You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by us...@apache.org on 2022/03/28 18:44:20 UTC
[solr] branch branch_9x updated: Upgrade forbiddenapis to version 3.3 (#765)
This is an automated email from the ASF dual-hosted git repository.
uschindler pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new 0d3dad8 Upgrade forbiddenapis to version 3.3 (#765)
0d3dad8 is described below
commit 0d3dad83c9f2d9a1676d2dbacb244b2e439360af
Author: Uwe Schindler <us...@apache.org>
AuthorDate: Mon Mar 28 20:42:20 2022 +0200
Upgrade forbiddenapis to version 3.3 (#765)
---
build.gradle | 2 +-
.../forbidden-apis/com.google.guava.guava.all.txt | 7 +++---
.../commons-codec.commons-codec.all.txt | 7 ++----
.../forbidden-apis/commons-io.commons-io.all.txt | 6 ++---
gradle/validation/forbidden-apis/defaults.all.txt | 29 +++++++---------------
.../validation/forbidden-apis/defaults.tests.txt | 3 +--
.../javax.servlet.javax.servlet-api.solr.txt | 26 ++++++-------------
solr/CHANGES.txt | 2 ++
8 files changed, 27 insertions(+), 55 deletions(-)
diff --git a/build.gradle b/build.gradle
index 5fecd3a..62a4d52 100644
--- a/build.gradle
+++ b/build.gradle
@@ -23,7 +23,7 @@ plugins {
id "com.palantir.consistent-versions" version "2.8.0"
id "org.owasp.dependencycheck" version "6.5.3"
id 'ca.cutterslade.analyze' version "1.8.3"
- id 'de.thetaphi.forbiddenapis' version '3.2' apply false
+ id 'de.thetaphi.forbiddenapis' version '3.3' apply false
id "de.undercouch.download" version "4.0.2" apply false
id "net.ltgt.errorprone" version "2.0.2" apply false
id 'com.diffplug.spotless' version "6.3.0" apply false
diff --git a/gradle/validation/forbidden-apis/com.google.guava.guava.all.txt b/gradle/validation/forbidden-apis/com.google.guava.guava.all.txt
index 4e04e78..e1768ea 100644
--- a/gradle/validation/forbidden-apis/com.google.guava.guava.all.txt
+++ b/gradle/validation/forbidden-apis/com.google.guava.guava.all.txt
@@ -8,10 +8,9 @@ com.google.common.base.Supplier
com.google.common.base.Charsets
@defaultMessage Use methods in java.util.Objects instead
-com.google.common.base.Objects#equal(java.lang.Object,java.lang.Object)
-com.google.common.base.Objects#hashCode(java.lang.Object[])
-com.google.common.base.Preconditions#checkNotNull(java.lang.Object)
-com.google.common.base.Preconditions#checkNotNull(java.lang.Object,java.lang.Object)
+com.google.common.base.Objects#equal(**)
+com.google.common.base.Objects#hashCode(**)
+com.google.common.base.Preconditions#checkNotNull(**)
@defaultMessage Use methods in java.util.Comparator instead
com.google.common.collect.Ordering
diff --git a/gradle/validation/forbidden-apis/commons-codec.commons-codec.all.txt b/gradle/validation/forbidden-apis/commons-codec.commons-codec.all.txt
index c735053..799ed5c 100644
--- a/gradle/validation/forbidden-apis/commons-codec.commons-codec.all.txt
+++ b/gradle/validation/forbidden-apis/commons-codec.commons-codec.all.txt
@@ -1,5 +1,2 @@
-@defaultMessage Use java.nio.charset.StandardCharsets instead
-org.apache.commons.codec.Charsets
-
-@defaultMessage Use java.util.Base64 instead
-org.apache.commons.codec.binary.Base64
\ No newline at end of file
+org.apache.commons.codec.Charsets @ Use java.nio.charset.StandardCharsets instead
+org.apache.commons.codec.binary.Base64 @ Use java.util.Base64 instead
diff --git a/gradle/validation/forbidden-apis/commons-io.commons-io.all.txt b/gradle/validation/forbidden-apis/commons-io.commons-io.all.txt
index 386c5cc..af75d00 100644
--- a/gradle/validation/forbidden-apis/commons-io.commons-io.all.txt
