You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/15 14:50:06 UTC

[tomcat] branch 9.0.x updated (9e56a56 -> f25802a)

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


    from 9e56a56  Update to Checkstyle 10.0
     new f9771df  Update to SpotBugs 4.6.0
     new f25802a  Back-port additional false positives

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 build.properties.default                |  4 +--
 res/spotbugs/filter-false-positives.xml | 63 +++++++++++++++++++++++++++++++++
 webapps/docs/changelog.xml              |  3 ++
 3 files changed, 68 insertions(+), 2 deletions(-)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[tomcat] 02/02: Back-port additional false positives

Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f25802a838a8bf80a476a63ebc5a6c046ec0b776
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 14:49:53 2022 +0000

    Back-port additional false positives
---
 res/spotbugs/filter-false-positives.xml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index ba30c1a..5c80194 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -43,7 +43,7 @@
   </Match>
   <Match>
     <!-- Class lock is not an instance lock -->
-    <Class name="jakarta.security.auth.message.config.AuthConfigFactory"/>
+    <Class name="javax.security.auth.message.config.AuthConfigFactory"/>
     <Field name="factory"/>
     <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
   </Match>
@@ -607,6 +607,12 @@
     <Bug code="OBL" />
   </Match>
   <Match>
+    <!-- There is no null check (SpotBugs bug?) -->
+    <Class name="org.apache.catalina.startup.ContextConfig" />
+    <Method name="populateJavaClassCache" />
+    <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+  </Match>
+  <Match>
     <!-- Method checks result and logs error later -->
     <Class name="org.apache.catalina.startup.ExpandWar" />
     <Method name="deleteDir" />
@@ -877,6 +883,12 @@
     <Bug code="RCN"/>
   </Match>
   <Match>
+    <!-- There is no null check (SpotBugs bug?) -->
+    <Class name="org.apache.catalina.webresources.AbstractArchiveResource" />
+    <Method name="getContent" />
+    <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+  </Match>
+  <Match>
     <!-- Array contents is not mutated -->
     <Class name="org.apache.catalina.webresources.CachedResource"/>
     <Or>
@@ -1061,6 +1073,12 @@
     <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
   </Match>
   <Match>
+    <!-- There is no null check (SpotBugs bug?) -->
+    <Class name="org.apache.jasper.compiler.JDTCompiler$1" />
+    <Method name="findType" />
+    <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+  </Match>
+  <Match>
     <!-- Sync is not protecting these fields -->
     <Class name="org.apache.jasper.compiler.JspConfig"/>
     <Or>
@@ -1152,6 +1170,12 @@
     <Bug code="OBL"/>
   </Match>
   <Match>
+    <!-- There is no null-check -->
+    <Class name="org.apache.juli.FileHandler"/>
+    <Method name="lambda$clean$0" />
+    <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
+  </Match>
+  <Match>
     <!-- If encoding is specified it will be used,
     otherwise platform default encoding will be used -->
     <Class name="org.apache.juli.FileHandler"/>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[tomcat] 01/02: Update to SpotBugs 4.6.0

Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f9771df954720f738417398914ac94a11a76c009
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 14:00:22 2022 +0000

    Update to SpotBugs 4.6.0
---
 build.properties.default                |  4 ++--
 res/spotbugs/filter-false-positives.xml | 39 +++++++++++++++++++++++++++++++++
 webapps/docs/changelog.xml              |  3 +++
 3 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 248f07c..dbeb93c 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -287,10 +287,10 @@ jacoco.jar=${jacoco.home}/lib/jacocoant.jar
 jacoco.loc=${base-maven.loc}/org/jacoco/jacoco/${jacoco.version}/jacoco-${jacoco.version}.zip
 
 # ----- SpotBugs (originally FindBugs) -----
-spotbugs.version=4.5.2
+spotbugs.version=4.6.0
 spotbugs.checksum.enabled=true
 spotbugs.checksum.algorithm=SHA-512
-spotbugs.checksum.value=6e6d4aab1a935f47f9cf4983c30c5c338a257339bd2a6ae4fea2204683d973a67bb95a9204e387ebf9c31070a998367afa12a3b1f812b01f2e27715b704bf194
+spotbugs.checksum.value=c3ebc5761299b253e7e563a0a71f931ffa6ab3861380abb246d2258a916c9c6d40f6582dbe10b084d6932536c38f6d8bd7711456b6b7eef7c83df770915ecf1e
 spotbugs.home=${base.path}/spotbugs-${spotbugs.version}
 spotbugs.jar=${spotbugs.home}/lib/spotbugs-ant.jar
 spotbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${spotbugs.version}/spotbugs-${spotbugs.version}.tgz
diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index 7f5a589..ba30c1a 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -42,6 +42,12 @@
     <Bug code="NP" />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="jakarta.security.auth.message.config.AuthConfigFactory"/>
+    <Field name="factory"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Null is not possible here -->
     <Class name="javax.servlet.http.HttpServlet$NoBodyPrintWriter"/>
     <Method name="resetBuffer"/>
@@ -443,6 +449,12 @@
     <Bug pattern="IS2_INCONSISTENT_SYNC " />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.catalina.realm.MemoryRealm" />
+    <Field name="digester"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- request.getRequestPathMB(), request.getQueryString() can be null because
     o.a.t.util.buf.MessageBytes.toString() can return NULL -->
     <Class name="org.apache.catalina.realm.RealmBase"/>
@@ -663,6 +675,12 @@
     <Bug pattern="WA_NOT_IN_LOOP"/>
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.catalina.tribes.io.BufferPool" />
+    <Field name="instance"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/>
     <Method name="stop"/>
     <Bug code="DE"/>
@@ -868,6 +886,12 @@
     <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.catalina.webresources.TomcatURLStreamHandlerFactory"/>
+    <Field name="instance"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Switch fall-though is deliberate -->
     <Class name="org.apache.coyote.AbstractProcessor"/>
     <Method name="parseHost"/>
@@ -1171,6 +1195,12 @@
     <Bug code="Nm" />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.naming.java.javaURLContextFactory" />
+    <Field name="initialContext"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Utility classes used to import/export l10n strings -->
     <!-- This code does not need to be robust -->
     <Or>
@@ -1258,6 +1288,15 @@
     <Bug pattern="VO_VOLATILE_INCREMENT" />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper" />
+    <Or>
+      <Field name="executor"/>
+      <Field name="taskMap"/>
+    </Or>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Fields do not need to be sync'd for toString() -->
     <Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" />
     <Or>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a2ad295..764302f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,6 +121,9 @@
       <update>
         Update to Checkstyle 10.0. (markt)
       </update>
+      <update>
+        Update to SpotBugs 4.6.0. (markt)
+      </update>
     </changelog>
   </subsection>
 </section>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org