This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-io.git
The following commit(s) were added to refs/heads/master by this push:
new c070fefb Fix SpotBugs errors
c070fefb is described below
commit c070fefba1f8e4e9725dcce9da67ce3edbb76743
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Thu Nov 23 17:10:41 2023 -0500
Fix SpotBugs errors
- [ERROR] Medium: Exception thrown in class
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream at new
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream(byte[],
int) will leave the constructor. The object under construction remains
partially initialized and may be vulnerable to Finalizer attacks.
[org.apache.commons.io.input.UnsynchronizedByteArrayInputStream,
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream] At
UnsynchronizedByteArrayInputStream.java:[line 202]At
UnsynchronizedByteArrayInputStream.java:[line 202] CT_CONSTRUCTOR_THROW
- [ERROR] Medium: Exception thrown in class
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream at new
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream(byte[],
int, int) will leave the constructor. The object under construction
remains partially initialized and may be vulnerable to Finalizer
attacks. [org.apache.commons.io.input.UnsynchronizedByteArrayInputStream,
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream] At
UnsynchronizedByteArrayInputStream.java:[line 223]At
UnsynchronizedByteArrayInputStream.java:[line 223] CT_CONSTRUCTOR_THROW
---
src/changes/changes.xml | 2 +
.../input/UnsynchronizedByteArrayInputStream.java | 73 ++++++++++------------
2 files changed, 36 insertions(+), 39 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 8f09cdf9..e3f41b24 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -68,6 +68,8 @@ The <action> type attribute can be add,update,fix,remove.
<action dev="ggregory" type="fix" due-to="Gary Gregory">Fix SpotBugs
error: org.apache.commons.io.file.AccumulatorPathVisitor.getDirList() may
expose internal representation by returning AccumulatorPathVisitor.dirList
[org.apache.commons.io.file.AccumulatorPathVisitor] At
AccumulatorPathVisitor.java:[line 179] EI_EXPOSE_REP.</action>
<action dev="ggregory" type="fix" due-to="Gary Gregory">Fix SpotBugs
error: org.apache.commons.io.file.AccumulatorPathVisitor.getFileList() may
expose internal representation by returning AccumulatorPathVisitor.fileList
[org.apache.commons.io.file.AccumulatorPathVisitor] At
AccumulatorPathVisitor.java:[line 188] EI_EXPOSE_REP.</action>
<action dev="ggregory" type="fix" due-to="Gary Gregory">Fix SpotBugs
error: org.apache.commons.io.input.ObservableInputStream.getObservers() may
expose internal representation by returning ObservableInputStream.observers
[org.apache.commons.io.input.ObservableInputStream] At
ObservableInputStream.java:[line 187] EI_EXPOSE_REP.</action>
+ <action dev="ggregory" type="fix" due-to="Gary Gregory">Fix SpotBugs
error: Exception thrown in class
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream at new
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream(byte[], int)
will leave the constructor. The object under construction remains partially
initialized and may be vulnerable to Finalizer attacks.
[org.apache.commons.io.input.UnsynchronizedByteArrayInputStream,
org.apache.commons.io.input.Unsynchronize [...]
+ <action dev="ggregory" type="fix" due-to="Gary Gregory">Fix SpotBugs
error: Exception thrown in class
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream at new
org.apache.commons.io.input.UnsynchronizedByteArrayInputStream(byte[], int,
int) will leave the constructor. The object under construction remains
partially initialized and may be vulnerable to Finalizer attacks.
[org.apache.commons.io.input.UnsynchronizedByteArrayInputStream,
org.apache.commons.io.input.Unsynchr [...]
