SAST Local scanner's binary engine fails with Java 21

  • Updated

Issue

When running Contrast's SAST local scanner on Fat Jar or War web archives the following error is encountered. 

java.lang.IllegalStateException: cyclic class hierarchy: java.lang.Object is a supertype of itself
at de.fraunhofer.iem.umbrella.jimple.calltarget.ChaCallTargetProvider.transitiveNonAbstractSubtypes(ChaCallTargetProvider.kt:101)
at de.fraunhofer.iem.umbrella.jimple.calltarget.ChaCallTargetProvider.transitiveNonAbstractSubtypes$transitiveSubtypes(ChaCallTargetProvider.kt:106)
at de.fraunhofer.iem.umbrella.jimple.calltarget.ChaCallTargetProvider.transitiveNonAbstractSubtypes(ChaCallTargetProvider.kt:108)
at de.fraunhofer.iem.umbrella.jimple.calltarget.ChaCallTargetProvider.<init>(ChaCallTargetProvider.kt:50)
at de.fraunhofer.iem.umbrella.jimple.JimplePool$callTargetProvider$2.invoke(JimplePool.kt:40)
at de.fraunhofer.iem.umbrella.jimple.JimplePool$callTargetProvider$2.invoke(JimplePool.kt:39)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at de.fraunhofer.iem.umbrella.jimple.JimplePool.getCallTargetProvider(JimplePool.kt:39)
at de.fraunhofer.iem.umbrella.java.jimpletosolver.JimpleMethodToSolverIr.transformInstanceInvocation(JimpleMethodToSolverIr.kt:229)
at de.fraunhofer.iem.umbrella.java.jimpletosolver.JimpleMethodToSolverIr.transformInvocation(JimpleMethodToSolverIr.kt:90)
at de.fraunhofer.iem.umbrella.java.jimpletosolver.JimpleMethodToSolverIr.transformStatement(JimpleMethodToSolverIr.kt:42)
at de.fraunhofer.iem.umbrella.java.jimpletosolver.JimpleMethodToSolverIr.transformMethod(JimpleMethodToSolverIr.kt:29)
at de.fraunhofer.iem.umbrella.java.BlackboxProvider.<init>(Blackbox.kt:49)
at de.fraunhofer.iem.umbrella.java.jimplepolicy.hardcoded.HardCodedPolicyProvider.<init>(HardCodedPolicyProvider.kt:21)
at de.fraunhofer.iem.umbrella.java.jimplepolicy.hardcoded.HardCodedPolicyProvider.<init>(HardCodedPolicyProvider.kt:19)
at de.fraunhofer.iem.umbrella.java.CommonProviderFactory.scanjavaFilePolicyProvider(CommonProviderFactory.kt:65)
at contrast.umbrella.cli.UmbrellaApp.scan(UmbrellaApp.java:91)
at contrast.umbrella.cli.UmbrellaApp.scan(UmbrellaApp.java:45)
at contrast.umbrella.cli.CliOptions.call(CliOptions.java:127)
at contrast.umbrella.cli.CliOptions.call(CliOptions.java:24)
at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
at picocli.CommandLine.access$1300(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
at picocli.CommandLine.execute(CommandLine.java:2078)
at contrast.umbrella.cli.UmbrellaJavaCli.main(UmbrellaJavaCli.java:13)

Cause

The exception is seen when the java binary scanner is run in an unsupported JVM version.   

Resolution

Java 11 & 17 are currently the only supported versions for the Jar/War java binary scanning engine. 

See our docs page here

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request