svn commit: r1436296 - /tomcat/trunk/res/findbugs/filter-false-positives.xml

Mon, 21 Jan 2013 04:11:04 -0800 

Author: markt
Date: Mon Jan 21 12:10:37 2013
New Revision: 1436296

URL: http://svn.apache.org/viewvc?rev=1436296&view=rev
Log:
Turn on some more tests, disable the resulting false positives

Modified:
    tomcat/trunk/res/findbugs/filter-false-positives.xml

Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1436296&r1=1436295&r2=1436296&view=diff
==============================================================================
--- tomcat/trunk/res/findbugs/filter-false-positives.xml (original)
+++ tomcat/trunk/res/findbugs/filter-false-positives.xml Mon Jan 21 12:10:37 
2013
@@ -101,6 +101,16 @@
     <Bug code="IS" />
   </Match>
   <Match>
+    <!-- Non-constant strings are configuration settings rather than client
+         supplied -->
+    <Class name="org.apache.catalina.session.JDBCStore" />
+    <Or>
+      <Method name="load" />
+      <Method name="save" />
+    </Or>
+    <Bug code="SQL" />
+  </Match>
+  <Match>
     <!-- We can live with the threading issue. See code comment for details. 
-->
     <Class name="org.apache.catalina.session.ManagerBase" />
     <Method name="generateSessionId" />
@@ -174,6 +184,13 @@
     <Bug code="UG" />
   </Match>
   <Match>
+    <!-- Non-constant strings are configuration settings rather than client
+         supplied -->
+    <Class name="org.apache.catalina.valves.JDBCAccessLogValve" />
+    <Method name="open" />
+    <Bug code="SQL" />
+  </Match>
+  <Match>
     <!-- Locks are always released. Non-standard pattern is required because 
-->
     <!-- of lock upgrade that is used. -->
     <Class name="org.apache.coyote.http11.upgrade.AprServletInputStream" />
@@ -349,6 +366,15 @@
     <Bug code="MF" />
   </Match>
   <Match>
+    <!-- JSSE vs APR attribute names. More confusing to change one of them -->
+    <Class name="org.apache.tomcat.util.net.AprEndpoint"/>
+    <Or>
+      <Method name="getSSLProtocol"/>
+      <Method name="setSSLProtocol"/>
+    </Or>
+    <Bug code="Nm"/>
+  </Match>
+  <Match>
     <!-- See wait() call in destroy() -->
     <Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/>
     <Method name="run"/>
@@ -406,7 +432,16 @@
     <Bug code="Nm" />
   </Match>
 
-  <!--  Generated code -->
+  <!-- Example code -->
+  <Match>
+    <!-- FindBugs assumes the container uses the values as is. Tomcat validates
+         them and escapes them as necessary to ensure they are safe. -->
+    <Class name="CookieExample" />
+    <Method name="doGet" />
+    <Bug code="HRS" />
+  </Match>
+  
+  <!-- Generated code -->
   <Match>
     <Class name="org.apache.el.parser.ELParserTokenManager" />
   </Match>
@@ -526,6 +561,12 @@
     <Bug code="DE" />
   </Match>
   <Match>
+    <!-- Use of static is unavoidable -->
+    <Class name="org.apache.tomcat.jdbc.test.TestStatementCache" />
+    <Method name="tearDown" />
+    <Bug code="ST" />
+  </Match>
+  <Match>
     <!-- Use of statics is unavoidable in all cases -->
     <!-- Better to use it consistently rather than only where necessary -->
     <Class name="org.apache.tomcat.jdbc.pool.interceptor.TestInterceptor" />



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to