filter-false-positives.xml

violetagg Wed, 23 Dec 2015 05:00:59 -0800

Author: violetagg
Date: Wed Dec 23 13:00:41 2015
New Revision: 1721539

URL: http://svn.apache.org/viewvc?rev=1721539&view=rev
Log:
Findbugs - filter false positives

Modified:
    tomcat/trunk/res/findbugs/filter-false-positives.xml

Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1721539&r1=1721538&r2=1721539&view=diff
==============================================================================
--- tomcat/trunk/res/findbugs/filter-false-positives.xml (original)
+++ tomcat/trunk/res/findbugs/filter-false-positives.xml Wed Dec 23 13:00:41 
2015
@@ -52,21 +52,74 @@
     <Bug code="IS"/>
   </Match>
   <Match>
+    <!-- request.getCoyoteRequest().getRemoteUser() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.authenticator.AuthenticatorBase"/>
+    <Method name="checkForCachedAuthentication"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
+    <!-- request.getQueryString() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class 
name="org.apache.catalina.authenticator.DigestAuthenticator$DigestInfo"/>
+    <Method name="validate"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
     <!-- Method is synchronized therefore not an issue -->
     <Class 
name="org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo"/>
     <Bug code="VO"/>
   </Match>
   <Match>
+    <!-- request.getPathInfo(), request.getDecodedRequestURI() can return null
+    because o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.authenticator.FormAuthenticator"/>
+    <Or>
+      <Method name="authenticate"/>
+      <Method name="matchRequest"/>
+    </Or>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
+    <!-- req.getRemoteUser(), req.getAuthType(), request.getQueryString() can
+    return null because o.a.t.util.buf.MessageBytes.toString() can return NULL
+    -->
+    <Class name="org.apache.catalina.connector.CoyoteAdapter"/>
+    <Or>
+      <Method name="doConnectorAuthenticationAuthorization"/>
+      <Method name="postParseRequest"/>
+    </Or>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
     <Class name="org.apache.catalina.connector.CoyoteReader"/>
     <Method name="readLine"/>
     <Bug code="RR"/>
   </Match>
   <Match>
+    <!-- request.getPathInfo(), scookie.getDomain() can return null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.connector.Request"/>
+    <Or>
+      <Method name="getRequestDispatcher"/>
+      <Method name="getPathTranslated"/>
+      <Method name="convertCookies"/>
+    </Or>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
     <!-- JNI library can only be loaded once so statics are appropriate -->
     <Class name="org.apache.catalina.core.AprLifecycleListener" />
     <Bug code="ST" />
   </Match>
   <Match>
+    <!-- request.getQueryString() can return null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.core.AsyncContextImpl"/>
+    <Method name="logDebug"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
     <!-- Have to trigger GC for leak detection to work. Clearly documented -->
     <Class name="org.apache.catalina.core.StandardHost" />
     <Method name="findReloadedContextMemoryLeaks" />
@@ -111,6 +164,16 @@
     <Bug code="IS" />
   </Match>
   <Match>
+    <!-- request.getRequestPathMB(), request.getQueryString() can be null 
because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.realm.RealmBase"/>
+    <Or>
+      <Method name="findSecurityConstraints"/>
+      <Method name="hasUserDataPermission"/>
+    </Or>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
   <!-- The header value is safe  -->
     <Class name="org.apache.catalina.servlets.DefaultServlet" />
     <Method name="doDirectoryRedirect" />
@@ -224,6 +287,20 @@
     <Bug code="UG" />
   </Match>
   <Match>
+    <!-- request.getRemoteHost() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class 
name="org.apache.catalina.valves.AbstractAccessLogValve$HostElement"/>
+    <Method name="addElement"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
+    <!-- request.getMethod() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class 
name="org.apache.catalina.valves.AbstractAccessLogValve$RequestElement"/>
+    <Method name="addElement"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
     <!-- Non-constant strings are configuration settings rather than client
          supplied -->
     <Class name="org.apache.catalina.valves.JDBCAccessLogValve" />
@@ -231,6 +308,20 @@
     <Bug code="SQL" />
   </Match>
   <Match>
+    <!-- request.getQueryString() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.valves.rewrite.RewriteValve"/>
+    <Method name="invoke"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
+    <!-- request.getQueryString() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.catalina.valves.StuckThreadDetectionValve"/>
+    <Method name="invoke"/>
+    <Bug code="RCN"/>
+  </Match>
+  <Match>
     <!-- Use of synchronisation is required to make a sequence of calls in   
-->
     <!-- one method appear to be atomic.                                     
-->
     <Class name="org.apache.coyote.AbstractProcessorLight"/>
@@ -479,6 +570,13 @@
     <Bug code="ST" />
   </Match>
   <Match>
+    <!-- mb.toString() can be null because
+    o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+    <Class name="org.apache.tomcat.util.buf.UDecoder"/>
+    <Method name="convert"/>
+    <Bug code="RCN" />
+  </Match>
+  <Match>
     <!-- NPE is desired as it indicates an error condition -->
     <Class name="org.apache.tomcat.util.digester.CallMethodRule"/>
     <Method name="end"/>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1721539 - /tomcat/trunk/res/findbugs/filter-false-positives.xml

Reply via email to