You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/15 14:02:31 UTC

[tomcat] branch main updated: Update to SpotBugs 4.6.0

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new c8f4bea  Update to SpotBugs 4.6.0
c8f4bea is described below

commit c8f4bea4e0e8a51edecac9b49a81fd391acfeaad
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 14:00:22 2022 +0000

    Update to SpotBugs 4.6.0
---
 build.properties.default                |  4 ++--
 res/spotbugs/filter-false-positives.xml | 39 +++++++++++++++++++++++++++++++++
 webapps/docs/changelog.xml              |  3 +++
 3 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 4376c0f..030fdb2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -282,10 +282,10 @@ jacoco.jar=${jacoco.home}/lib/jacocoant.jar
 jacoco.loc=${base-maven.loc}/org/jacoco/jacoco/${jacoco.version}/jacoco-${jacoco.version}.zip
 
 # ----- SpotBugs (originally FindBugs) -----
-spotbugs.version=4.5.2
+spotbugs.version=4.6.0
 spotbugs.checksum.enabled=true
 spotbugs.checksum.algorithm=SHA-512
-spotbugs.checksum.value=6e6d4aab1a935f47f9cf4983c30c5c338a257339bd2a6ae4fea2204683d973a67bb95a9204e387ebf9c31070a998367afa12a3b1f812b01f2e27715b704bf194
+spotbugs.checksum.value=c3ebc5761299b253e7e563a0a71f931ffa6ab3861380abb246d2258a916c9c6d40f6582dbe10b084d6932536c38f6d8bd7711456b6b7eef7c83df770915ecf1e
 spotbugs.home=${base.path}/spotbugs-${spotbugs.version}
 spotbugs.jar=${spotbugs.home}/lib/spotbugs-ant.jar
 spotbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${spotbugs.version}/spotbugs-${spotbugs.version}.tgz
diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index f924615..c9382b5 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -42,6 +42,12 @@
     <Bug code="NP" />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="jakarta.security.auth.message.config.AuthConfigFactory"/>
+    <Field name="factory"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Null is not possible here -->
     <Class name="jakarta.servlet.http.HttpServlet$NoBodyPrintWriter"/>
     <Method name="resetBuffer"/>
@@ -420,6 +426,12 @@
     <Bug pattern="IS2_INCONSISTENT_SYNC " />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.catalina.realm.MemoryRealm" />
+    <Field name="digester"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- request.getRequestPathMB(), request.getQueryString() can be null because
     o.a.t.util.buf.MessageBytes.toString() can return NULL -->
     <Class name="org.apache.catalina.realm.RealmBase"/>
@@ -635,6 +647,12 @@
     <Bug pattern="WA_NOT_IN_LOOP"/>
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.catalina.tribes.io.BufferPool" />
+    <Field name="instance"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/>
     <Method name="stop"/>
     <Bug code="DE"/>
@@ -846,6 +864,12 @@
     <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.catalina.webresources.TomcatURLStreamHandlerFactory"/>
+    <Field name="instance"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Switch fall-though is deliberate -->
     <Class name="org.apache.coyote.AbstractProcessor"/>
     <Method name="parseHost"/>
@@ -1133,6 +1157,12 @@
     <Bug code="Nm" />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.naming.java.javaURLContextFactory" />
+    <Field name="initialContext"/>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Utility classes used to import/export l10n strings -->
     <!-- This code does not need to be robust -->
     <Or>
@@ -1220,6 +1250,15 @@
     <Bug pattern="VO_VOLATILE_INCREMENT" />
   </Match>
   <Match>
+    <!-- Class lock is not an instance lock -->
+    <Class name="org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper" />
+    <Or>
+      <Field name="executor"/>
+      <Field name="taskMap"/>
+    </Or>
+    <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+  </Match>
+  <Match>
     <!-- Fields do not need to be sync'd for toString() -->
     <Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" />
     <Or>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f54ca71..84b4a5e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -130,6 +130,9 @@
       <update>
         Update to Checkstyle 10.0. (markt)
       </update>
+      <update>
+        Update to SpotBugs 4.6.0. (markt)
+      </update>
     </changelog>
   </subsection>
 </section>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org