You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by vi...@apache.org on 2015/12/23 14:00:41 UTC
svn commit: r1721539 - /tomcat/trunk/res/findbugs/filter-false-positives.xml
Author: violetagg
Date: Wed Dec 23 13:00:41 2015
New Revision: 1721539
URL: http://svn.apache.org/viewvc?rev=1721539&view=rev
Log:
Findbugs - filter false positives
Modified:
tomcat/trunk/res/findbugs/filter-false-positives.xml
Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/res/findbugs/filter-false-positives.xml?rev=1721539&r1=1721538&r2=1721539&view=diff
==============================================================================
--- tomcat/trunk/res/findbugs/filter-false-positives.xml (original)
+++ tomcat/trunk/res/findbugs/filter-false-positives.xml Wed Dec 23 13:00:41 2015
@@ -52,21 +52,74 @@
<Bug code="IS"/>
</Match>
<Match>
+ <!-- request.getCoyoteRequest().getRemoteUser() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.authenticator.AuthenticatorBase"/>
+ <Method name="checkForCachedAuthentication"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
+ <!-- request.getQueryString() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.authenticator.DigestAuthenticator$DigestInfo"/>
+ <Method name="validate"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<!-- Method is synchronized therefore not an issue -->
<Class name="org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo"/>
<Bug code="VO"/>
</Match>
<Match>
+ <!-- request.getPathInfo(), request.getDecodedRequestURI() can return null
+ because o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.authenticator.FormAuthenticator"/>
+ <Or>
+ <Method name="authenticate"/>
+ <Method name="matchRequest"/>
+ </Or>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
+ <!-- req.getRemoteUser(), req.getAuthType(), request.getQueryString() can
+ return null because o.a.t.util.buf.MessageBytes.toString() can return NULL
+ -->
+ <Class name="org.apache.catalina.connector.CoyoteAdapter"/>
+ <Or>
+ <Method name="doConnectorAuthenticationAuthorization"/>
+ <Method name="postParseRequest"/>
+ </Or>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.connector.CoyoteReader"/>
<Method name="readLine"/>
<Bug code="RR"/>
</Match>
<Match>
+ <!-- request.getPathInfo(), scookie.getDomain() can return null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.connector.Request"/>
+ <Or>
+ <Method name="getRequestDispatcher"/>
+ <Method name="getPathTranslated"/>
+ <Method name="convertCookies"/>
+ </Or>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<!-- JNI library can only be loaded once so statics are appropriate -->
<Class name="org.apache.catalina.core.AprLifecycleListener" />
<Bug code="ST" />
</Match>
<Match>
+ <!-- request.getQueryString() can return null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.core.AsyncContextImpl"/>
+ <Method name="logDebug"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<!-- Have to trigger GC for leak detection to work. Clearly documented -->
<Class name="org.apache.catalina.core.StandardHost" />
<Method name="findReloadedContextMemoryLeaks" />
@@ -111,6 +164,16 @@
<Bug code="IS" />
</Match>
<Match>
+ <!-- request.getRequestPathMB(), request.getQueryString() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.realm.RealmBase"/>
+ <Or>
+ <Method name="findSecurityConstraints"/>
+ <Method name="hasUserDataPermission"/>
+ </Or>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<!-- The header value is safe -->
<Class name="org.apache.catalina.servlets.DefaultServlet" />
<Method name="doDirectoryRedirect" />
@@ -224,6 +287,20 @@
<Bug code="UG" />
</Match>
<Match>
+ <!-- request.getRemoteHost() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.valves.AbstractAccessLogValve$HostElement"/>
+ <Method name="addElement"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
+ <!-- request.getMethod() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.valves.AbstractAccessLogValve$RequestElement"/>
+ <Method name="addElement"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<!-- Non-constant strings are configuration settings rather than client
supplied -->
<Class name="org.apache.catalina.valves.JDBCAccessLogValve" />
@@ -231,6 +308,20 @@
<Bug code="SQL" />
</Match>
<Match>
+ <!-- request.getQueryString() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.valves.rewrite.RewriteValve"/>
+ <Method name="invoke"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
+ <!-- request.getQueryString() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.catalina.valves.StuckThreadDetectionValve"/>
+ <Method name="invoke"/>
+ <Bug code="RCN"/>
+ </Match>
+ <Match>
<!-- Use of synchronisation is required to make a sequence of calls in -->
<!-- one method appear to be atomic. -->
<Class name="org.apache.coyote.AbstractProcessorLight"/>
@@ -479,6 +570,13 @@
<Bug code="ST" />
</Match>
<Match>
+ <!-- mb.toString() can be null because
+ o.a.t.util.buf.MessageBytes.toString() can return NULL -->
+ <Class name="org.apache.tomcat.util.buf.UDecoder"/>
+ <Method name="convert"/>
+ <Bug code="RCN" />
+ </Match>
+ <Match>
<!-- NPE is desired as it indicates an error condition -->
<Class name="org.apache.tomcat.util.digester.CallMethodRule"/>
<Method name="end"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org