<!-- UPDATE -->
<action dev="ggregory" type="update" due-to="Gary Gregory">Bump
org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.1.1 #512.</action>
<action dev="ggregory" type="update" due-to="Gary Gregory">Bump
commons-lang3 from 3.13.0 to 3.14.0.</action>
diff --git
a/src/main/java/org/apache/commons/io/input/UnsynchronizedByteArrayInputStream.java
b/src/main/java/org/apache/commons/io/input/UnsynchronizedByteArrayInputStream.java
index f3bead5e..0b5c1145 100644
---
a/src/main/java/org/apache/commons/io/input/UnsynchronizedByteArrayInputStream.java
+++
b/src/main/java/org/apache/commons/io/input/UnsynchronizedByteArrayInputStream.java
@@ -16,8 +16,6 @@
*/
package org.apache.commons.io.input;
-import static java.lang.Math.min;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -46,33 +44,25 @@ public class UnsynchronizedByteArrayInputStream extends
InputStream {
* </p>
*
* <pre>{@code
- * UnsynchronizedByteArrayInputStream s =
UnsynchronizedByteArrayInputStream.builder()
- * .setByteArray(byteArray)
- * .setOffset(0)
- * .setLength(byteArray.length)
- * .get();}
+ * UnsynchronizedByteArrayInputStream s =
UnsynchronizedByteArrayInputStream.builder().setByteArray(byteArray).setOffset(0).setLength(byteArray.length)
+ * .get();
+ * }
* </pre>
* <p>
* Using File IO:
* </p>
*
* <pre>{@code
- * UnsynchronizedByteArrayInputStream s =
UnsynchronizedByteArrayInputStream.builder()
- * .setFile(file)
- * .setOffset(0)
- * .setLength(byteArray.length)
- * .get();}
+ * UnsynchronizedByteArrayInputStream s =
UnsynchronizedByteArrayInputStream.builder().setFile(file).setOffset(0).setLength(byteArray.length).get();
+ * }
* </pre>
* <p>
* Using NIO Path:
* </p>
*
* <pre>{@code
- * UnsynchronizedByteArrayInputStream s =
UnsynchronizedByteArrayInputStream.builder()
- * .setPath(path)
- * .setOffset(0)
- * .setLength(byteArray.length)
- * .get();}
+ * UnsynchronizedByteArrayInputStream s =
UnsynchronizedByteArrayInputStream.builder().setPath(path).setOffset(0).setLength(byteArray.length).get();
+ * }
* </pre>
*/
public static class Builder extends
AbstractStreamBuilder<UnsynchronizedByteArrayInputStream, Builder> {
@@ -92,7 +82,7 @@ public class UnsynchronizedByteArrayInputStream extends
InputStream {
*
* @return a new instance.
* @throws UnsupportedOperationException if the origin cannot provide
a byte[].
- * @throws IllegalStateException if the {@code origin} is {@code null}.
+ * @throws IllegalStateException if the {@code origin} is
{@code null}.
* @see AbstractOrigin#getByteArray()
*/
@Override
@@ -150,6 +140,18 @@ public class UnsynchronizedByteArrayInputStream extends
InputStream {
return new Builder();
}
+ private static int minPosLen(final byte[] data, final int defaultValue) {
+ requireNonNegative(defaultValue, "defaultValue");
+ return Math.min(defaultValue, data.length > 0 ? data.length :
defaultValue);
+ }
+
+ private static int requireNonNegative(final int value, final String name) {
+ if (value < 0) {
+ throw new IllegalArgumentException(name + " cannot be negative");
+ }
+ return value;
+ }
+
/**
* The underlying data buffer.
*/
@@ -180,10 +182,7 @@ public class UnsynchronizedByteArrayInputStream extends
InputStream {
*/
@Deprecated
public UnsynchronizedByteArrayInputStream(final byte[] data) {
- this.data = Objects.requireNonNull(data, "data");
- this.offset = 0;
- this.eod = data.length;
- this.markedOffset = this.offset;
+ this(data, data.length, 0, 0);
}
/**
@@ -197,14 +196,7 @@ public class UnsynchronizedByteArrayInputStream extends
InputStream {
*/
@Deprecated
public UnsynchronizedByteArrayInputStream(final byte[] data, final int
offset) {
- Objects.requireNonNull(data, "data");
- if (offset < 0) {
- throw new IllegalArgumentException("offset cannot be negative");
- }
- this.data = data;
- this.offset = min(offset, data.length > 0 ? data.length : offset);
- this.eod = data.length;
- this.markedOffset = this.offset;
+ this(data, data.length, Math.min(requireNonNegative(offset, "offset"),
minPosLen(data, offset)), minPosLen(data, offset));
}
/**
@@ -219,16 +211,19 @@ public class UnsynchronizedByteArrayInputStream extends
InputStream {
*/
@Deprecated
public UnsynchronizedByteArrayInputStream(final byte[] data, final int
offset, final int length) {
- if (offset < 0) {
- throw new IllegalArgumentException("offset cannot be negative");
- }
- if (length < 0) {
- throw new IllegalArgumentException("length cannot be negative");
- }
+ requireNonNegative(offset, "offset");
+ requireNonNegative(length, "length");
this.data = Objects.requireNonNull(data, "data");
- this.offset = min(offset, data.length > 0 ? data.length : offset);
- this.eod = min(this.offset + length, data.length);
- this.markedOffset = this.offset;
+ this.eod = Math.min(minPosLen(data, offset) + length, data.length);
+ this.offset = minPosLen(data, offset);
+ this.markedOffset = minPosLen(data, offset);
+ }
+
+ private UnsynchronizedByteArrayInputStream(byte[] data, int eod, int
offset, int markedOffset) {
+ this.data = Objects.requireNonNull(data, "data");
+ this.eod = eod;
+ this.offset = offset;
+ this.markedOffset = markedOffset;
}
@Override
