You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Artem Ervits (JIRA)" <ji...@apache.org> on 2018/04/05 13:33:00 UTC

[jira] [Resolved] (OOZIE-3212) fix findbugs issues in oozie sharelib

     [ https://issues.apache.org/jira/browse/OOZIE-3212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Artem Ervits resolved OOZIE-3212.
---------------------------------
    Resolution: Duplicate

duplicate of https://issues.apache.org/jira/browse/OOZIE-2952

> fix findbugs issues in oozie sharelib 
> --------------------------------------
>
>                 Key: OOZIE-3212
>                 URL: https://issues.apache.org/jira/browse/OOZIE-3212
>             Project: Oozie
>          Issue Type: Bug
>    Affects Versions: 5.0.0
>            Reporter: Artem Ervits
>            Assignee: Artem Ervits
>            Priority: Minor
>             Fix For: 5.1.0
>
>
> {code:java}
> [INFO] BugInstance size is 39
> [INFO] Error size is 0
> [INFO] Total bugs: 39
> [INFO] Unwritten public or protected field: org.apache.oozie.action.hadoop.ActionStats.currentActionType [org.apache.oozie.action.hadoop.ActionStats] At ActionStats.java:[line 37] UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD
> [INFO] Unchecked/unconfirmed cast from Throwable to org.apache.oozie.action.hadoop.LauncherMainException of return value in org.apache.oozie.action.hadoop.LauncherAM.runActionMain(ErrorHolder) [org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 427] BC_UNCONFIRMED_CAST_OF_RETURN_VALUE
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherAM, org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 522]At LauncherAM.java:[line 514] PATH_TRAVERSAL_IN
> [INFO] Redundant nullcheck of id, which is known to be non-null in org.apache.oozie.action.hadoop.LauncherAM.setRecoveryId() [org.apache.oozie.action.hadoop.LauncherAM] Redundant null check at LauncherAM.java:[line 481] RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> [INFO] Exception is caught when Exception is not thrown in org.apache.oozie.action.hadoop.LauncherAM.executePrepare(ErrorHolder) [org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 379] REC_CATCH_EXCEPTION
> [INFO] Exception is caught when Exception is not thrown in org.apache.oozie.action.hadoop.LauncherAM.run() [org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 251] REC_CATCH_EXCEPTION
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File, String, int): new java.io.FileReader(File) [org.apache.oozie.action.hadoop.LauncherAMUtils] At LauncherAMUtils.java:[line 64] DM_DEFAULT_ENCODING
> [INFO] org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File, String, int) may fail to clean up java.io.Reader on checked exception [org.apache.oozie.action.hadoop.LauncherAMUtils, org.apache.oozie.action.hadoop.LauncherAMUtils, org.apache.oozie.action.hadoop.LauncherAMUtils, org.apache.oozie.action.hadoop.LauncherAMUtils] Obligation to clean up resource created at LauncherAMUtils.java:[line 64] is not dischargedPath continues at LauncherAMUtils.java:[line 65]Path continues at LauncherAMUtils.java:[line 67]Path continues at LauncherAMUtils.java:[line 68] OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
> [INFO] org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File, String, int) may fail to close stream on exception [org.apache.oozie.action.hadoop.LauncherAMUtils] At LauncherAMUtils.java:[line 64] OS_OPEN_STREAM_EXCEPTION_PATH
> [INFO] Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.oozie.action.hadoop.LauncherMain.printArgs(String, String[]) [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 423] DM_CONVERT_CASE
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.LauncherMain.getHadoopJobIds(String, Pattern[]): new java.io.FileReader(String) [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 144] DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.LauncherMain.propagateToHadoopConf(): new java.io.FileWriter(String) [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 454] DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.LauncherMain.propagateToHadoopConf(): new java.io.OutputStreamWriter(OutputStream) [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 458] DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.LauncherMain.writeExternalChildIDs(String, Pattern[], String): String.getBytes() [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 180] DM_DEFAULT_ENCODING
> [INFO] org.apache.oozie.action.hadoop.LauncherMain.HADOOP_SITE_FILES should be both final and package protected [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 80] MS_FINAL_PKGPROTECT
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 473] PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 463] PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain, org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 140]At LauncherMain.java:[line 176] PATH_TRAVERSAL_IN
