You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datasketches.apache.org by le...@apache.org on 2024/02/16 00:43:02 UTC
(datasketches-java) 01/01: All except 2 of the fixes here were security related fixes to harden our classes against "finalizer attacks".
This is an automated email from the ASF dual-hosted git repository.
leerho pushed a commit to branch fix_spotbugs_issues
in repository https://gitbox.apache.org/repos/asf/datasketches-java.git
commit 8c9e509b1786046e21b24f6909067aec5a21b88f
Author: Lee Rhodes <le...@users.noreply.github.com>
AuthorDate: Thu Feb 15 16:42:48 2024 -0800
All except 2 of the fixes here were security related fixes to harden our
classes against "finalizer attacks".
See https://wiki.sei.cmu.edu/confluence/display/java/OBJ11-J.+Be+wary+of+letting+constructors+throw+exceptions
---
.../org/apache/datasketches/fdt/FdtSketch.java | 2 +-
.../org/apache/datasketches/hll/CouponHashSet.java | 2 +-
.../org/apache/datasketches/hll/CouponList.java | 5 +++++
.../apache/datasketches/hll/DirectAuxHashMap.java | 2 +-
.../datasketches/hll/DirectCouponHashSet.java | 2 +-
.../apache/datasketches/hll/DirectCouponList.java | 5 +++++
.../apache/datasketches/hll/DirectHllArray.java | 5 +++++
.../apache/datasketches/hll/HeapAuxHashMap.java | 2 +-
.../apache/datasketches/hllmap/UniqueCountMap.java | 2 +-
.../datasketches/kll/KllItemsSketchSortedView.java | 5 +++++
.../quantiles/DirectDoublesSketchAccessor.java | 2 +-
.../quantiles/DoublesSketchAccessor.java | 5 +++++
.../quantiles/ItemsSketchSortedView.java | 5 +++++
.../GenericPartitionBoundaries.java | 5 +++++
.../datasketches/sampling/EbppsItemsSample.java | 15 +++++++++-----
.../datasketches/sampling/EbppsItemsSketch.java | 23 +++++++++++++---------
.../theta/DirectQuickSelectSketch.java | 5 +++++
.../apache/datasketches/tuple/CompactSketch.java | 5 +++++
.../datasketches/tuple/QuickSelectSketch.java | 5 +++++
.../DirectArrayOfDoublesQuickSelectSketch.java | 5 +++++
.../tuple/strings/ArrayOfStringsSummary.java | 2 +-
tools/FindBugsExcludeFilter.xml | 6 ++++++
22 files changed, 93 insertions(+), 22 deletions(-)
diff --git a/src/main/java/org/apache/datasketches/fdt/FdtSketch.java b/src/main/java/org/apache/datasketches/fdt/FdtSketch.java
index 8664e559..e4cac32a 100644
--- a/src/main/java/org/apache/datasketches/fdt/FdtSketch.java
+++ b/src/main/java/org/apache/datasketches/fdt/FdtSketch.java
@@ -46,7 +46,7 @@ import org.apache.datasketches.tuple.strings.ArrayOfStringsSketch;
*
* @author Lee Rhodes
*/
-public class FdtSketch extends ArrayOfStringsSketch {
+public final class FdtSketch extends ArrayOfStringsSketch {
/**
* Create new instance of Frequent Distinct Tuples sketch with the given
diff --git a/src/main/java/org/apache/datasketches/hll/CouponHashSet.java b/src/main/java/org/apache/datasketches/hll/CouponHashSet.java
index b2e96668..8d0dec9a 100644
--- a/src/main/java/org/apache/datasketches/hll/CouponHashSet.java
+++ b/src/main/java/org/apache/datasketches/hll/CouponHashSet.java
@@ -42,7 +42,7 @@ import org.apache.datasketches.memory.Memory;
* @author Lee Rhodes
* @author Kevin Lang
*/
-class CouponHashSet extends CouponList {
+final class CouponHashSet extends CouponList {
/**
* Constructs this sketch with the intent of loading it with data
diff --git a/src/main/java/org/apache/datasketches/hll/CouponList.java b/src/main/java/org/apache/datasketches/hll/CouponList.java
index 96f8e9e2..45f42656 100644
--- a/src/main/java/org/apache/datasketches/hll/CouponList.java
+++ b/src/main/java/org/apache/datasketches/hll/CouponList.java
@@ -41,6 +41,11 @@ class CouponList extends AbstractCoupons {
int couponCount;
int[] couponIntArr;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* New instance constructor for LIST or SET.
