You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by di...@apache.org on 2023/01/20 08:45:57 UTC

[oozie] branch master updated: OOZIE-3690 [server] Fix current SpotBugs discovered issues in Oozie's server module (jmakai via dionusos)

This is an automated email from the ASF dual-hosted git repository.

dionusos pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/oozie.git


The following commit(s) were added to refs/heads/master by this push:
     new f4ee8c362 OOZIE-3690 [server] Fix current SpotBugs discovered issues in Oozie's server module (jmakai via dionusos)
f4ee8c362 is described below

commit f4ee8c36282c2d30642bb1f237506d2dab5b878b
Author: Denes Bodo <di...@apache.org>
AuthorDate: Fri Jan 20 09:42:22 2023 +0100

    OOZIE-3690 [server] Fix current SpotBugs discovered issues in Oozie's server module (jmakai via dionusos)
---
 release-log.txt                                    |  1 +
 server/pom.xml                                     |  7 ++++++
 server/spotbugs-filter.xml                         | 25 ++++++++++++++++++++++
 .../apache/oozie/server/EmbeddedOozieServer.java   |  6 +++---
 .../java/org/apache/oozie/server/JspHandler.java   |  5 +++--
 .../oozie/server/SSLServerConnectorFactory.java    | 12 +++++++----
 .../org/apache/oozie/server/ServletMapper.java     |  2 +-
 .../oozie/server/guice/JspHandlerProvider.java     |  4 +++-
 .../org/apache/oozie/server/TestJspHandler.java    |  2 ++
 9 files changed, 53 insertions(+), 11 deletions(-)

diff --git a/release-log.txt b/release-log.txt
index f0a4c026b..3de89b797 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 5.3.0 release (trunk - unreleased)
 
+OOZIE-3690 [server] Fix current SpotBugs discovered issues in Oozie's server module (jmakai via dionusos)
 OOZIE-3692 [sharelib-spark] Fix current SpotBugs discovered issues in Oozie's sharelib-spark module (jmakai via dionusos)
 OOZIE-3693 [examples] Fix current SpotBugs discovered issues in Oozie's examples module (jmakai via dionusos)
 OOZIE-3696 [sharelib-git] Fix current SpotBugs discovered issues in Oozie's sharelib-git module (dionusos via jmakai)
diff --git a/server/pom.xml b/server/pom.xml
index b03ff7210..b312c2201 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -152,6 +152,13 @@
     </dependencies>
     <build>
         <plugins>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <configuration>
+                    <excludeFilterFile>${basedir}/spotbugs-filter.xml</excludeFilterFile>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.openjpa</groupId>
                 <artifactId>openjpa-maven-plugin</artifactId>
diff --git a/server/spotbugs-filter.xml b/server/spotbugs-filter.xml
new file mode 100644
index 000000000..0f571d8df
--- /dev/null
+++ b/server/spotbugs-filter.xml
@@ -0,0 +1,25 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<FindBugsFilter>
+    <!-- Since Java 7 update 40 or Java 8+, the  NULL byte injection in filenames is fixed so `WEAK_FILENAMEUTILS`
+    can be filtered in JspHandlerProvider class -->
+    <Match>
+        <Class name="org.apache.oozie.server.guice.JspHandlerProvider"/>
+        <Bug pattern="WEAK_FILENAMEUTILS" />
+    </Match>
+</FindBugsFilter>
\ No newline at end of file
diff --git a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
index 5cecf7cf2..5b123e912 100644
--- a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
+++ b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
@@ -228,13 +228,13 @@ public class EmbeddedOozieServer {
     }
 
     private boolean isSecured() {
-        String isSSLEnabled = conf.get("oozie.https.enabled");
+        boolean isSSLEnabled = Boolean.parseBoolean(conf.get("oozie.https.enabled"));
         LOG.info("Server started with oozie.https.enabled = " + isSSLEnabled);
-        return isSSLEnabled != null && Boolean.valueOf(isSSLEnabled);
+        return isSSLEnabled;
     }
 
     public static void setContextPath(Configuration oozieConfiguration) {
-        String baseUrl = oozieConfiguration.get("oozie.base.url");
+        String baseUrl = oozieConfiguration.get("oozie.base.url").replaceAll("[\r\n]","");
         String contextPath = baseUrl.substring(baseUrl.lastIndexOf("/"));
         LOG.info("Server started with contextPath = " + contextPath);
         EmbeddedOozieServer.contextPath = contextPath;
diff --git a/server/src/main/java/org/apache/oozie/server/JspHandler.java b/server/src/main/java/org/apache/oozie/server/JspHandler.java
index 3b948c457..a95f24e2a 100644
--- a/server/src/main/java/org/apache/oozie/server/JspHandler.java
+++ b/server/src/main/java/org/apache/oozie/server/JspHandler.java
@@ -57,7 +57,8 @@ public class JspHandler {
     private File getScratchDir() throws IOException
     {
         if (scratchDir.exists()) {
-            LOG.info(String.format("Scratch directory exists and will be reused: %s", scratchDir.getAbsolutePath()));
+            LOG.info(String.format("Scratch directory exists and will be reused: %s",
+                    scratchDir.getAbsolutePath().replaceAll("[\r\n]","")));
             return scratchDir;
         }
 
@@ -65,7 +66,7 @@ public class JspHandler {
             throw new IOException("Unable to create scratch directory: " + scratchDir);
         }
 
