You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/15 14:02:31 UTC
[tomcat] branch main updated: Update to SpotBugs 4.6.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c8f4bea Update to SpotBugs 4.6.0
c8f4bea is described below
commit c8f4bea4e0e8a51edecac9b49a81fd391acfeaad
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 14:00:22 2022 +0000
Update to SpotBugs 4.6.0
---
build.properties.default | 4 ++--
res/spotbugs/filter-false-positives.xml | 39 +++++++++++++++++++++++++++++++++
webapps/docs/changelog.xml | 3 +++
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 4376c0f..030fdb2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -282,10 +282,10 @@ jacoco.jar=${jacoco.home}/lib/jacocoant.jar
jacoco.loc=${base-maven.loc}/org/jacoco/jacoco/${jacoco.version}/jacoco-${jacoco.version}.zip
# ----- SpotBugs (originally FindBugs) -----
-spotbugs.version=4.5.2
+spotbugs.version=4.6.0
spotbugs.checksum.enabled=true
spotbugs.checksum.algorithm=SHA-512
-spotbugs.checksum.value=6e6d4aab1a935f47f9cf4983c30c5c338a257339bd2a6ae4fea2204683d973a67bb95a9204e387ebf9c31070a998367afa12a3b1f812b01f2e27715b704bf194
+spotbugs.checksum.value=c3ebc5761299b253e7e563a0a71f931ffa6ab3861380abb246d2258a916c9c6d40f6582dbe10b084d6932536c38f6d8bd7711456b6b7eef7c83df770915ecf1e
spotbugs.home=${base.path}/spotbugs-${spotbugs.version}
spotbugs.jar=${spotbugs.home}/lib/spotbugs-ant.jar
spotbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${spotbugs.version}/spotbugs-${spotbugs.version}.tgz
diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index f924615..c9382b5 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -42,6 +42,12 @@
<Bug code="NP" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="jakarta.security.auth.message.config.AuthConfigFactory"/>
+ <Field name="factory"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Null is not possible here -->
<Class name="jakarta.servlet.http.HttpServlet$NoBodyPrintWriter"/>
<Method name="resetBuffer"/>
@@ -420,6 +426,12 @@
<Bug pattern="IS2_INCONSISTENT_SYNC " />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.realm.MemoryRealm" />
+ <Field name="digester"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- request.getRequestPathMB(), request.getQueryString() can be null because
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
<Class name="org.apache.catalina.realm.RealmBase"/>
@@ -635,6 +647,12 @@
<Bug pattern="WA_NOT_IN_LOOP"/>
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.tribes.io.BufferPool" />
+ <Field name="instance"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/>
<Method name="stop"/>
<Bug code="DE"/>
@@ -846,6 +864,12 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.webresources.TomcatURLStreamHandlerFactory"/>
+ <Field name="instance"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Switch fall-though is deliberate -->
<Class name="org.apache.coyote.AbstractProcessor"/>
<Method name="parseHost"/>
@@ -1133,6 +1157,12 @@
<Bug code="Nm" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.naming.java.javaURLContextFactory" />
+ <Field name="initialContext"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Utility classes used to import/export l10n strings -->
<!-- This code does not need to be robust -->
<Or>
@@ -1220,6 +1250,15 @@
<Bug pattern="VO_VOLATILE_INCREMENT" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper" />
+ <Or>
+ <Field name="executor"/>
+ <Field name="taskMap"/>
+ </Or>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Fields do not need to be sync'd for toString() -->
<Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" />
<Or>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f54ca71..84b4a5e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -130,6 +130,9 @@
<update>
Update to Checkstyle 10.0. (markt)
</update>
+ <update>
+ Update to SpotBugs 4.6.0. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org