You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by vi...@apache.org on 2015/12/30 18:39:57 UTC
svn commit: r1722387 -
/tomcat/tc7.0.x/trunk/res/findbugs/filter-false-positives.xml
Author: violetagg
Date: Wed Dec 30 17:39:57 2015
New Revision: 1722387
URL: http://svn.apache.org/viewvc?rev=1722387&view=rev
Log:
Backport Findbugs false positives
Modified:
tomcat/tc7.0.x/trunk/res/findbugs/filter-false-positives.xml
Modified: tomcat/tc7.0.x/trunk/res/findbugs/filter-false-positives.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/res/findbugs/filter-false-positives.xml?rev=1722387&r1=1722386&r2=1722387&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/res/findbugs/filter-false-positives.xml (original)
+++ tomcat/tc7.0.x/trunk/res/findbugs/filter-false-positives.xml Wed Dec 30 17:39:57 2015
@@ -129,6 +129,28 @@
<Bug code="Dm" />
</Match>
<Match>
+ <!-- Sleep is of short duration and lock is required -->
+ <Class name="org.apache.catalina.core.StandardWrapper" />
+ <Method name="unload" />
+ <Bug code="SWL" />
+ </Match>
+ <Match>
+ <!-- The code is adding HTTP request headers, not parameters and the
+ header parsing on input will have removed any CR or LF characters. -->
+ <Class name="org.apache.catalina.filters.CorsFilter" />
+ <Or>
+ <Method name="handlePreflightCORS" />
+ <Method name="handleSimpleCORS" />
+ </Or>
+ <Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
+ </Match>
+ <Match>
+ <!-- shost will not be null in normal usage -->
+ <Class name="org.apache.catalina.ha.backend.CollectedInfo" />
+ <Method name="init" />
+ <Bug code="NP" />
+ </Match>
+ <Match>
<!-- Field is only modified during Servlet load -->
<Class name="org.apache.catalina.manager.host.HostManagerServlet" />
<Bug code="MSF" />
@@ -161,6 +183,16 @@
<Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
</Match>
<Match>
+ <!-- Non-constant strings are configuration settings rather than client
+ supplied -->
+ <Class name="org.apache.catalina.session.JDBCStore" />
+ <Or>
+ <Method name="load" />
+ <Method name="save" />
+ </Or>
+ <Bug code="SQL" />
+ </Match>
+ <Match>
<!-- We can live with the threading issue. See code comment for details. -->
<Class name="org.apache.catalina.session.ManagerBase" />
<Method name="generateSessionId" />
@@ -194,6 +226,15 @@
<Bug code="SWL" />
</Match>
<Match>
+ <!-- context is never null -->
+ <Class name="org.apache.catalina.startup.HostConfig" />
+ <Or>
+ <Method name="deployDescriptor" />
+ <Method name="deployDirectory" />
+ </Or>
+ <Bug code="NP" />
+ </Match>
+ <Match>
<Class name="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Method name="memberAlive"/>
<Bug code="DE"/>
@@ -214,6 +255,12 @@
<Bug code="NS"/>
</Match>
<Match>
+ <!-- Intentional in case thread is waiting -->
+ <Class name="org.apache.catalina.tribes.transport.RxTaskPool"/>
+ <Method name="returnWorker"/>
+ <Bug code="NN"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.util.LifecycleBase" />
<Method name="getState"/>
<Bug code="UG" />
@@ -233,6 +280,13 @@
<Bug code="RCN"/>
</Match>
<Match>
+ <!-- Non-constant strings are configuration settings rather than client
+ supplied -->
+ <Class name="org.apache.catalina.valves.JDBCAccessLogValve" />
+ <Method name="open" />
+ <Bug code="SQL" />
+ </Match>
+ <Match>
<!-- request.getQueryString() can be null because
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
<Class name="org.apache.catalina.valves.StuckThreadDetectionValve"/>
@@ -258,6 +312,28 @@
<Bug code="ST" />
</Match>
<Match>
+ <!-- NPE is not possible -->