+++ b/gradle/validation/forbidden-apis/commons-io.commons-io.all.txt
@@ -1,8 +1,6 @@
@defaultMessage Use InputStream.transferTo(OutputStream) or Reader.transferTo(Writer) instead
-org.apache.commons.io.IOUtils#copy(java.io.InputStream, java.io.OutputStream)
-org.apache.commons.io.IOUtils#copyLarge(java.io.InputStream, java.io.OutputStream)
-org.apache.commons.io.IOUtils#copy(java.io.Reader, java.io.Writer)
-org.apache.commons.io.IOUtils#copyLarge(java.io.Reader, java.io.Writer)
+org.apache.commons.io.IOUtils#copy(**)
+org.apache.commons.io.IOUtils#copyLarge(**)
@defaultMessage Use org.apache.commons.io.file.PathUtils#deleteDirectory(java.nio.file.Path) instead
org.apache.commons.io.FileUtils#deleteDirectory(java.io.File)
diff --git a/gradle/validation/forbidden-apis/defaults.all.txt b/gradle/validation/forbidden-apis/defaults.all.txt
index 51643a0..2986031 100644
--- a/gradle/validation/forbidden-apis/defaults.all.txt
+++ b/gradle/validation/forbidden-apis/defaults.all.txt
@@ -32,10 +32,7 @@ java.util.concurrent.Executors#newSingleThreadExecutor(java.util.concurrent.Thre
java.util.concurrent.Executors#newCachedThreadPool(java.util.concurrent.ThreadFactory)
@defaultMessage Use ExecutorUtil.MDCAwareThreadPoolExecutor instead of ThreadPoolExecutor
-java.util.concurrent.ThreadPoolExecutor#<init>(int,int,long,java.util.concurrent.TimeUnit,java.util.concurrent.BlockingQueue,java.util.concurrent.ThreadFactory,java.util.concurrent.RejectedExecutionHandler)
-java.util.concurrent.ThreadPoolExecutor#<init>(int,int,long,java.util.concurrent.TimeUnit,java.util.concurrent.BlockingQueue)
-java.util.concurrent.ThreadPoolExecutor#<init>(int,int,long,java.util.concurrent.TimeUnit,java.util.concurrent.BlockingQueue,java.util.concurrent.ThreadFactory)
-java.util.concurrent.ThreadPoolExecutor#<init>(int,int,long,java.util.concurrent.TimeUnit,java.util.concurrent.BlockingQueue,java.util.concurrent.RejectedExecutionHandler)
+java.util.concurrent.ThreadPoolExecutor#<init>(**)
@defaultMessage Must specify an explicit executor to run async tasks so that we have named threads
java.util.concurrent.CompletableFuture#runAsync(java.lang.Runnable)
@@ -61,22 +58,14 @@ java.util.Locale#forLanguageTag(java.lang.String) @ use new Locale.Builder().set
java.util.Locale#toString() @ use Locale#toLanguageTag() for a standardized BCP47 locale name
@defaultMessage Constructors for wrapper classes of Java primitives should be avoided in favor of the public static methods available or autoboxing
-java.lang.Integer#<init>(int)
-java.lang.Integer#<init>(java.lang.String)
-java.lang.Byte#<init>(byte)
-java.lang.Byte#<init>(java.lang.String)
-java.lang.Short#<init>(short)
-java.lang.Short#<init>(java.lang.String)
-java.lang.Long#<init>(long)
-java.lang.Long#<init>(java.lang.String)
-java.lang.Boolean#<init>(boolean)
-java.lang.Boolean#<init>(java.lang.String)
-java.lang.Character#<init>(char)
-java.lang.Float#<init>(float)
-java.lang.Float#<init>(double)
-java.lang.Float#<init>(java.lang.String)
-java.lang.Double#<init>(double)
-java.lang.Double#<init>(java.lang.String)
+java.lang.Integer#<init>(**)
+java.lang.Byte#<init>(**)
+java.lang.Short#<init>(**)
+java.lang.Long#<init>(**)
+java.lang.Boolean#<init>(**)
+java.lang.Character#<init>(**)
+java.lang.Float#<init>(**)
+java.lang.Double#<init>(**)
@defaultMessage Java deserialization is unsafe when the data is untrusted. The java developer is powerless: no checks or casts help, exploitation can happen in places such as clinit or finalize!
