This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6254c8e54e5239423ad53b6bd862a4e9be634748
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Nov 26 16:56:57 2021 +0000
Fix various false positives
---
res/findbugs/filter-false-positives.xml | 76 +++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
diff --git a/res/findbugs/filter-false-positives.xml
b/res/findbugs/filter-false-positives.xml
index 579dbce..38cc114 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -708,6 +708,20 @@
<Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
</Match>
<Match>
+ <!-- Expected. Statement is being generated from configuration. -->
+ <Class name="org.apache.catalina.users.DataSourceUserDatabase"/>
+ <Or>
+ <Method name="findGroupInternal"/>
+ <Method name="findRoleInternal"/>
+ <Method name="findUserInternal"/>
+ <Method name="getGroups"/>
+ <Method name="getRoles"/>
+ <Method name="getUsers"/>
+ <Method name="saveInternal"/>
+ </Or>
+ <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.util.LifecycleBase" />
<Method name="getState"/>
<Bug code="UG" />
@@ -997,6 +1011,12 @@
<Bug code="ES"/>
</Match>
<Match>
+ <!-- Dummy thread -->
+ <Class name="org.apache.juli.AsyncFileHandler$LoggerThread"/>
+ <Method name="deregisterHandler"/>
+ <Bug pattern="DM_USELESS_THREAD"/>
+ </Match>
+ <Match>
<!-- Stream is closed in o.a.juli.ClassLoaderLogManager.readConfiguration
(InputStream, ClassLoader) -->
<Class name="org.apache.juli.ClassLoaderLogManager"/>
@@ -1102,6 +1122,15 @@
<Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" />
</Match>
<Match>
+ <!-- Commons DBCP 2 code Tomcat does not control -->
+ <Class name="org.apache.tomcat.dbcp.dbcp2.datasources.UserPassKey" />
+ <Or>
+ <Field name="name" />
+ <Field name="password" />
+ </Or>
+ <Bug pattern="SE_BAD_FIELD" />
+ </Match>
+ <Match>
<!-- Pooled objects can't be null so this is OK -->
<Class
name="org.apache.tomcat.dbcp.pool2.impl.BaseGenericObjectPool$IdentityWrapper"
/>
<Method name="equals" />
@@ -1285,6 +1314,15 @@
<Bug pattern="DMI_BLOCKING_METHODS_ON_URL" />
</Match>
<Match>
+ <!-- Returning of null is deliberate -->
+ <Class name="org.apache.tomcat.util.descriptor.web.SessionConfig"/>
+ <Or>
+ <Method name="getCookieHttpOnly"/>
+ <Method name="getCookieSecure"/>
+ </Or>
+ <Bug pattern="NP_BOOLEAN_RETURN_NULL"/>
+ </Match>
+ <Match>
<!-- NPE is desired as it indicates an error condition -->
<Class name="org.apache.tomcat.util.digester.CallMethodRule"/>
<Method name="end"/>
@@ -1477,6 +1515,12 @@
<Bug code="Nm" />
</Match>
<Match>
+ <!-- Field is updated inside a lock. -->
+ <Class name="org.apache.tomcat.util.threads.ThreadPoolExecutor" />
+ <Method name="runWorker" />
+ <Bug pattern="VO_VOLATILE_INCREMENT " />
+ </Match>
+ <Match>
<!-- Monitor is used for a single condition. No need for loop. -->
<Class name="org.apache.tomcat.util.threads.InlineExecutorService" />
<Method name="awaitTermination" />
@@ -1495,6 +1539,12 @@
<Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
</Match>
<Match>
+ <!-- Access is single-threaded (but may switch between threads). -->
+ <Class name="org.apache.tomcat.websocket.WsFrameBase$UnmaskTransformation"
/>
+ <Method name="getMoreData" />
+ <Bug pattern="VO_VOLATILE_INCREMENT" />
+ </Match>
+ <Match>
<!-- Object creation will trigger input processing. -->
<Class name="org.apache.tomcat.websocket.WsWebSocketContainer" />
<Method name="connectToServer" />
@@ -1930,6 +1980,15 @@
<Bug code="DE" />
</Match>
<Match>
+ <!-- Non-constant is just a split constant -->
+ <Class name="org.apache.catalina.users.DataSourceUserDatabaseTests"/>
+ <Or>
+ <Method name="testBasicUserRoleDatabase"/>
+ <Method name="testUserDatabase"/>
+ </Or>
+ <Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE"/>
+ </Match>
+ <Match>
<!-- Concrete Map type not affected -->
<Class name="org.apache.catalina.util.TestParameterMap" />
<Method name="testEntrySetImmutabilityAfterLocked" />
@@ -2130,6 +2189,12 @@
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
</Match>
<Match>
+ <!-- Use of static is unavoidable -->
+ <Class
name="org.apache.tomcat.jdbc.test.TestStatementCache$TestStatementCacheInterceptor"
/>
+ <Method name="<init>" />
+ <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" />
+ </Match>
+ <Match>
<!-- Tests throw exceptions so connections are never created -->
<Class name="org.apache.tomcat.jdbc.test.TestValidationQueryTimeout" />
<Or>
@@ -2146,6 +2211,12 @@
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" />
</Match>
<Match>
+ <!-- Use of static is unavoidable -->
+ <Class
name="org.apache.tomcat.jdbc.test.TestValidationQueryTimeout$MockStatement" />
+ <Method name="setQueryTimeout" />
+ <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" />
+ </Match>
+ <Match>
<Class name="org.apache.tomcat.jdbc.test.TwoDataSources" />
<Method name="testTwoDataSources" />
<Or>
@@ -2156,6 +2227,11 @@
</Or>
</Match>
<Match>
+ <!-- Deprecated native code -->
+ <Class name="org.apache.tomcat.jni.FileInfo"/>
+ <Bug pattern="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"/>
+ </Match>
+ <Match>
<Class
name="org.apache.tomcat.util.http.TestCookieParsing$EchoCookieHeader"/>
<Method name="service"/>
<Bug pattern="XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