+ <Class name="org.apache.jasper.compiler.JspConfig"/>
+ <Method name="selectProperty"/>
+ <Bug code="NP"/>
+ </Match>
+ <Match>
+ <!-- Returning null is intentional -->
+ <Class name="org.apache.jasper.compiler.JspReader"/>
+ <Method name="indexOf"/>
+ <Bug code="NP"/>
+ </Match>
+ <Match>
+ <!-- Node constructors add node to parent. Local variable is used to
+ silence an Eclipse warning -->
+ <Class name="org.apache.jasper.compiler.Parser"/>
+ <Or>
+ <Method name="parseTemplateText"/>
+ <Method name="parseXMLTemplateText"/>
+ </Or>
+ <Bug code="DLS"/>
+ </Match>
+ <Match>
<!-- Use of == is deliberate -->
<Class name="org.apache.jasper.compiler.Parser"/>
<Method name="parseBody"/>
@@ -301,6 +377,11 @@
<Bug code="CN" />
</Match>
<Match>
+ <Class name="org.apache.tomcat.util.IntrospectionUtils" />
+ <Method name="findMethod"/>
+ <Bug code="NP" />
+ </Match>
+ <Match>
<!-- Class name is appropriate -->
<Class name="org.apache.tomcat.util.bcel.classfile.CodeException"/>
<Bug code="Nm" />
@@ -317,6 +398,18 @@
</Match>
<Match>
<!-- Returning null here is fine -->
+ <Class name="org.apache.tomcat.util.buf.ByteChunk"/>
+ <Method name="toString"/>
+ <Bug code="NP" />
+ </Match>
+ <Match>
+ <!-- Returning null here is fine -->
+ <Class name="org.apache.tomcat.util.buf.CharChunk"/>
+ <Method name="toString"/>
+ <Bug code="NP" />
+ </Match>
+ <Match>
+ <!-- Returning null here is fine -->
<Class name="org.apache.tomcat.util.buf.MessageBytes"/>
<Method name="toString"/>
<Bug code="NP" />
@@ -335,6 +428,12 @@
<Bug code="RCN" />
</Match>
<Match>
+ <!-- NPE is desired as it indicates an error condition -->
+ <Class name="org.apache.tomcat.util.digester.CallMethodRule"/>
+ <Method name="end"/>
+ <Bug code="NP" />
+ </Match>
+ <Match>
<!-- Test really is for the same object rather than equality -->
<Class name="org.apache.tomcat.util.digester.Digester"/>
<Or>
@@ -356,6 +455,21 @@
<Bug code="SF" />
</Match>
<Match>
+ <!-- Hiding of field in superclass is deliberate -->
+ <Class name="org.apache.tomcat.util.modeler.NotificationInfo"/>
+ <Field name="info" />
+ <Bug code="MF" />
+ </Match>
+ <Match>
+ <!-- JSSE vs APR attribute names. More confusing to change one of them -->
+ <Class name="org.apache.tomcat.util.net.AprEndpoint"/>
+ <Or>
+ <Method name="getSSLProtocol"/>
+ <Method name="setSSLProtocol"/>
+ </Or>
+ <Bug code="Nm"/>
+ </Match>
+ <Match>
<!-- addCount is modified in other threads -->
<Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/>
<Method name="run"/>
@@ -374,17 +488,24 @@
<Bug code="ML" />
</Match>
<Match>
- <Class name="org.apache.tomcat.util.net.SecureNioChannel"/>
- <Method name="rehandshake"/>
- <Bug code="DE" />
- </Match>
- <Match>
<!-- Sync is there to protect referenced object not field -->
<Class name="org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor"/>
<Method name="run"/>
<Bug code="ML" />
</Match>
<Match>
+ <!-- Return value is ignored at this point but logic further up call -->
+ <!-- stack will ensure that a SocketTimeoutException is thrown -->
+ <Class name="org.apache.tomcat.util.net.NioEndpoint$KeyAttachment"/>
+ <Method name="awaitLatch"/>
+ <Bug code="RV"/>
+ </Match>
+ <Match>
+ <Class name="org.apache.tomcat.util.net.SecureNioChannel"/>
+ <Method name="rehandshake"/>
+ <Bug code="DE" />
+ </Match>
+ <Match>
<!-- Yes the simple name is the same as the super class. Accept it. -->
<Class name="org.apache.tomcat.util.threads.ThreadPoolExecutor" />
<Bug code="Nm" />
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org