TraitErrors on BeanDefinitionMethodGeneratorTests with XML parser XXE vulnerability

[timtebeek]

Problem

Describe the issue you are experiencing.

Expected behavior

Describe what you expected to see.

Example diff

From: spring-beans/src/test/java/org/springframework/beans/factory/aot/BeanDefinitionMethodGeneratorTests.java

  				Collections.emptyList());
MethodReference method = generator.generateBeanDefinitionMethod(
this.generationContext, this.beanRegistrationsCode);
-		compile(method, (actual, compiled) -> {
+		compile(method, (actual, {{80000000-0000-03c6-0000-000000000000}}compiled{{80000000-0000-03c6-0000-000000000000}}) -> {
SourceFile sourceFile = compiled.getSourceFile(".*BeanDefinitions");
assertThat(sourceFile).contains("Get the bean definition for 'testBean'");
assertThat(sourceFile).contains("new RootBeanDefinition(TestBean.class)");

Recipes in example diff:

• org.openrewrite.java.security.XmlParserXXEVulnerability

Error messages:

org.openrewrite.analysis.trait.util.TraitErrorsException: TraitErrors: 
- Method must be created from class org.openrewrite.java.tree.J$MethodDeclaration but was class org.openrewrite.java.tree.J$Lambda
- No parent Method found
- Field must be declared in a class, interface, or anonymous class
org.openrewrite.analysis.trait.util.TraitErrors.doThrow(TraitErrors.java:43)
fj.data.Either$RightProjection.on(Either.java:531)
fj.data.Validation.on(Validation.java:146)
org.openrewrite.analysis.trait.expr.VarAccessBase$1.visitVariable(VarAccess.java:187)
org.openrewrite.analysis.trait.expr.VarAccessBase$1.visitVariable(VarAccess.java:175)
org.openrewrite.java.tree.J$VariableDeclarations$NamedVariable.acceptJava(J.java:5938)
org.openrewrite.java.tree.J.accept(J.java:59)
org.openrewrite.TreeVisitor.visit(TreeVisitor.java:283)
org.openrewrite.TreeVisitor.visitAndCast(TreeVisitor.java:366)
org.openrewrite.java.JavaVisitor.visitRightPadded(JavaVisitor.java:1375)
org.openrewrite.java.JavaVisitor.lambda$visitVariableDeclarations$29(JavaVisitor.java:963)
org.openrewrite.internal.ListUtils.map(ListUtils.java:176)
org.openrewrite.java.JavaVisitor.visitVariableDeclarations(JavaVisitor.java:963)
org.openrewrite.java.tree.J$VariableDeclarations.acceptJava(J.java:5824)
org.openrewrite.java.tree.J.accept(J.java:59)
org.openrewrite.TreeVisitor.visit(TreeVisitor.java:283)
...

References:

• View original result
• Recipe ID: org.openrewrite.java.security.XmlParserXXEVulnerability
• Recipe Name: XML parser XXE vulnerability
• Repository: spring-projects/spring-framework/main
• Created at Tue Feb 27 2024 19:57:08 GMT+0100 (Central European Standard Time)

[timtebeek]

@JLLeitschuh do you see any reason why we're seeing these issues over the past two days that weren't there before? This is from our daily flagship recipe runs.

[JLLeitschuh]

Likely caused by: openrewrite/rewrite-analysis#38

[JLLeitschuh]

do you see any reason why we're seeing these issues over the past two days that weren't there before?

Likely something about the underlying code changed, causing this to occur. This needs to be resolved in rewrite-analysis so we stop having these errors spuriously.

[timtebeek]

Saw this again today on compiled on this particular line: https://github.com/spring-projects/spring-framework/blob/ae9153e644b0e4ccc414e1e4749ac082ca242739/spring-beans/src/test/java/org/springframework/beans/factory/aot/BeanDefinitionMethodGeneratorTests.java#L111

TraitErrors: 
- Method must be created from class org.openrewrite.java.tree.J$MethodDeclaration but was class org.openrewrite.java.tree.J$Lambda
- No parent Method found
- Field must be declared in a class, interface, or anonymous class

Detail:

org.openrewrite.analysis.trait.util.TraitErrorsException: TraitErrors: 
- Method must be created from class org.openrewrite.java.tree.J$MethodDeclaration but was class org.openrewrite.java.tree.J$Lambda
- No parent Method found
- Field must be declared in a class, interface, or anonymous class
 org.openrewrite.analysis.trait.util.TraitErrors.doThrow(TraitErrors.java:43)
 fj.data.Either$RightProjection.on(Either.java:531)
 fj.data.Validation.on(Validation.java:146)
 org.openrewrite.analysis.trait.expr.VarAccessBase$1.visitVariable(VarAccess.java:188)
 org.openrewrite.analysis.trait.expr.VarAccessBase$1.visitVariable(VarAccess.java:176)
 org.openrewrite.java.tree.J$VariableDeclarations$NamedVariable.acceptJava(J.java:5955)
 org.openrewrite.java.tree.J.accept(J.java:59)
 org.openrewrite.TreeVisitor.visit(TreeVisitor.java:250)
 org.openrewrite.TreeVisitor.visitAndCast(TreeVisitor.java:324)
 org.openrewrite.java.JavaVisitor.visitRightPadded(JavaVisitor.java:1369)
 org.openrewrite.java.JavaVisitor.lambda$visitVariableDeclarations$29(JavaVisitor.java:963)
 org.openrewrite.internal.ListUtils.map(ListUtils.java:176)
 org.openrewrite.java.JavaVisitor.visitVariableDeclarations(JavaVisitor.java:963)
 org.openrewrite.java.tree.J$VariableDeclarations.acceptJava(J.java:5840)
 org.openrewrite.java.tree.J.accept(J.java:59)
 org.openrewrite.TreeVisitor.visit(TreeVisitor.java:250)
 ...

[timtebeek]

Also seen on FINOS: https://app.moderne.io/results/nhAg9TUiZ