[tomcat] branch 8.5.x updated: Backport false positive fixes

Mon, 19 Oct 2020 08:11:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 7031427  Backport false positive fixes
7031427 is described below

commit 7031427cd4decf20ebbede3e4a25bc0e63157853
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Oct 19 16:10:20 2020 +0100

    Backport false positive fixes
---
 res/findbugs/filter-false-positives.xml | 57 ++++++++++++++++++++++++---------
 1 file changed, 42 insertions(+), 15 deletions(-)

diff --git a/res/findbugs/filter-false-positives.xml 
b/res/findbugs/filter-false-positives.xml
index 5dd4e2c..19aab07 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -407,21 +407,6 @@
     </Or>
   </Match>
   <Match>
-    <!--  Name shadowing is intentional -->
-    <Or>
-      <Class name="org.apache.catalina.servlet4preview.AsyncContext"/>
-      <Class name="org.apache.catalina.servlet4preview.RequestDispatcher"/>
-      <Class name="org.apache.catalina.servlet4preview.ServletContext"/>
-      <Class 
name="org.apache.catalina.servlet4preview.http.HttpServletRequest"/>
-    </Or>
-    <Bug pattern="NM_SAME_SIMPLE_NAME_AS_INTERFACE"/>
-  </Match>
-  <Match>
-    <!--  Name shadowing is intentional -->
-    <Class 
name="org.apache.catalina.servlet4preview.http.HttpServletRequestWrapper"/>
-    <Bug pattern="NM_SAME_SIMPLE_NAME_AS_SUPERCLASS"/>
-  </Match>
-  <Match>
     <!-- The header value is safe  -->
     <Class name="org.apache.catalina.servlets.DefaultServlet" />
     <Method name="doDirectoryRedirect" />
@@ -553,6 +538,12 @@
     <Bug code="NP" />
   </Match>
   <Match>
+    <!-- Domain resolution not an issue here -->
+    <Class name="org.apache.catalina.startup.WebappServiceLoader" />
+    <Method name="load" />
+    <Bug pattern="DMI_COLLECTION_OF_URLS" />
+  </Match>
+  <Match>
     <!-- Deployer instance may implement Listener -->
     <Class name="org.apache.catalina.storeconfig.CatalinaClusterSF" />
     <Method name="storeChildren" />
@@ -714,6 +705,15 @@
     <Bug code="SQL" />
   </Match>
   <Match>
+    <!-- NO-OPs due to remaining FIXMEs -->
+    <Class name="org.apache.catalina.valves.rewrite.ResolverImpl"/>
+    <Method name="resolveSsl"/>
+    <Or>
+      <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
+      <Bug pattern="RV_RETURN_VALUE_IGNORED"/>
+    </Or>
+  </Match>
+  <Match>
     <!-- request.getQueryString() can be null because
     o.a.t.util.buf.MessageBytes.toString() can return NULL -->
     <Class name="org.apache.catalina.valves.rewrite.RewriteValve"/>
@@ -1030,6 +1030,12 @@
     </Or>
   </Match>
   <Match>
+    <!-- Sync protects writing not reading -->
+    <Class name="org.apache.tomcat.dbcp.dbcp2.BasicDataSource" />
+    <Field name="closed" />
+    <Bug pattern="IS2_INCONSISTENT_SYNC" />
+  </Match>
+  <Match>
     <!-- Return value is never used -->
     <Class name="org.apache.tomcat.dbcp.dbcp2.DelegatingConnection" />
     <Method name="prepareStatement" />
@@ -1320,6 +1326,12 @@
     <Bug code="SF" />
   </Match>
   <Match>
+    <!-- Returns null by design -->
+    <Class name="org.apache.tomcat.util.http.parser.EntityTag" />
+     <Method name="compareEntityTag"/>
+    <Bug pattern="NP_BOOLEAN_RETURN_NULL" />
+  </Match>
+  <Match>
     <!-- Hiding of field in superclass is deliberate -->
     <Class name="org.apache.tomcat.util.modeler.NotificationInfo"/>
     <Field name="info" />
@@ -1880,6 +1892,12 @@
     <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/>
   </Match>
   <Match>
+    <!-- Test code - and e3choing a header should be safe anyway -->
+    <Class name="org.apache.coyote.http11.upgrade.TestUpgrade$UpgradeServlet"/>
+    <Method name="doGet"/>
+    <Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER"/>
+  </Match>
+  <Match>
     <!-- Latch isn't essential so no need to check return -->
     <Class name="org.apache.coyote.http2.TestAsyncTimeout"/>
     <Method name="testTimeout"/>
@@ -2075,6 +2093,12 @@
     </Or>
   </Match>
   <Match>
+    <!-- Array contents is not mutated -->
+    <Class 
name="org.apache.tomcat.websocket.pojo.TestEncodingDecoding$MsgByte"/>
+    <Field name="data"/>
+    <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
+  </Match>
+  <Match>
     <!-- Return value of latch is intentionally ignored -->
     <Or>
       <Class name="org.apache.tomcat.websocket.TestWebSocketFrameClient"/>
@@ -2114,6 +2138,9 @@
       <Method name="testEgMailingList04" />
       <Method name="testEgMailingList05" />
       <Method name="testQuote2" />
+      <Method name="testSpecIssue194a" />
+      <Method name="testSpecIssue194b" />
+      <Method name="testSpecIssue194c" />
     </Or>
     <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
   </Match>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to