search

tonybaloney / pycharm-security

Finds security holes in your Python projects from PyCharm and GitHub
https://pycharm-security.readthedocs.io/en/latest/?badge=latest
MIT License
327 stars 21 forks source link

Version 1.28.0 not working. #434

Open folleymcklaukyn opened 1 year ago

folleymcklaukyn commented 1 year ago

Describe the bug After update to version 1.28.0 and restart I received an IDE internal error with the stacktrace below:

java.lang.LinkageError: loader constraint violation: when resolving method 'org.slf4j.ILoggerFactory org.slf4j.impl.StaticLoggerBinder.getLoggerFactory()' the class loader com.intellij.ide.plugins.cl.PluginClassLoader @401378b2 of the current class, org/slf4j/LoggerFactory, and the class loader com.intellij.util.lang.PathClassLoader @3930015a for the method's defining class, org/slf4j/impl/StaticLoggerBinder, have different Class objects for the type org/slf4j/ILoggerFactory used in the signature (org.slf4j.LoggerFactory is in unnamed module of loader com.intellij.ide.plugins.cl.PluginClassLoader @401378b2, parent loader 'bootstrap'; org.slf4j.impl.StaticLoggerBinder is in unnamed module of loader com.intellij.util.lang.PathClassLoader @3930015a)
    at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:423)
    at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
    at io.ktor.util.logging.KtorSimpleLoggerJvmKt.KtorSimpleLogger(KtorSimpleLoggerJvm.kt:10)
    at io.ktor.client.plugins.DefaultRequestKt.<clinit>(DefaultRequest.kt:13)
    at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:49)
    at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:42)
    at io.ktor.client.HttpClientKt.HttpClient(HttpClient.kt:41)
    at security.packaging.PypiChecker.load(PypiChecker.kt:42)
    at security.packaging.PypiChecker.getMatches(PypiChecker.kt:79)
    at security.packaging.PyPackageSecurityScan$collectPackages$tasks$1$1$1.invokeSuspend(PyPackageSecurityScan.kt:59)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.collectPackages(PyPackageSecurityScan.kt:56)
    at security.packaging.PyPackageSecurityScan.access$collectPackages(PyPackageSecurityScan.kt:18)
    at security.packaging.PyPackageSecurityScan$inspectLocalPackages$1.invokeSuspend(PyPackageSecurityScan.kt:75)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.inspectLocalPackages(PyPackageSecurityScan.kt:74)
    at security.packaging.PyPackageSecurityScan.checkPackagesInSdks(PyPackageSecurityScan.kt:48)
    at security.packaging.PyPackageSecurityScan.checkPackages(PyPackageSecurityScan.kt:34)
    at security.packaging.PythonPackageVulnerabilityStartupTask$runActivity$1.run(PythonPackageVulnerabilityStartupTask.kt:16)
    at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
    at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
    at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
    at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
    at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
    at java.base/java.lang.Thread.run(Thread.java:833)

induced.txt has the following stacktrace:

Following exceptions happened soon after this one, most probably they are induced.

2023-03-27T14:53:33.756
java.lang.NoClassDefFoundError: Could not initialize class io.ktor.client.plugins.DefaultRequestKt
    at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:49)
    at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:42)
    at io.ktor.client.HttpClientKt.HttpClient(HttpClient.kt:41)
    at security.packaging.PypiChecker.load(PypiChecker.kt:42)
    at security.packaging.PypiChecker.getMatches(PypiChecker.kt:79)
    at security.packaging.PyPackageSecurityScan$collectPackages$tasks$1$1$1.invokeSuspend(PyPackageSecurityScan.kt:59)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.collectPackages(PyPackageSecurityScan.kt:56)
    at security.packaging.PyPackageSecurityScan.access$collectPackages(PyPackageSecurityScan.kt:18)
    at security.packaging.PyPackageSecurityScan$inspectLocalPackages$1.invokeSuspend(PyPackageSecurityScan.kt:75)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.inspectLocalPackages(PyPackageSecurityScan.kt:74)
    at security.packaging.PyPackageSecurityScan.checkPackagesInSdks(PyPackageSecurityScan.kt:48)
    at security.packaging.PyPackageSecurityScan.checkPackages(PyPackageSecurityScan.kt:34)
    at security.packaging.PythonPackageVulnerabilityStartupTask$runActivity$1.run(PythonPackageVulnerabilityStartupTask.kt:16)
    at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
    at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
    at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
    at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
    at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
    at java.base/java.lang.Thread.run(Thread.java:833)

To Reproduce Code or Steps to reproduce the behavior:

  1. Update the plugin from 1.27.0 to 1.28.0
  2. Restart pycharm ide
  3. It will open a IDE internal error window with the stack trace.

Expected behavior Install the plugin, restart the IDE without any popup error.