* @param lgConfigK the configured Lg K
diff --git a/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java b/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java
index fe04ec06..98884f5e 100644
--- a/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java
+++ b/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java
@@ -36,7 +36,7 @@ import org.apache.datasketches.memory.WritableMemory;
/**
* @author Lee Rhodes
*/
-class DirectAuxHashMap implements AuxHashMap {
+final class DirectAuxHashMap implements AuxHashMap {
private final DirectHllArray host; //hosts the WritableMemory and read-only Memory
private final boolean readOnly;
diff --git a/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java b/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java
index e797113c..52ddf60b 100644
--- a/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java
+++ b/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java
@@ -42,7 +42,7 @@ import org.apache.datasketches.memory.WritableMemory;
/**
* @author Lee Rhodes
*/
-class DirectCouponHashSet extends DirectCouponList {
+final class DirectCouponHashSet extends DirectCouponList {
//Constructs this sketch with data.
DirectCouponHashSet(final int lgConfigK, final TgtHllType tgtHllType,
diff --git a/src/main/java/org/apache/datasketches/hll/DirectCouponList.java b/src/main/java/org/apache/datasketches/hll/DirectCouponList.java
index 008aac1d..e8b6ad2e 100644
--- a/src/main/java/org/apache/datasketches/hll/DirectCouponList.java
+++ b/src/main/java/org/apache/datasketches/hll/DirectCouponList.java
@@ -61,6 +61,11 @@ class DirectCouponList extends AbstractCoupons {
Memory mem;
final boolean compact;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
//called from newInstance, writableWrap and DirectCouponHashSet
DirectCouponList(final int lgConfigK, final TgtHllType tgtHllType, final CurMode curMode,
final WritableMemory wmem) {
diff --git a/src/main/java/org/apache/datasketches/hll/DirectHllArray.java b/src/main/java/org/apache/datasketches/hll/DirectHllArray.java
index 8c87ca4b..7d4270c1 100644
--- a/src/main/java/org/apache/datasketches/hll/DirectHllArray.java
+++ b/src/main/java/org/apache/datasketches/hll/DirectHllArray.java
@@ -59,6 +59,11 @@ abstract class DirectHllArray extends AbstractHllArray {
long memAdd;
final boolean compact;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
//Memory must be already initialized and may have data
DirectHllArray(final int lgConfigK, final TgtHllType tgtHllType, final WritableMemory wmem) {
super(lgConfigK, tgtHllType, CurMode.HLL);
diff --git a/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java b/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java
index ae75d381..374dbd62 100644
--- a/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java
+++ b/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java
@@ -33,7 +33,7 @@ import org.apache.datasketches.memory.Memory;
* @author Lee Rhodes
* @author Kevin Lang
*/
-class HeapAuxHashMap implements AuxHashMap {
+final class HeapAuxHashMap implements AuxHashMap {
private final int lgConfigK; //required for #slot bits
private int lgAuxArrInts;
private int auxCount;
diff --git a/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java b/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java
index f8051d2b..9a480d94 100644
--- a/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java
+++ b/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java
@@ -80,7 +80,7 @@ import org.apache.datasketches.common.SketchesArgumentException;
* @author Alexander Saydakov
* @author Kevin Lang
*/
-public class UniqueCountMap {
+public final class UniqueCountMap {
private static final String LS = System.getProperty("line.separator");
private static final int NUM_LEVELS = 10; // total of single coupon + traverse + coupon maps + hll
private static final int NUM_TRAVERSE_MAPS = 3;
diff --git a/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java b/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java
index 27f97e17..f2ed66a4 100644
--- a/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java
+++ b/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java
@@ -56,6 +56,11 @@ public class KllItemsSketchSortedView<T> implements GenericSortedView<T>, Partit
private final T minItem;
private final Class<T> clazz;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* Construct from elements for testing only.
* @param quantiles sorted array of quantiles
diff --git a/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java b/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java
index 49b82335..172ad14b 100644
--- a/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java
+++ b/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java
@@ -26,7 +26,7 @@ import org.apache.datasketches.memory.WritableMemory;
/**
* @author Jon Malkin
*/
-class DirectDoublesSketchAccessor extends DoublesSketchAccessor {
+final class DirectDoublesSketchAccessor extends DoublesSketchAccessor {
DirectDoublesSketchAccessor(final DoublesSketch ds,
final boolean forceSize,
final int level) {
diff --git a/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java b/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java
index 7e70c927..54f83f18 100644
--- a/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java
+++ b/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java
@@ -39,6 +39,11 @@ abstract class DoublesSketchAccessor extends DoublesBufferAccessor {
int numItems_;
int offset_;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
DoublesSketchAccessor(final DoublesSketch ds, final boolean forceSize, final int level) {
ds_ = ds;
forceSize_ = forceSize;
diff --git a/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java b/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java
index 93c95605..d119e8bc 100644
--- a/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java
+++ b/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java
@@ -58,6 +58,11 @@ public class ItemsSketchSortedView<T> implements GenericSortedView<T>, Partition
private final Class<T> clazz;
private final int k;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* Construct from elements for testing.
