[MSHARED-1248] maven-dependency-analyzer should log instead of failing

when analyzing a corrupted jar file

pom.xml

@@ -129,6 +129,16 @@
         <groupId>org.eclipse.sisu</groupId>
         <artifactId>sisu-maven-plugin</artifactId>
       </plugin>
+      <plugin>
+        <groupId>org.apache.rat</groupId>
+        <artifactId>apache-rat-plugin</artifactId>
+        <configuration>
+          <excludes combine.children="append">
+            <!-- Corrupted class files -->
+            <exclude>**/*.clazz</exclude>
+          </excludes>
+        </configuration>
+      </plugin>
     </plugins>
   </build>
 

src/main/java/org/apache/maven/shared/dependency/analyzer/asm/DependencyClassFileVisitor.java

@@ -71,7 +71,7 @@ public void visitClass(String className, InputStream in) {
             reader.accept(classVisitor, 0);
         } catch (IOException exception) {
             exception.printStackTrace();
-        } catch (IndexOutOfBoundsException e) {
+        } catch (IndexOutOfBoundsException | IllegalArgumentException e) {
             // some bug inside ASM causes an IOB exception. Log it and move on?
             // this happens when the class isn't valid.
             logger.warn("Unable to process: " + className);

src/test/java/org/apache/maven/shared/dependency/analyzer/asm/ResultCollectorTest.java

@@ -33,6 +33,9 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class ResultCollectorTest {
+
+    private static String ROOT = "src/test/resources/org/apache/maven/shared/dependency/analyzer";
+
     Set<String> getDependencies(Class<?> inspectClass) throws IOException {
         String className = inspectClass.getName();
         String path = '/' + className.replace('.', '/') + ".class";
@@ -45,12 +48,64 @@ Set<String> getDependencies(Class<?> inspectClass) throws IOException {
 
     @Test
     public void testJava11Invoke() throws IOException {
-        String className = "issue362.Bcel362";
-        Path path = Paths.get(
-                "src/test/resources/org/apache/maven/shared/dependency/analyzer/commons-bcel-issue362/Bcel362.class");
+        Path path = Paths.get(ROOT + "/commons-bcel-issue362/Bcel362.class");
         DependencyClassFileVisitor visitor = new DependencyClassFileVisitor();
         try (InputStream is = Files.newInputStream(path)) {
-            visitor.visitClass(className, is);
+            visitor.visitClass("issue362.Bcel362", is);
+        }
+    }
+
+    @Test
+    public void testOssFuzz51980() throws IOException {
+        // Add a non-"class" suffix so that surefire does not try to read the file and fail the build
+        visitClass(ROOT + "/ossfuzz/issue51980/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz51989() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue51989/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz52168() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue52168/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz53543() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue53543/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz53544a() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue53544a/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz53620() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue53620/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz53676() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue53676/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz54199() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue54119/Test.class.clazz");
+    }
+
+    @Test
+    public void testOssFuzz54254() throws IOException {
+        visitClass(ROOT + "/ossfuzz/issue54254/Test.class.clazz");
+    }
+
+    private void visitClass(String location) throws IOException {
+        Path path = Paths.get(location);
+        DependencyClassFileVisitor visitor = new DependencyClassFileVisitor();
+        try (InputStream is = Files.newInputStream(path)) {
+            visitor.visitClass("Test", is);
         }
     }