You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@netbeans.apache.org by "sdedic (via GitHub)" <gi...@apache.org> on 2023/03/13 18:19:39 UTC
[GitHub] [netbeans] sdedic opened a new pull request, #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
sdedic opened a new pull request, #5660:
URL: https://github.com/apache/netbeans/pull/5660
An exception was thrown when the NB was trying to load `micronaut-core:aop` project during OCI ADM audit. The project was broken and its dependency root reported `null` artifact. ADM Vulnerability implementation then throws NPE as this is not handled well.
The PR fixes the root cause in Gradle tooling by eagerly copying the task list before iterating through it, as the task definition Map is not copied by Gradle library and may mutate during the iteration.
The a simple null check is done in vulnerability audit launcher.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136981421
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
To be honest, alhtough I do think that even greatest things (and bugs) are built from very small ones, I think it's a pity the review focuses just on such nitpicking as this conversation. I am sure there are larger either structural or conceptual mistakes in my commits that would deserve a thorough review.
In itself, this wouldn't make me to make another commit, but as there are other relevant code sins pointed out, will fix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] lbownik commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "lbownik (via GitHub)" <gi...@apache.org>.
lbownik commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136758013
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
You dont have to calulate it. Just use a reasonable constant like new StringBuilder(150) or new StringBuilder(200) which will be enough most of the time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] lbownik commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "lbownik (via GitHub)" <gi...@apache.org>.
lbownik commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1135910948
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -168,6 +168,9 @@ public Map<String, Dependency> getDependencyMap() {
private void buildDependecyMap(Dependency dependency, Map<String, Dependency> result) {
String gav = createGAV(dependency.getArtifact());
+ if (gav == null) {
Review Comment:
how about ?
if (gav != null && result.putIfAbsent(gav, dependency) == null)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136981421
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
To be honest, alhtough I do think that even greatest things (and bugs) are built from very small ones, I think it's a pity the review focuses just on such nitpicking as this conversation. I am sure there are larger either structural or conceptual mistakes in my code that would deserve a thorough review.
In itself, this wouldn't make me to make another commit, but as there are other relevant code sins pointed out, will fix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136981421
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
To be honest, alhtough I think that great things are made from very small ones, I think it's a pity the review focuses just on such nitpicking as this conversation. I am sure there are larger either structural or conceptual mistakes in my commits that would deserve a thorough review.
In itself, this wouldn't make me to make another commit, but as there are other relevant code sins pointed out, will fix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1137185495
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
That's bad.
Speaking for myself, I can't promise I am 'not one of them', but at least I can TRY not be one of them - no guarantee on the outcome. Try me ;)
Other thought: consider (just) the size of the codebase and average age of the code (= techniques which were valid 15 yrs ago, but are obsolete now). Then weight in the benefit of a refactoring vs. the possibility of bugs slipping in. This comparison may easily result in a rejection for reasons that may seem silly and/or evasive to new contributors. Just a thought. Anyway, any such feelings should be voiced on the mailing list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] lbownik commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "lbownik (via GitHub)" <gi...@apache.org>.
lbownik commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1135920504
##########
extide/gradle/netbeans-gradle-tooling/src/main/java/org/netbeans/modules/gradle/tooling/NbProjectInfoBuilder.java:
##########
@@ -290,7 +290,8 @@ private void detectTaskProperties(NbProjectInfoModel model) {
Map<String, Object> taskProperties = new HashMap<>();
Map<String, String> taskPropertyTypes = new HashMap<>();
- for (Task task : project.getTasks().getAsMap().values()) {
+ // make a copy of the task map; may mutate.
+ for (Task task : new ArrayList<>(project.getTasks().getAsMap().values())) {
Review Comment:
what happens when map mutates while ArrayList constructor rxecutes
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136091863
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
IMHO not worth the extra computation; but StringBuilder is good. Will change - thanks/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136090439
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -168,6 +168,9 @@ public Map<String, Dependency> getDependencyMap() {
private void buildDependecyMap(Dependency dependency, Map<String, Dependency> result) {
String gav = createGAV(dependency.getArtifact());
+ if (gav == null) {
Review Comment:
:) I am used to make guard condition with short exit, but this seems better in this case. Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] lbownik commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "lbownik (via GitHub)" <gi...@apache.org>.
lbownik commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1137365730
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
"weight in the benefit of a refactoring vs. the possibility of bugs slipping in."
That's why unit test got invented ... oh wait ... unit test PRs get ignored as well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic merged pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic merged PR #5660:
URL: https://github.com/apache/netbeans/pull/5660
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] lbownik commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "lbownik (via GitHub)" <gi...@apache.org>.
lbownik commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1135913136
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
how about movig to StringBuilder and initializing it's capacity to avoid inner buffer reallocations?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136094374
##########
extide/gradle/netbeans-gradle-tooling/src/main/java/org/netbeans/modules/gradle/tooling/NbProjectInfoBuilder.java:
##########
@@ -290,7 +290,8 @@ private void detectTaskProperties(NbProjectInfoModel model) {
Map<String, Object> taskProperties = new HashMap<>();
Map<String, String> taskPropertyTypes = new HashMap<>();
- for (Task task : project.getTasks().getAsMap().values()) {
+ // make a copy of the task map; may mutate.
+ for (Task task : new ArrayList<>(project.getTasks().getAsMap().values())) {
Review Comment:
This part of build does not run concurrently AFAIK, the issue is that the set of tasks mutates during task inspection, inside the cycle
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] sdedic commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "sdedic (via GitHub)" <gi...@apache.org>.
sdedic commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1136984309
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
addressed in 174665381875
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -168,6 +168,9 @@ public Map<String, Dependency> getDependencyMap() {
private void buildDependecyMap(Dependency dependency, Map<String, Dependency> result) {
String gav = createGAV(dependency.getArtifact());
+ if (gav == null) {
Review Comment:
fixed in 174665381875
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[GitHub] [netbeans] lbownik commented on a diff in pull request #5660: Avoid ConcurrentMod exception, tolerate broken project dependencies
Posted by "lbownik (via GitHub)" <gi...@apache.org>.
lbownik commented on code in PR #5660:
URL: https://github.com/apache/netbeans/pull/5660#discussion_r1137087202
##########
enterprise/cloud.oracle/src/org/netbeans/modules/cloud/oracle/adm/VulnerabilityWorker.java:
##########
@@ -569,14 +575,19 @@ private int convert(Dependency dependency, Map<String, Integer> gavIndex, List<A
List<String> childrenNodeIds = new ArrayList<>(dependency.getChildren().size());
for (Dependency childDependency : dependency.getChildren()) {
int cid = convert(childDependency, gavIndex, result);
- childrenNodeIds.add(Integer.toString(cid));
+ if (cid != -1) {
+ childrenNodeIds.add(Integer.toString(cid));
+ }
}
builder.applicationDependencyNodeIds(childrenNodeIds);
result.add(builder.build());
return n;
}
private static String createGAV(ArtifactSpec artifact) {
+ if (artifact == null) {
+ return null;
+ }
StringBuffer sb = new StringBuffer();
Review Comment:
"sure there are larger either structural or conceptual mistakes in my code that would deserve a thorough review."
From my experience with NetBeans community such feedback would be either ignored or hostily rejected.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists