You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/15 16:32:51 UTC
[tomcat] branch 8.5.x updated (4573cbe -> dcde972)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 4573cbe Update to Checkstyle 10.0
new d9888f6 Update to SpotBugs 4.6.0
new dcde972 Back-port additional false positives
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
build.properties.default | 4 +-
res/spotbugs/filter-false-positives.xml | 82 +++++++++++++++++++++++++++++++++
webapps/docs/changelog.xml | 3 ++
3 files changed, 87 insertions(+), 2 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Update to SpotBugs 4.6.0
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d9888f6af06873ddb70de40051597539f178a595
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 14:00:22 2022 +0000
Update to SpotBugs 4.6.0
---
build.properties.default | 4 ++--
res/spotbugs/filter-false-positives.xml | 39 +++++++++++++++++++++++++++++++++
webapps/docs/changelog.xml | 3 +++
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 815b3d7..643e645 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -290,10 +290,10 @@ jacoco.jar=${jacoco.home}/lib/jacocoant.jar
jacoco.loc=${base-maven.loc}/org/jacoco/jacoco/${jacoco.version}/jacoco-${jacoco.version}.zip
# ----- SpotBugs (originally FindBugs) -----
-spotbugs.version=4.5.2
+spotbugs.version=4.6.0
spotbugs.checksum.enabled=true
spotbugs.checksum.algorithm=SHA-512
-spotbugs.checksum.value=6e6d4aab1a935f47f9cf4983c30c5c338a257339bd2a6ae4fea2204683d973a67bb95a9204e387ebf9c31070a998367afa12a3b1f812b01f2e27715b704bf194
+spotbugs.checksum.value=c3ebc5761299b253e7e563a0a71f931ffa6ab3861380abb246d2258a916c9c6d40f6582dbe10b084d6932536c38f6d8bd7711456b6b7eef7c83df770915ecf1e
spotbugs.home=${base.path}/spotbugs-${spotbugs.version}
spotbugs.jar=${spotbugs.home}/lib/spotbugs-ant.jar
spotbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${spotbugs.version}/spotbugs-${spotbugs.version}.tgz
diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index cd268c8..bf8fe94 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -48,6 +48,12 @@
<Bug code="DE" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="javax.security.auth.message.config.AuthConfigFactory"/>
+ <Field name="factory"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Null is not possible here -->
<Class name="javax.servlet.http.HttpServlet$NoBodyPrintWriter"/>
<Method name="resetBuffer"/>
@@ -437,6 +443,12 @@
<Bug pattern="IS2_INCONSISTENT_SYNC " />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.realm.MemoryRealm" />
+ <Field name="digester"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- request.getRequestPathMB(), request.getQueryString() can be null because
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
<Class name="org.apache.catalina.realm.RealmBase"/>
@@ -656,6 +668,12 @@
<Bug pattern="WA_NOT_IN_LOOP"/>
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.tribes.io.BufferPool" />
+ <Field name="instance"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/>
<Method name="stop"/>
<Bug code="DE"/>
@@ -831,6 +849,12 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.webresources.TomcatURLStreamHandlerFactory"/>
+ <Field name="instance"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Switch fall-though is deliberate -->
<Class name="org.apache.coyote.AbstractProcessor"/>
<Method name="parseHost"/>
@@ -1128,6 +1152,12 @@
<Bug code="Nm" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.naming.java.javaURLContextFactory" />
+ <Field name="initialContext"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Utility classes used to import/export l10n strings -->
<!-- This code does not need to be robust -->
<Or>
@@ -1206,6 +1236,15 @@
<Bug pattern="VO_VOLATILE_INCREMENT" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper" />
+ <Or>
+ <Field name="executor"/>
+ <Field name="taskMap"/>
+ </Or>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Fields do not need to be sync'd for toString() -->
<Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" />
<Or>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 01776a5..11bc548 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,9 @@
<update>
Update to Checkstyle 10.0. (markt)
</update>
+ <update>
+ Update to SpotBugs 4.6.0. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Back-port additional false positives
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit dcde9722fcda8bdb80e00aa20c365a4b162e8ac0
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 16:29:35 2022 +0000
Back-port additional false positives
---
res/spotbugs/filter-false-positives.xml | 43 +++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index bf8fe94..8e256b3 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -592,6 +592,12 @@
<Bug pattern="DM_EXIT" />
</Match>
<Match>
+ <!-- Genric error handling -->
+ <Class name="org.apache.catalina.startup.Catalina" />
+ <Method name="stopServer" />
+ <Bug pattern="REC_CATCH_EXCEPTION" />
+ </Match>
+ <Match>
<!-- Catalina isn't used when embedding -->
<Class name="org.apache.catalina.startup.Catalina" />
<Method name="stopServer" />
@@ -607,6 +613,12 @@
<Bug code="OBL" />
</Match>
<Match>
+ <!-- There is no null check (SpotBugs bug?) -->
+ <Class name="org.apache.catalina.startup.ContextConfig" />
+ <Method name="populateJavaClassCache" />
+ <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+ </Match>
+ <Match>
<!-- Method checks result and logs error later -->
<Class name="org.apache.catalina.startup.ExpandWar" />
<Method name="deleteDir" />
@@ -840,6 +852,12 @@
<Bug code="RCN"/>
</Match>
<Match>
+ <!-- There is no null check (SpotBugs bug?) -->
+ <Class name="org.apache.catalina.webresources.AbstractArchiveResource" />
+ <Method name="getContent" />
+ <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+ </Match>
+ <Match>
<!-- Array contents is not mutated -->
<Class name="org.apache.catalina.webresources.CachedResource"/>
<Or>
@@ -1011,6 +1029,12 @@
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
</Match>
<Match>
+ <!-- There is no null check (SpotBugs bug?) -->
+ <Class name="org.apache.jasper.compiler.JDTCompiler$1" />
+ <Method name="findType" />
+ <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE" />
+ </Match>
+ <Match>
<!-- Sync is not protecting these fields -->
<Class name="org.apache.jasper.compiler.JspConfig"/>
<Or>
@@ -1114,6 +1138,12 @@
<Bug code="OBL"/>
</Match>
<Match>
+ <!-- There is no null-check -->
+ <Class name="org.apache.juli.FileHandler$2"/>
+ <Method name="run" />
+ <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
+ </Match>
+ <Match>
<!-- If encoding is specified it will be used,
otherwise platform default encoding will be used -->
<Class name="org.apache.juli.FileHandler"/>
@@ -1575,6 +1605,13 @@
<Bug code="ML" />
</Match>
<Match>
+ <!-- Sync is on closed to ensure that actions taken because the socket -->
+ <!-- open remain valid until the action is completed. -->
+ <Class name="org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper"/>
+ <Field name="closed"/>
+ <Bug pattern="JLM_JSR166_UTILCONCURRENT_MONITORENTER"/>
+ </Match>
+ <Match>
<!-- Return value is ignored at this point but logic further up call -->
<!-- stack will ensure that a SocketTimeoutException is thrown -->
<Class name="org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper"/>
@@ -1591,6 +1628,12 @@
<Bug code="ML"/>
</Match>
<Match>
+ <!-- Single condition so notify() is OK -->
+ <Class name="org.apache.tomcat.util.net.NioEndpoint$Poller"/>
+ <Method name="processKey"/>
+ <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" />
+ </Match>
+ <Match>
<!-- Single condition so no need for wait to be in loop -->
<Class name="org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper"/>
<Or>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org