You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ds...@apache.org on 2023/03/18 04:54:37 UTC
[solr] branch main updated: Inferconfig (#1352)
This is an automated email from the ASF dual-hosted git repository.
dsmiley pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new e5d6fa87822 Inferconfig (#1352)
e5d6fa87822 is described below
commit e5d6fa87822fa55e2b4bf40bdbdaa36ade1dd6d8
Author: David Smiley <ds...@apache.org>
AuthorDate: Sat Mar 18 00:54:31 2023 -0400
Inferconfig (#1352)
* Default inferconfig from Lift
https://help.sonatype.com/lift/configuring-lift/infer-specifics
* Infer/RacerD: Ignore ObjectReleaseTracker and org.noggit.CharArr
* Lift: Ignore Infer INTERFACE_NOT_THREAD_SAFE because too many false-positives that can't be fixed
---
.inferconfig | 96 ++++++++++++++++++++++
.lift.toml | 3 +-
.../solr/common/util/ObjectReleaseTracker.java | 2 +
solr/solrj/src/java/org/noggit/CharArr.java | 4 -
4 files changed, 100 insertions(+), 5 deletions(-)
diff --git a/.inferconfig b/.inferconfig
new file mode 100644
index 00000000000..d212c13c1a1
--- /dev/null
+++ b/.inferconfig
@@ -0,0 +1,96 @@
+{
+ "racerd-ignore-classes": [
+ "org.apache.solr.common.util.ObjectReleaseTracker",
+ "org.noggit.CharArr"
+ ],
+ "external-java-packages": [
+ "org.slf4j"
+ ],
+ "quandary-sources": [
+ {
+ "procedure": "javax.servlet.http.HttpServletRequest.getParameter",
+ "kind": "UserControlledString"
+ },
+ {
+ "procedure": "javax.servlet.http.HttpServletRequest.getHeader",
+ "kind": "UserControlledString"
+ },
+ {
+ "procedure": "java.io.BufferedReader.read",
+ "kind": "UserControlledString"
+ },
+ {
+ "procedure": "javax.servlet.http.HttpServletRequest.getAttribute",
+ "kind": "UserControlledString"
+ }
+ ],
+ "quandary-sanitizers": [
+ {
+ "procedure": "org.owasp.encoder.Encode.forHtml"
+ },
+ {
+ "procedure": "org.owasp.esapi.Encoder.encodeForSQL"
+ },
+ {
+ "procedure": "org.apache.commons.lang.StringEscapeUtils.escapeHtml"
+ }
+ ],
+ "quandary-sinks": [
+ {
+ "procedure": "java.util.logging.Logger.info",
+ "kind": "Logging"
+ },
+ {
+ "procedure": "java.util.logging.Logger.log",
+ "kind": "Logging"
+ },
+ {
+ "procedure": "java.io.PrintWriter.write",
+ "kind": "Other"
+ },
+ {
+ "procedure": "org.springframework.jdbc.core.JdbcTemplate.queryForObject",
+ "kind": "SQLRead"
+ },
+ {
+ "procedure": "javax.jdo.PersistenceManager.newQuery",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "org.hibernate.Session.createQuery",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "org.apache.turbine.om.peer.BasePeer.executeQuery",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "javax.persistence.EntityManager.createQuery",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "java.sql.Statement.executeQuery",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "java.sql.PreparedStatement.executeUpdate",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "java.sql.PreparedStatement.executeQuery",
+ "kind": "SQLWrite"
+ },
+ {
+ "procedure": "com.google.codeu.data.Datastore.storeMessage",
+ "kind": "HTML"
+ },
+ {
+ "procedure": "org.springframework.web.servlet.ModelAndView",
+ "kind": "HTML"
+ },
+ {
+ "procedure": "javax.servlet.http.HttpSession.setAttribute",
+ "kind": "HTML"
+ }
+ ]
+}
diff --git a/.lift.toml b/.lift.toml
index 160e1bfbfde..8666f6c5ad7 100644
--- a/.lift.toml
+++ b/.lift.toml
@@ -1,9 +1,10 @@
# This file can configure Lift PR static analysis.
# Docs for adding, removing or changing checks can be found here:
-# https://help.sonatype.com/lift/configuration-reference
+# https://help.sonatype.com/lift/configuring-lift
jdkVersion = "11"
disableTools = [ "refactor-first" ]
+ignoreRules = [ "INTERFACE_NOT_THREAD_SAFE" ]
ignoreFiles = '''
**/test/**
**/*.min.js
diff --git a/solr/solrj/src/java/org/apache/solr/common/util/ObjectReleaseTracker.java b/solr/solrj/src/java/org/apache/solr/common/util/ObjectReleaseTracker.java
index 37040abc3e4..2976a2c29c6 100644
--- a/solr/solrj/src/java/org/apache/solr/common/util/ObjectReleaseTracker.java
+++ b/solr/solrj/src/java/org/apache/solr/common/util/ObjectReleaseTracker.java
@@ -27,9 +27,11 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
+import net.jcip.annotations.ThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+@ThreadSafe
public class ObjectReleaseTracker {
private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
diff --git a/solr/solrj/src/java/org/noggit/CharArr.java b/solr/solrj/src/java/org/noggit/CharArr.java
index 9b9e2cc0cb7..6e8ac9f2d25 100644
--- a/solr/solrj/src/java/org/noggit/CharArr.java
+++ b/solr/solrj/src/java/org/noggit/CharArr.java
@@ -20,10 +20,7 @@ package org.noggit;
import java.io.IOException;
import java.io.Reader;
import java.nio.CharBuffer;
-import net.jcip.annotations.Immutable;
-import net.jcip.annotations.NotThreadSafe;
-@NotThreadSafe
public class CharArr implements CharSequence, Appendable {
protected char[] buf;
protected int start;
@@ -220,7 +217,6 @@ public class CharArr implements CharSequence, Appendable {
return this;
}
- @Immutable
static class NullCharArr extends CharArr {
public NullCharArr() {
super(new char[1], 0, 0);