* @param quantiles sorted array of quantiles
diff --git a/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java b/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java
index 5c0098a5..9cba9fbd 100644
--- a/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java
+++ b/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java
@@ -39,6 +39,11 @@ public class GenericPartitionBoundaries<T> implements PartitionBoundaries {
private long[] numDeltaItems; //num of items in each part
private int numPartitions; //num of partitions
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
public GenericPartitionBoundaries(
final long totalN,
final T[] boundaries,
diff --git a/src/main/java/org/apache/datasketches/sampling/EbppsItemsSample.java b/src/main/java/org/apache/datasketches/sampling/EbppsItemsSample.java
index 8a0002c2..d7478d8d 100644
--- a/src/main/java/org/apache/datasketches/sampling/EbppsItemsSample.java
+++ b/src/main/java/org/apache/datasketches/sampling/EbppsItemsSample.java
@@ -34,9 +34,14 @@ class EbppsItemsSample<T> {
private double c_; // Current sample size, including fractional part
private T partialItem_; // a sample item corresponding to a partial weight
private ArrayList<T> data_; // full sample items
-
+
private Random rand_; // ThreadLocalRandom.current() in general
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
// basic constructor
EbppsItemsSample(final int reservedSize) {
c_ = 0.0;
@@ -60,7 +65,7 @@ class EbppsItemsSample<T> {
if (c < 0.0 || Double.isNaN(c) || Double.isInfinite(c)) {
throw new SketchesArgumentException("C must be nonnegative and finite. Found: " + c);
}
-
+
c_ = c;
partialItem_ = partialItem;
data_ = data;
@@ -76,14 +81,14 @@ class EbppsItemsSample<T> {
if (theta < 0.0 || theta > 1.0 || Double.isNaN(theta)) {
throw new SketchesArgumentException("Theta must be in the range [0.0, 1.0]. Found: " + theta);
}
-
+
c_ = theta;
if (theta == 1.0) {
if (data_ != null && data_.size() == 1) {
data_.set(0, item);
} else {
data_ = new ArrayList<>(1);
- data_.add(item);
+ data_.add(item);
}
partialItem_ = null;
} else {
@@ -116,7 +121,7 @@ class EbppsItemsSample<T> {
result.add(partialItem_);
}
- return result;
+ return result;
}
@SuppressWarnings("unchecked")
diff --git a/src/main/java/org/apache/datasketches/sampling/EbppsItemsSketch.java b/src/main/java/org/apache/datasketches/sampling/EbppsItemsSketch.java
index 0b1552be..4d244361 100644
--- a/src/main/java/org/apache/datasketches/sampling/EbppsItemsSketch.java
+++ b/src/main/java/org/apache/datasketches/sampling/EbppsItemsSketch.java
@@ -35,14 +35,14 @@ import org.apache.datasketches.memory.WritableMemory;
/**
* An implementation of an Exact and Bounded Sampling Proportional to Size sketch.
- *
+ *
* <p>From: "Exact PPS Sampling with Bounded Sample Size",
* B. Hentschel, P. J. Haas, Y. Tian. Information Processing Letters, 2023.
- *
+ *
* <p>This sketch samples data from a stream of items proportional to the weight of each item.
* The sample guarantees the presence of an item in the result is proportional to that item's
* portion of the total weight seen by the sketch, and returns a sample no larger than size k.
- *
+ *
* <p>The sample may be smaller than k and the resulting size of the sample potentially includes
* a probabilistic component, meaning the resulting sample size is not always constant.
*
@@ -64,6 +64,11 @@ public class EbppsItemsSketch<T> {
final private EbppsItemsSample<T> tmp_; // temporary storage
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* Constructor
* @param k The maximum number of samples to retain
@@ -256,7 +261,7 @@ public class EbppsItemsSketch<T> {
* pathological cases, most obvious with k=2 and A.cum_wt == B.cum_wt where that
* approach will always take exactly 1 item from A and 1 from B, meaning the
* co-occurrence rate for two items from either sketch is guaranteed to be 0.0.
- *
+ *
* With EBPPS, once an item is accepted into the sketch we no longer need to
* track the item's weight: All accepted items are treated equally. As a result, we
* can take inspiration from the reservoir sampling merge in the datasketches-java
@@ -338,7 +343,7 @@ public class EbppsItemsSketch<T> {
if (cumulativeWt_ > 0.0) {
sample_.downsample(newRho / rho_);
}
-
+
tmp_.replaceContent(other.sample_.getPartialItem(), newRho * otherCFrac * avgWt);
sample_.merge(tmp_);
@@ -354,7 +359,7 @@ public class EbppsItemsSketch<T> {
/**
* Returns a copy of the current sample. The exact size may be
- * probabilsitic, differing by at most 1 item.
