This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 276bd7a Additional false positives with latest SpotBugs
276bd7a is described below
commit 276bd7ad27b9882f668d95e92d80d53ac214cb1e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 23 15:11:19 2021 +0100
Additional false positives with latest SpotBugs
---
res/findbugs/filter-false-positives.xml | 58 +++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/res/findbugs/filter-false-positives.xml
b/res/findbugs/filter-false-positives.xml
index 13b518b..1f1d824 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -208,6 +208,12 @@
<Bug code="Dm" />
</Match>
<Match>
+ <!-- Random will be used multiple times if required. -->
+ <Class name="org.apache.catalina.core.StandardServer"/>
+ <Method name="await"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- This could be optimised but a) the code would be less clear and -->
<!-- b) SpotBugs still reports an error with the optimised code. -->
<Class name="org.apache.catalina.core.StandardServer"/>
@@ -251,6 +257,13 @@
<Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
</Match>
<Match>
+ <!-- Random will be SecureRandom by default and will be used multiple
+ times. -->
+ <Class name="org.apache.catalina.filters.CsrfPreventionFilterBase"/>
+ <Method name="generateNonce"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- ParseException is ignored in loop but handled afterwards if all
formats failed -->
<Class name="org.apache.catalina.filters.RemoteIpFilter$XForwardedRequest"
/>
<Method name="getDateHeader" />
@@ -389,6 +402,12 @@
<Bug pattern="IS2_INCONSISTENT_SYNC " />
</Match>
<Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.realm.DigestCredentialHandlerBase"/>
+ <Method name="mutate"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- roles will be initialized in addAttributeValues -->
<Class name="org.apache.catalina.realm.JNDIRealm" />
<Or>
@@ -714,11 +733,26 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Random is SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.tribes.util.UUIDGenerator"/>
+ <Or>
+ <Method name="<clinit>"/>
+ <Method name="nextBytes"/>
+ </Or>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.util.LifecycleBase" />
<Method name="getState"/>
<Bug code="UG" />
</Match>
<Match>
+ <!-- Random is SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.util.SessionIdGeneratorBase"/>
+ <Method name="createSecureRandom"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- the platform default encoding is a fallback -->
<Class name="org.apache.catalina.util.URLEncoder"/>
<Method name="encode"/>
@@ -1494,6 +1528,12 @@
<Bug code="ML"/>
</Match>
<Match>
+ <!-- Single condition so notify() is OK -->
+ <Class name="org.apache.tomcat.util.net.NioEndpoint$Poller"/>
+ <Method name="processKey"/>
+ <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" />
+ </Match>
+ <Match>
<!-- Single condition so no need for wait to be in loop -->
<Class name="org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper"/>
<Or>
@@ -1575,12 +1615,30 @@
<Bug pattern="WA_NOT_IN_LOOP" />
</Match>
<Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.DigestAuthenticator"/>
+ <Method name="getAuthorization"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.Util"/>
+ <Method name="generateMask"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Object creation will trigger input processing. -->
<Class name="org.apache.tomcat.websocket.WsWebSocketContainer" />
<Method name="connectToServer" />
<Bug code="DLS" />
</Match>
<Match>
+ <!-- Random will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.WsWebSocketContainer"/>
+ <Method name="generateWsKeyValue"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Fall-through expected -->
<Class name="org.apache.tomcat.websocket.server.WsHttpUpgradeHandler" />
<Method name="upgradeDispatch"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
