This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 9c377b604f5396d9dede252a27eb76e43c750898
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Sat Jan 1 21:04:05 2022 +0000
Fix a number of SpotBugs false positives.
---
res/spotbugs/filter-false-positives.xml | 77 ++++++++++++++++++++++++++++++++-
1 file changed, 76 insertions(+), 1 deletion(-)
diff --git a/res/spotbugs/filter-false-positives.xml
b/res/spotbugs/filter-false-positives.xml
index e29e513..b32add4 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -371,6 +371,14 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
</Match>
<Match>
+ <!-- Not catching NPE would require generating an NPE and then wrapping
+ it because there is no MBeanException(String) constructor. It is
+ cleaner to catch the NPE. -->
+ <Class name="org.apache.catalina.mbeans.ContainerMBean" />
+ <Method name="removeValve" />
+ <Bug pattern="DCN_NULLPOINTER_EXCEPTION" />
+ </Match>
+ <Match>
<!-- SQL construction is safe since it is from trusted config -->
<Class name="org.apache.catalina.realm.DataSourceRealm" />
<Or>
@@ -388,6 +396,15 @@
<Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
</Match>
<Match>
+ <!-- Safer to catch NPE as the root cause of NPEs is not clear -->
+ <Class name="org.apache.catalina.realm.JNDIRealm" />
+ <Or>
+ <Method name="authenticate" />
+ <Method name="getPassword" />
+ </Or>
+ <Bug pattern="DCN_NULLPOINTER_EXCEPTION" />
+ </Match>
+ <Match>
<!-- roles will be initialized in addAttributeValues -->
<Class name="org.apache.catalina.realm.JNDIRealm" />
<Or>
@@ -538,6 +555,12 @@
<Bug code="OBL" />
</Match>
<Match>
+ <!-- There is no null check (SpotBugs bug?) -->
+ <Class name="org.apache.catalina.startup.ContextConfig" />
+ <Method name="populateJavaClassCache" />
+ <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+ </Match>
+ <Match>
<!-- Method checks result and logs error later -->
<Class name="org.apache.catalina.startup.ExpandWar" />
<Method name="deleteDir" />
@@ -798,6 +821,12 @@
<Bug code="RCN"/>
</Match>
<Match>
+ <!-- There is no null check (SpotBugs bug?) -->
+ <Class name="org.apache.catalina.webresources.AbstractArchiveResource" />
+ <Method name="getContent" />
+ <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+ </Match>
+ <Match>
<!-- Array contents is not mutated -->
<Class name="org.apache.catalina.webresources.CachedResource"/>
<Or>
@@ -807,6 +836,12 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Switch fall-though is deliberate -->
+ <Class name="org.apache.coyote.AbstractProcessor"/>
+ <Method name="parseHost"/>
+ <Bug pattern="SF_SWITCH_FALLTHROUGH" />
+ </Match>
+ <Match>
<!-- Use of synchronisation is required to make a sequence of calls in
-->
<!-- one method appear to be atomic.
-->
<Class name="org.apache.coyote.AbstractProcessorLight"/>
@@ -942,6 +977,12 @@
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
</Match>
<Match>
+ <!-- There is no null check (SpotBugs bug?) -->
+ <Class name="org.apache.jasper.compiler.JDTCompiler$1" />
+ <Method name="findType" />
+ <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+ </Match>
+ <Match>
<!-- Sync is not protecting these fields -->
<Class name="org.apache.jasper.compiler.JspConfig"/>
<Or>
@@ -1033,6 +1074,12 @@
<Bug code="OBL"/>
</Match>
<Match>
+ <!-- There is no null-check -->
+ <Class name="org.apache.juli.FileHandler"/>
+ <Method name="lambda$clean$0" />
+ <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
+ </Match>
+ <Match>
<!-- If encoding is specified it will be used,
otherwise platform default encoding will be used -->
<Class name="org.apache.juli.FileHandler"/>
@@ -1055,7 +1102,12 @@
<!-- Simpler to catch Exception than to create dummy implementations of the
necessary exception hierarchy -->
<Class name="org.apache.naming.factory.SendMailFactory" />
- <Method name="lambda$0" />
+ <Or>
+ <!-- Latest Eclipse plug-in and latest stand-alone JAR report different
+ method names. -->
+ <Method name="lambda$0" />
+ <Method name="lambda$getObjectInstance$0" />
+ </Or>
<Bug pattern="DE_MIGHT_IGNORE" />
</Match>
<Match>
@@ -1467,6 +1519,12 @@
<Bug pattern="NO_NOTIFY_NOT_NOTIFYALL " />
</Match>
<Match>
+ <!-- NPE should never happen but it is caught as a precaution -->
+ <Class name="org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor" />
+ <Method name="doRun" />
+ <Bug pattern="DCN_NULLPOINTER_EXCEPTION" />
+ </Match>
+ <Match>
<Class name="org.apache.tomcat.util.net.SecureNioChannel"/>
<Method name="rehandshake"/>
<Bug code="DE" />
@@ -1542,6 +1600,17 @@
<Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
</Match>
<Match>
+ <!-- A concurrently closed connection can trigger NPEs. It is not possible
+ to test for this before use. -->
+ <Class name="org.apache.tomcat.websocket.PerMessageDeflate" />
+ <Or>
+ <Method name="getMoreData" />
+ <Method name="sendMessagePart" />
+ <Method name="startNewMessage" />
+ </Or>
+ <Bug pattern="DCN_NULLPOINTER_EXCEPTION" />
+ </Match>
+ <Match>
<!-- Random will be SecureRandom and will be used multiple times. -->
<Class name="org.apache.tomcat.websocket.Util"/>
<Method name="generateMask"/>
@@ -1560,6 +1629,12 @@
<Bug code="DLS" />
</Match>
<Match>
+ <!-- Exception is caught so any issue is handled -->
+ <Class name="org.apache.tomcat.websocket.WsWebSocketContainer" />
+ <Method name="createSSLEngine" />
+ <Bug pattern="REC_CATCH_EXCEPTION" />
+ </Match>
+ <Match>
<!-- Random will be used multiple times. -->
<Class name="org.apache.tomcat.websocket.WsWebSocketContainer"/>
<Method name="generateWsKeyValue"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
