should construct the classpath with the fully resolved dependency and the pluginList with transitives excluded. The spotbugs-maven-plugin appears to take an http url to the jar to avoid this problem.

[donalmurtagh]

@ben-manes thanks for investigating and posting the fix! In my case, the issue was fixed by making the following change in build.gradle

Before

dependencies {
    // other dependencies omitted
    spotbugsPlugins('com.mebigfatguy.sb-contrib:sb-contrib:7.6.0')
}

After

dependencies {
    // other dependencies omitted
    spotbugsPlugins('com.mebigfatguy.sb-contrib:sb-contrib:7.6.0') { transitive = false }
}

[Vampire]

The main question is, whether jakarta.xml.bind:jakarta.xml.bind-api should really be a dependency. If not, so if it should e.g. be provided like suggested above, this should be fixed here. Besides that, it is imho a bug in the spotbugs-gradle-plugin, that it gives the dependencies to the -pluginList option and not only the actual plugin jars. For that I opened an issue at spotbugs/spotbugs-gradle-plugin#910 and the underlying issue for the NullPointerException in SpotBugs is spotbugs/spotbugs#663.

[ben-manes]

Thanks @KengoTODA for fixing the gradle plugin. Closing as not strictly this plugin's responsibility, though I believe the newly added dependencies were unnecessary and should not have been added by that contributor.