java.io.ObjectInputStream
diff --git a/gradle/validation/forbidden-apis/defaults.tests.txt b/gradle/validation/forbidden-apis/defaults.tests.txt
index 02ab6c8..a1ae6f3 100644
--- a/gradle/validation/forbidden-apis/defaults.tests.txt
+++ b/gradle/validation/forbidden-apis/defaults.tests.txt
@@ -21,5 +21,4 @@ java.lang.Math#random() @ Use RandomizedRunner's random().nextDouble() instead
#java.lang.System#nanoTime() @ Don't depend on wall clock times
@defaultMessage Use LuceneTestCase.collate instead, which can avoid JDK-8071862
-java.text.Collator#compare(java.lang.Object,java.lang.Object)
-java.text.Collator#compare(java.lang.String,java.lang.String)
+java.text.Collator#compare(**)
diff --git a/gradle/validation/forbidden-apis/javax.servlet.javax.servlet-api.solr.txt b/gradle/validation/forbidden-apis/javax.servlet.javax.servlet-api.solr.txt
index dc82e8f..651f3d2 100644
--- a/gradle/validation/forbidden-apis/javax.servlet.javax.servlet-api.solr.txt
+++ b/gradle/validation/forbidden-apis/javax.servlet.javax.servlet-api.solr.txt
@@ -15,10 +15,10 @@
@defaultMessage Servlet API method is parsing request parameters without using the correct encoding if no extra configuration is given in the servlet container
-javax.servlet.ServletRequest#getParameter(java.lang.String)
-javax.servlet.ServletRequest#getParameterMap()
-javax.servlet.ServletRequest#getParameterNames()
-javax.servlet.ServletRequest#getParameterValues(java.lang.String)
+javax.servlet.ServletRequest#getParameter(**)
+javax.servlet.ServletRequest#getParameterMap(**)
+javax.servlet.ServletRequest#getParameterNames(**)
+javax.servlet.ServletRequest#getParameterValues(**)
javax.servlet.http.HttpServletRequest#getSession() @ Servlet API getter has side effect of creating sessions
@@ -26,18 +26,6 @@ javax.servlet.http.HttpServletRequest#getSession() @ Servlet API getter has side
javax.servlet.ServletRequest#getReader()
javax.servlet.ServletResponse#getWriter()
-javax.servlet.ServletInputStream#readLine(byte[],int,int)
-javax.servlet.ServletOutputStream#print(boolean)
-javax.servlet.ServletOutputStream#print(char)
-javax.servlet.ServletOutputStream#print(double)
-javax.servlet.ServletOutputStream#print(float)
-javax.servlet.ServletOutputStream#print(int)
-javax.servlet.ServletOutputStream#print(long)
-javax.servlet.ServletOutputStream#print(java.lang.String)
-javax.servlet.ServletOutputStream#println(boolean)
-javax.servlet.ServletOutputStream#println(char)
-javax.servlet.ServletOutputStream#println(double)
-javax.servlet.ServletOutputStream#println(float)
-javax.servlet.ServletOutputStream#println(int)
-javax.servlet.ServletOutputStream#println(long)
-javax.servlet.ServletOutputStream#println(java.lang.String)
+javax.servlet.ServletInputStream#readLine(**)
+javax.servlet.ServletOutputStream#print(**)
+javax.servlet.ServletOutputStream#println(**)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 7a2abd2..298092d 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -50,6 +50,8 @@ Build
* SOLR-16050: Upgrade to errorprone 2.11.0 (Kevin Risden)
+* Upgrade forbiddenapis to 3.3 (Uwe Schindler)
+
================== 9.0.0 ==================
New Features