[BUG] CommonJ related issues are being found when the library is not being used by the analyzed application or its dependencies

[rromannissen]

Is there an existing issue for this?

• I have searched the existing issues

Konveyor version

0.3-alpha5

Priority

Critical

Current Behavior

Analysis is finding CommonJ related issues in the org.springframework.spring-tx:5.3.7 dependency from the tackle-testapp application. Examining the library reveals that the CommonJ API is not being used in the code for the library. For example, the analyzer found an incident of the issue Replace CommonJ WorkManager with a JCA Resource Adapter (commonj-05000) in org.springframework.jca.support.ResourceAdapterFactoryBean:

The rule commonj-05000 looks for references to the class commonj.work.WorkManager via the pattern construct. Nevertheless, that class is never referenced in the org.springframework.jca.support.ResourceAdapterFactoryBean class, as the import it does for the WorkManager class actually comes from the JCA Resource Adapter instead.

Same happens with the rule commonj-03000 for the io.micrometer.micrometer-core:1.7.0 dependency in the class io.micrometer.core.instrument.binder.httpcomponents.MicrometerHttpClientInterceptor, although this time the import for the Timer class is for io.micrometer.core.instrument.Timer

The analysis is wrongly finding incidents for the following issues:

• Migrate commonj.timers.Timer to Java EE javax.ejb.Timer (commonj-03000)
• Replace CommonJ WorkManager with a JCA Resource Adapter (commonj-05000)
• Commonj WorkManager API (commonj-06000)
• CommonJ WorkManager API Exception (commonj-07000)

In fact, no CommonJ dependencies are being found by the analyzer, or at least they are not listed for the given application:

Expected Behavior

No incidents should have been found for the listed issues in the tackle-testapp when running the analysis with the provided configuration.

How Reproducible

Always (Default)

Steps To Reproduce

1. Analyze tackle-test app with the configuration available in the Environment section.
2. Go to the issues view, Single application and filter by the tackle-testapp application.

Environment

- Fedora 36
- minikube v1.31.2 (--driver=kvm2 --memory=10g --cpus=3)
- Konveyor 0.3 alpha-5
- [tackle-testapp](https://github.com/konveyor/tackle-testapp) application
- Analysis configuration:
  - Source + Dependencies
  - eap6
  - Application and all dependencies, including known Open Source libraries
  - No custom rules
  - No additional advanced options

Anything else?

No response

[shawn-hurley]

The problem with these results, appears to be in the wide net that we are casting because there is a not location specified:

TypeDeclarationPattern: pkg<*>, enclosing<*>, type<timer>

Going to work on making this search pattern better, if not, we may want to update the rule to use a specific location

[pranavgaikwad]

This is fixed via konveyor/java-analyzer-bundle#72