Screenshots Screenshots of the error:

Captura de Tela 2023-03-27 às 15 18 39 Captura de Tela 2023-03-27 às 15 18 47

Additional context

folleymcklaukyn commented 1 year ago

A new information. I cannot rollback to 1.27.0 version.
After uninstall the last version, install 1.27.0 and restart the IDE, I got another popup error with the following stacktrace:

java.lang.NullPointerException: Cannot invoke "com.intellij.notification.NotificationGroup.createNotification(String, String, com.intellij.notification.NotificationType)" because "security.packaging.PyPackageSecurityScan.NOTIFICATION_GROUP" is null
    at security.packaging.PyPackageSecurityScan.showFoundIssueWarning(PyPackageSecurityScan.kt:122)
    at security.packaging.PyPackageSecurityScan.access$showFoundIssueWarning(PyPackageSecurityScan.kt:18)
    at security.packaging.PyPackageSecurityScan$inspectLocalPackages$1.invokeSuspend(PyPackageSecurityScan.kt:77)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.inspectLocalPackages(PyPackageSecurityScan.kt:74)
    at security.packaging.PyPackageSecurityScan.checkPackagesInSdks(PyPackageSecurityScan.kt:48)
    at security.packaging.PyPackageSecurityScan.checkPackages(PyPackageSecurityScan.kt:34)
    at security.packaging.PythonPackageVulnerabilityStartupTask$runActivity$1.run(PythonPackageVulnerabilityStartupTask.kt:16)
    at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
    at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
    at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
    at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
    at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
    at java.base/java.lang.Thread.run(Thread.java:833)
quantumpacket commented 1 year ago

I've been getting the same issue for a long time. It's particularly annoying because the error icon in the IDE blinks red and when I check it's always this same error and it happens continually throughout the coding session. Do note that the plugin is still working as intended, just this exception needs to be addressed.

@tonybaloney could we please get a fix for this? :)

tonybaloney commented 1 year ago

Have you got access to the latest PyCharm version? This error means the version of the logging module used is not compatible with the one in the JDK, which is specific to the PyCharm version.

The PyCharm plugin APIs change frequently, so I can't continue to maintain backward compatibility between releases

quantumpacket commented 1 year ago

I'm using the following according to the About menu. The PyCharm version is the latest.

PyCharm 2023.1.4 (Professional Edition) Build #PY-231.9225.15, built on July 11, 2023 Runtime version: 17.0.7+10-b829.16 amd64 VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.

tonybaloney commented 1 year ago

I'm using the following according to the About menu. The PyCharm version is the latest.

PyCharm 2023.1.4 (Professional Edition)

Build #PY-231.9225.15, built on July 11, 2023

Runtime version: 17.0.7+10-b829.16 amd64

VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.

Thanks. The error you’re reporting is unrelated to the one in the OP comment. I’m looking into it

quantumpacket commented 1 year ago

Thanks. The error you’re reporting is unrelated to the one in the OP comment. I’m looking into it

Oh, they appeared to be the same at first glance. Here is my stacktrace if it helps.

java.lang.NoClassDefFoundError: Could not initialize class io.ktor.client.plugins.DefaultRequestKt
    at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:49)
    at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:42)
    at io.ktor.client.HttpClientKt.HttpClient(HttpClient.kt:41)
    at security.packaging.PypiChecker.load(PypiChecker.kt:42)
    at security.packaging.PypiChecker.getMatches(PypiChecker.kt:79)
    at security.packaging.PyPackageSecurityScan$collectPackages$tasks$1$1$1.invokeSuspend(PyPackageSecurityScan.kt:59)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.collectPackages(PyPackageSecurityScan.kt:56)
    at security.packaging.PyPackageSecurityScan.access$collectPackages(PyPackageSecurityScan.kt:18)
    at security.packaging.PyPackageSecurityScan$inspectLocalPackages$1.invokeSuspend(PyPackageSecurityScan.kt:75)
    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
    at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
    at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
    at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
    at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
    at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
    at security.packaging.PyPackageSecurityScan.inspectLocalPackages(PyPackageSecurityScan.kt:74)
    at security.packaging.PyPackageSecurityScan.checkPackagesInSdks(PyPackageSecurityScan.kt:48)
    at security.packaging.PyPackageSecurityScan.checkPackages(PyPackageSecurityScan.kt:34)
    at security.packaging.PythonPackageVulnerabilityStartupTask$runActivity$1.run(PythonPackageVulnerabilityStartupTask.kt:16)
    at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
    at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
    at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
    at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
    at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
    at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
    at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
    at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
    at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
    at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.ExceptionInInitializerError: Exception java.lang.LinkageError: loader constraint violation: when resolving method 'org.slf4j.ILoggerFactory org.slf4j.impl.StaticLoggerBinder.getLoggerFactory()' the class loader com.intellij.ide.plugins.cl.PluginClassLoader @294e3522 of the current class, org/slf4j/LoggerFactory, and the class loader com.intellij.util.lang.PathClassLoader @763d9750 for the method's defining class, org/slf4j/impl/StaticLoggerBinder, have different Class objects for the type org/slf4j/ILoggerFactory used in the signature (org.slf4j.LoggerFactory is in unnamed module of loader com.intellij.ide.plugins.cl.PluginClassLoader @294e3522, parent loader 'bootstrap'; org.slf4j.impl.StaticLoggerBinder is in unnamed module of loader com.intellij.util.lang.PathClassLoader @763d9750) [in thread "ApplicationImpl pooled thread 361"]
    at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:423)
    at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
    at io.ktor.util.logging.KtorSimpleLoggerJvmKt.KtorSimpleLogger(KtorSimpleLoggerJvm.kt:10)
    at io.ktor.client.plugins.DefaultRequestKt.<clinit>(DefaultRequest.kt:13)
    ... 49 more
tonybaloney commented 1 year ago

