This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new cbd8c93 Additional false positives with latest SpotBugs
cbd8c93 is described below
commit cbd8c93d0ba1e223d07cc841d4479a70ba1ffd79
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 23 15:11:19 2021 +0100
Additional false positives with latest SpotBugs
---
res/findbugs/filter-false-positives.xml | 52 +++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/res/findbugs/filter-false-positives.xml
b/res/findbugs/filter-false-positives.xml
index 1f0f18e..dea154f 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -208,6 +208,12 @@
<Bug code="Dm" />
</Match>
<Match>
+ <!-- Random will be used multiple times if required. -->
+ <Class name="org.apache.catalina.core.StandardServer"/>
+ <Method name="await"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- This could be optimised but a) the code would be less clear and -->
<!-- b) SpotBugs still reports an error with the optimised code. -->
<Class name="org.apache.catalina.core.StandardServer"/>
@@ -251,6 +257,13 @@
<Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
</Match>
<Match>
+ <!-- Random will be SecureRandom by default and will be used multiple
+ times. -->
+ <Class name="org.apache.catalina.filters.CsrfPreventionFilterBase"/>
+ <Method name="generateNonce"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- ParseException is ignored in loop but handled afterwards if all
formats failed -->
<Class name="org.apache.catalina.filters.RemoteIpFilter$XForwardedRequest"
/>
<Method name="getDateHeader" />
@@ -366,6 +379,12 @@
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
</Match>
<Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.realm.DigestCredentialHandlerBase"/>
+ <Method name="mutate"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- roles will be initialized in addAttributeValues -->
<Class name="org.apache.catalina.realm.JNDIRealm" />
<Or>
@@ -686,11 +705,26 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Random is SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.tribes.util.UUIDGenerator"/>
+ <Or>
+ <Method name="<clinit>"/>
+ <Method name="nextBytes"/>
+ </Or>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.util.LifecycleBase" />
<Method name="getState"/>
<Bug code="UG" />
</Match>
<Match>
+ <!-- Random is SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.util.SessionIdGeneratorBase"/>
+ <Method name="createSecureRandom"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- the platform default encoding is a fallback -->
<Class name="org.apache.catalina.util.URLEncoder"/>
<Method name="encode"/>
@@ -1559,12 +1593,30 @@
<Bug pattern="WA_NOT_IN_LOOP" />
</Match>
<Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.DigestAuthenticator"/>
+ <Method name="getAuthorization"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.Util"/>
+ <Method name="generateMask"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Object creation will trigger input processing. -->
<Class name="org.apache.tomcat.websocket.WsWebSocketContainer" />
<Method name="connectToServer" />
<Bug code="DLS" />
</Match>
<Match>
+ <!-- Random will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.WsWebSocketContainer"/>
+ <Method name="generateWsKeyValue"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Fall-through expected -->
<Class name="org.apache.tomcat.websocket.server.WsHttpUpgradeHandler" />
<Method name="upgradeDispatch"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