> [INFO] java/io/FileReader.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain, org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 144]At LauncherMain.java:[line 176] PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain, org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain] At LauncherMain.java:[line 399]At ShellMain.java:[line 93]At ShellMain.java:[line 101]At ShellMain.java:[line 145]At ShellMain.java:[line 148] PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 404] PATH_TRAVERSAL_IN
> [INFO] Exceptional return value of java.io.File.mkdirs() ignored in org.apache.oozie.action.hadoop.LauncherMain.writeHadoopConfig(String, File) [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 401] RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
> [INFO] The class org.apache.oozie.action.hadoop.LocalFsOperations$1 could be refactored into a named _static_ inner class [org.apache.oozie.action.hadoop.LocalFsOperations] At LocalFsOperations.java:[line 59] SIC_INNER_SHOULD_BE_STATIC_ANON
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File, String): String.getBytes() [org.apache.oozie.action.hadoop.MapReduceMain] At MapReduceMain.java:[line 84] DM_DEFAULT_ENCODING
> [INFO] org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File, String) may fail to clean up java.io.OutputStream on checked exception [org.apache.oozie.action.hadoop.MapReduceMain, org.apache.oozie.action.hadoop.MapReduceMain] Obligation to clean up resource created at MapReduceMain.java:[line 83] is not dischargedPath continues at MapReduceMain.java:[line 84] OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
> [INFO] org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File, String) may fail to close stream on exception [org.apache.oozie.action.hadoop.MapReduceMain] At MapReduceMain.java:[line 83] OS_OPEN_STREAM_EXCEPTION_PATH
> [INFO] Exceptional return value of java.io.File.createNewFile() ignored in new org.apache.oozie.action.hadoop.OozieLauncherOutputCommitter() [org.apache.oozie.action.hadoop.OozieLauncherOutputCommitter] At OozieLauncherOutputCommitter.java:[line 35] RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
> [INFO] Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.oozie.action.hadoop.PasswordMasker.isPasswordKey(String) [org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line 145] DM_CONVERT_CASE
> [INFO] The regular expression "(.*)([\\w[.\\w]*]*(?i)pass[\\w]*=)([\\w]+)(.*)" is vulnerable to a denial of service attack (ReDOS) [org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line 54] REDOS
> [INFO] The regular expression "([\\w[.\\w]*]*(?i)pass[\\w]*=)([\\w]+)" is vulnerable to a denial of service attack (ReDOS) [org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line 65] REDOS
> [INFO] java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path; reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.ShellContentWriter, org.apache.oozie.action.hadoop.ShellContentWriter] At ShellContentWriter.java:[line 67]At ShellContentWriter.java:[line 67] PATH_TRAVERSAL_IN
> [INFO] This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection [org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 92]At ShellMain.java:[line 89]At ShellMain.java:[line 90]At ShellMain.java:[line 91] COMMAND_INJECTION
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.ShellMain.handleShellOutput(Process, boolean): new java.io.InputStreamReader(InputStream) [org.apache.oozie.action.hadoop.ShellMain, org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 235]Another occurrence at ShellMain.java:[line 236] DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.ShellMain.writeLoggerProperties(Configuration, File): new java.io.PrintWriter(OutputStream) [org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 176] DM_DEFAULT_ENCODING
> [INFO] org.apache.oozie.action.hadoop.ShellMain.writeLoggerProperties(Configuration, File) may fail to close stream on exception [org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 176] OS_OPEN_STREAM_EXCEPTION_PATH
> [INFO] java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file whose location might be specified by user input [org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 174] PATH_TRAVERSAL_IN
> [INFO] Redundant nullcheck of thrArray, which is known to be non-null in org.apache.oozie.action.hadoop.ShellMain.execute(Configuration) [org.apache.oozie.action.hadoop.ShellMain] Redundant null check at ShellMain.java:[line 120] RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> [INFO] Found reliance on default encoding in org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread.run(): new java.io.FileWriter(File) [org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread] At ShellMain.java:[line 272] DM_DEFAULT_ENCODING
> [INFO] Should org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread be a _static_ inner class? [org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread] At ShellMain.java:[lines 254-312] SIC_INNER_SHOULD_BE_STATIC
> [INFO]{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)