-        LOG.info(String.format("Scratch directory created: %s", scratchDir.getAbsolutePath()));
+        LOG.info(String.format("Scratch directory created: %s", scratchDir.getAbsolutePath().replaceAll("[\r\n]","")));
         return scratchDir;
     }
 
diff --git a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
index 3ba073a8e..03281b6f2 100644
--- a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
+++ b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
@@ -103,7 +103,8 @@ class SSLServerConnectorFactory {
         String[] excludeCipherSuites = excludeCipherList.split(",");
         sslContextFactory.setExcludeCipherSuites(excludeCipherSuites);
 
-        LOG.info(String.format("SSL context - excluding cipher suites: %s", Arrays.toString(excludeCipherSuites)));
+        LOG.info(String.format("SSL context - excluding cipher suites: %s",
+                Arrays.toString(excludeCipherSuites).replaceAll("[\r\n]","")));
     }
 
     private void setIncludeCipherSuites() {
@@ -115,7 +116,8 @@ class SSLServerConnectorFactory {
         String[] includeCipherSuites = includeCipherList.split(",");
         sslContextFactory.setIncludeCipherSuites(includeCipherSuites);
 
-        LOG.info(String.format("SSL context - including cipher suites: %s", Arrays.toString(includeCipherSuites)));
+        LOG.info(String.format("SSL context - including cipher suites: %s",
+                Arrays.toString(includeCipherSuites).replaceAll("[\r\n]","")));
     }
 
     private void setIncludeProtocols() {
@@ -123,7 +125,8 @@ class SSLServerConnectorFactory {
         String[] enabledProtocols = enabledProtocolsList.split(",");
         sslContextFactory.setIncludeProtocols(enabledProtocols);
 
-        LOG.info(String.format("SSL context - including protocols: %s", Arrays.toString(enabledProtocols)));
+        LOG.info(String.format("SSL context - including protocols: %s",
+                Arrays.toString(enabledProtocols).replaceAll("[\r\n]","")));
     }
 
     private void setExcludeProtocols() {
@@ -133,7 +136,8 @@ class SSLServerConnectorFactory {
         }
         String[] excludedProtocols = excludedProtocolsList.split(",");
         sslContextFactory.setExcludeProtocols(excludedProtocols);
-        LOG.info(String.format("SSL context - excluding protocols: %s", Arrays.toString(excludedProtocols)));
+        LOG.info(String.format("SSL context - excluding protocols: %s",
+                Arrays.toString(excludedProtocols).replaceAll("[\r\n]","")));
     }
 
     private void setKeystorePass() {
diff --git a/server/src/main/java/org/apache/oozie/server/ServletMapper.java b/server/src/main/java/org/apache/oozie/server/ServletMapper.java
index fcc7d9283..f025093b8 100644
--- a/server/src/main/java/org/apache/oozie/server/ServletMapper.java
+++ b/server/src/main/java/org/apache/oozie/server/ServletMapper.java
@@ -97,7 +97,7 @@ public class ServletMapper {
         try {
             servletContextHandler.addServlet(new ServletHolder(servletClass.newInstance()), servletPath);
         } catch (final InstantiationException | IllegalAccessException e) {
-            LOG.error(e.getMessage(), e);
+            LOG.error(e.getMessage().replaceAll("[\r\n]",""), e);
         }
     }
 }
diff --git a/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java b/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java
index 8a54a9a6d..3ce867f2b 100644
--- a/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java
+++ b/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java
@@ -20,6 +20,7 @@ package org.apache.oozie.server.guice;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.oozie.server.JspHandler;
 import org.apache.oozie.server.WebRootResourceLocator;
@@ -40,7 +41,8 @@ public class JspHandlerProvider implements Provider<JspHandler> {
 
     @Override
     public JspHandler get() {
-        final File tempDir = new File(oozieConfiguration.get(OOZIE_JSP_TMP_DIR), EMBEDDED_JETTY_JSP_DIR);
+        final File tempDir = new File(FilenameUtils.getName(oozieConfiguration.get(OOZIE_JSP_TMP_DIR)),
+                FilenameUtils.getName(EMBEDDED_JETTY_JSP_DIR));
 
         return new JspHandler(tempDir, new WebRootResourceLocator());
     }
diff --git a/server/src/test/java/org/apache/oozie/server/TestJspHandler.java b/server/src/test/java/org/apache/oozie/server/TestJspHandler.java
index be055831c..c113cbf33 100644
--- a/server/src/test/java/org/apache/oozie/server/TestJspHandler.java
+++ b/server/src/test/java/org/apache/oozie/server/TestJspHandler.java
@@ -63,6 +63,7 @@ public class TestJspHandler {
     public void scratchDir_Is_Created_When_Setup_Called_And_ScratchDir_Did_Not_Exist() throws IOException, URISyntaxException {
         when(mockScratchDir.exists()).thenReturn(false);
         when(mockScratchDir.mkdirs()).thenReturn(true);
+        when(mockScratchDir.getAbsolutePath()).thenReturn("foobar");
 
         jspHandler.setupWebAppContext(mockWebAppContext);
 
@@ -84,6 +85,7 @@ public class TestJspHandler {
     @Test
     public void scratchDir_Is_Reused_When_Setup_Called_And_ScratchDir_Existed() throws IOException, URISyntaxException {
         when(mockScratchDir.exists()).thenReturn(true);
+        when(mockScratchDir.getAbsolutePath()).thenReturn("foobar");
 
         jspHandler.setupWebAppContext(mockWebAppContext);