Thanks. The error you’re reporting is unrelated to the one in the OP comment. I’m looking into it

Oh, they appeared to be the same at first glance. Here is my stacktrace if it helps.

java.lang.NoClassDefFoundError: Could not initialize class io.ktor.client.plugins.DefaultRequestKt
  at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:49)
  at security.packaging.PypiChecker$load$client$1.invoke(PypiChecker.kt:42)
  at io.ktor.client.HttpClientKt.HttpClient(HttpClient.kt:41)
  at security.packaging.PypiChecker.load(PypiChecker.kt:42)
  at security.packaging.PypiChecker.getMatches(PypiChecker.kt:79)
  at security.packaging.PyPackageSecurityScan$collectPackages$tasks$1$1$1.invokeSuspend(PyPackageSecurityScan.kt:59)
  at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
  at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
  at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
  at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
  at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
  at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
  at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
  at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
  at security.packaging.PyPackageSecurityScan.collectPackages(PyPackageSecurityScan.kt:56)
  at security.packaging.PyPackageSecurityScan.access$collectPackages(PyPackageSecurityScan.kt:18)
  at security.packaging.PyPackageSecurityScan$inspectLocalPackages$1.invokeSuspend(PyPackageSecurityScan.kt:75)
  at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
  at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
  at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284)
  at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85)
  at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59)
  at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source)
  at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38)
  at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source)
  at security.packaging.PyPackageSecurityScan.inspectLocalPackages(PyPackageSecurityScan.kt:74)
  at security.packaging.PyPackageSecurityScan.checkPackagesInSdks(PyPackageSecurityScan.kt:48)
  at security.packaging.PyPackageSecurityScan.checkPackages(PyPackageSecurityScan.kt:34)
  at security.packaging.PythonPackageVulnerabilityStartupTask$runActivity$1.run(PythonPackageVulnerabilityStartupTask.kt:16)
  at com.intellij.openapi.progress.impl.CoreProgressManager.startTask(CoreProgressManager.java:429)
  at com.intellij.openapi.progress.impl.ProgressManagerImpl.startTask(ProgressManagerImpl.java:114)
  at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcessWithProgressAsynchronously$6(CoreProgressManager.java:480)
  at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$3(ProgressRunner.java:252)
  at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
  at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
  at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
  at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
  at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
  at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
  at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
  at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(ProgressRunner.java:252)
  at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
  at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
  at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
  at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
  at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
  at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.ExceptionInInitializerError: Exception java.lang.LinkageError: loader constraint violation: when resolving method 'org.slf4j.ILoggerFactory org.slf4j.impl.StaticLoggerBinder.getLoggerFactory()' the class loader com.intellij.ide.plugins.cl.PluginClassLoader @294e3522 of the current class, org/slf4j/LoggerFactory, and the class loader com.intellij.util.lang.PathClassLoader @763d9750 for the method's defining class, org/slf4j/impl/StaticLoggerBinder, have different Class objects for the type org/slf4j/ILoggerFactory used in the signature (org.slf4j.LoggerFactory is in unnamed module of loader com.intellij.ide.plugins.cl.PluginClassLoader @294e3522, parent loader 'bootstrap'; org.slf4j.impl.StaticLoggerBinder is in unnamed module of loader com.intellij.util.lang.PathClassLoader @763d9750) [in thread "ApplicationImpl pooled thread 361"]
  at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:423)
  at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362)
  at io.ktor.util.logging.KtorSimpleLoggerJvmKt.KtorSimpleLogger(KtorSimpleLoggerJvm.kt:10)
  at io.ktor.client.plugins.DefaultRequestKt.<clinit>(DefaultRequest.kt:13)
  ... 49 more

Sorry I was getting confused with the other stack trace

java.lang.NullPointerException: Cannot invoke "com.intellij.notification.NotificationGroup.createNotification(String, String, com.intellij.notification.NotificationType)" because "security.packaging.PyPackageSecurityScan.NOTIFICATION_GROUP" is null

This one needs a separate fix.

Your trace looks similar in that it's a loader bug and there's a version conflict between the logging module that PyCharm has and the one installed by this plugin as a dependency.