Java - Incorrect detection of a Quality Risk displayed in the dashboard

Owned by Saar Avishai (Unlicensed)
Last updated: Mar 16, 2021 by Marc Amouyal
1 min read

Case 1: The QR displayed on the dashboard refers to an incorrect line number within the code

Generally speaking, in the Sealights dashboard - the method signature will always be denoted along with the line in which it is declared.

With that being said, this location is detected according to where the method body (the actual code) begins.

In those cases where the method body begins a few lines beneath the signature, the Quality Risk line number detected within the dashboard QR view will not match the actual location of the method in the code viewer.

Case 2: The QR displayed on the dashboard appears on a method that wasn’t changed

In this case, it could also be that the method on which a QR was detected, invokes another class which was changed.

In order to verify the changes, follow these steps:

Requirements:

  1. A machine with JDK (not JRE)

  2. Both versions of the class files in which the risk was detected (before detection/after detection)

    1. For the sake of this example, we’ll refer to the class file in question as Foo.java.

Steps:

  1. On the earlier version of Foo.java , run the following command:
    javap -p -v Foo.class > before.txt

  2. On the later version of Foo.java , run the following command:
    javap -p -v Foo.class > after.txt

  3. Compare the files to understand the changes in the bytecode.

    • Since Sealights operates within the Java bytecode, this will be the indicator as to what actually changed with the class files in question.

  4. In case any further information is needed, or additional assistance is required with understanding the results - contact Sealights support.