+ * probabilistic, differing by at most 1 item.
* @return the current sketch sample
*/
public ArrayList<T> getResult() { return sample_.getSample(); }
@@ -389,7 +394,7 @@ public class EbppsItemsSketch<T> {
/**
* Returns the expected number of samples returned upon a call to
- * getResult(). The number is a floating point value, where the
+ * getResult(). The number is a floating point value, where the
* fractional portion represents the probability of including a
* "partial item" from the sample.
*
@@ -505,14 +510,14 @@ public class EbppsItemsSketch<T> {
PreambleUtil.insertFlags(mem, sample_.hasPartialItem() ? HAS_PARTIAL_ITEM_MASK : 0);
}
PreambleUtil.insertK(mem, k_); // Bytes 4-7
-
+
// conditional elements
if (!empty) {
PreambleUtil.insertN(mem, n_);
PreambleUtil.insertEbppsCumulativeWeight(mem, cumulativeWt_);
PreambleUtil.insertEbppsMaxWeight(mem, wtMax_);
PreambleUtil.insertEbppsRho(mem, rho_);
-
+
// data from sample_ -- itemBytes includes the partial item
mem.putDouble(EBPPS_C_DOUBLE, sample_.getC());
mem.putByteArray(EBPPS_ITEMS_START, itemBytes, 0, itemBytes.length);
diff --git a/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java b/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java
index ef363d24..27174b52 100644
--- a/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java
+++ b/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java
@@ -81,6 +81,11 @@ class DirectQuickSelectSketch extends DirectQuickSelectSketchR {
super(seed, wmem);
}
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* Construct a new sketch instance and initialize the given Memory as its backing store.
*
diff --git a/src/main/java/org/apache/datasketches/tuple/CompactSketch.java b/src/main/java/org/apache/datasketches/tuple/CompactSketch.java
index b7e6935a..c77a2800 100644
--- a/src/main/java/org/apache/datasketches/tuple/CompactSketch.java
+++ b/src/main/java/org/apache/datasketches/tuple/CompactSketch.java
@@ -51,6 +51,11 @@ public class CompactSketch<S extends Summary> extends Sketch<S> {
private enum Flags { IS_BIG_ENDIAN, IS_READ_ONLY, IS_EMPTY, IS_COMPACT, IS_ORDERED }
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* Create a CompactSketch from correct components
* @param hashArr compacted hash array
diff --git a/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java b/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java
index d1ac811d..b3bfb231 100644
--- a/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java
+++ b/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java
@@ -57,6 +57,11 @@ class QuickSelectSketch<S extends Summary> extends Sketch<S> {
private long[] hashTable_;
S[] summaryTable_;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* This is to create an instance of a QuickSelectSketch with default resize factor.
* @param nomEntries Nominal number of entries. Forced to the nearest power of 2 greater than
diff --git a/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java b/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java
index 93cd8ebd..8c08b3a2 100644
--- a/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java
+++ b/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java
@@ -45,6 +45,11 @@ class DirectArrayOfDoublesQuickSelectSketch extends ArrayOfDoublesQuickSelectSke
private int keysOffset_;
private int valuesOffset_;
+ @Override
+ protected final void finalize() {
+ // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J
+ }
+
/**
* Construct a new sketch using the given Memory as its backing store.
*
diff --git a/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java b/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java
index b0baab01..69ee83e8 100644
--- a/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java
+++ b/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java
@@ -33,7 +33,7 @@ import org.apache.datasketches.tuple.UpdatableSummary;
/**
* @author Lee Rhodes
*/
-public class ArrayOfStringsSummary implements UpdatableSummary<String[]> {
+public final class ArrayOfStringsSummary implements UpdatableSummary<String[]> {
private String[] nodesArr = null;
diff --git a/tools/FindBugsExcludeFilter.xml b/tools/FindBugsExcludeFilter.xml
index 62cf08f0..32d176d7 100644
--- a/tools/FindBugsExcludeFilter.xml
+++ b/tools/FindBugsExcludeFilter.xml
@@ -79,4 +79,10 @@ under the License.
<Class name="org.apache.datasketches.quantilescommon.GenericSortedViewIterator"/>
</Match>
+ <Match>
+ <Bug pattern="FE_FLOATING_POINT_EQUALITY" />
+ <Class name="org.apache.datasketches.sampling.EbppsItemsSample" />
+ <Method name="merge" />
+ </Match>
+
</FindBugsFilter>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datasketches.apache.org
For additional commands, e-mail: commits-help@datasketches.apache.org