You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by pm...@apache.org on 2019/09/30 21:15:27 UTC

[jmeter] 04/07: Sonar security Warning: False positives in the context of performance and pen testing which is what JMeter is made for

This is an automated email from the ASF dual-hosted git repository.

pmouawad pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git

commit 5dc63d8cdd2062bb043846c84226d5ff891440d0
Author: pmouawad <p....@ubik-ingenierie.com>
AuthorDate: Mon Sep 30 23:12:36 2019 +0200

    Sonar security Warning: False positives in the context of performance
    and pen testing which is what JMeter is made for
---
 .../org/apache/jmeter/util/CustomX509TrustManager.java   |  5 +++--
 .../org/apache/jmeter/util/TrustAllSSLSocketFactory.java | 16 ++++++++--------
 .../smtp/sampler/protocol/TrustAllSSLSocketFactory.java  |  6 ++----
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java b/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java
index 31795e1..4258e8a 100644
--- a/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java
+++ b/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java
@@ -53,7 +53,7 @@ public class CustomX509TrustManager implements X509TrustManager
      * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String)
      */
     @Override
-    public void checkClientTrusted(X509Certificate[] certificates, String authType) {
+    public void checkClientTrusted(X509Certificate[] certificates, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
         if (log.isDebugEnabled() && certificates != null) {
             for (int i = 0; i < certificates.length; i++) {
                 X509Certificate cert = certificates[i];
@@ -78,7 +78,8 @@ public class CustomX509TrustManager implements X509TrustManager
      * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String)
      */
     @Override
-    public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
+    public void checkServerTrusted(X509Certificate[] certificates,String authType) // NOSONAR JMeter is a pentest and perf testing tool
+            throws CertificateException {
         if (log.isDebugEnabled() && certificates != null) {
             for (int i = 0; i < certificates.length; i++) {
                 X509Certificate cert = certificates[i];
diff --git a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
index 66841dc..16e52ab 100644
--- a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
+++ b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
@@ -35,7 +35,7 @@ import javax.net.ssl.X509ExtendedTrustManager;
  * This class can be used as a SocketFactory with SSL-connections.<p>
  * Its purpose is to ensure that all certificates - no matter from which CA - are accepted to secure the SSL-connection.
  */
-public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
+public class TrustAllSSLSocketFactory extends SSLSocketFactory  { // NOSONAR JMeter is a pentest and perf testing tool
 
     private final SSLSocketFactory factory;
 
@@ -56,11 +56,11 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
                             return EMPTY_X509Certificate;
                         }
                         @Override
-                        public void checkClientTrusted(X509Certificate[] chain, String authType) {
+                        public void checkClientTrusted(X509Certificate[] chain, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                             // NOOP
                         }
                         @Override
-                        public void checkServerTrusted(X509Certificate[] chain, String authType) {
+                        public void checkServerTrusted(X509Certificate[] chain, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                             // NOOP
                         }
                         @Override
@@ -115,7 +115,7 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
     @Override
     public Socket createSocket(InetAddress address, int port,
             InetAddress localAddress, int localPort) throws IOException {
-        return factory.createSocket(address, port, localAddress, localPort);
+        return factory.createSocket(address, port, localAddress, localPort); // NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
@@ -124,7 +124,7 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
     @Override
     public Socket createSocket(InetAddress address, int port) throws
             IOException {
-        return factory.createSocket(address, port);
+        return factory.createSocket(address, port); // NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
@@ -133,7 +133,7 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
     @Override
     public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
     throws IOException {
-        return factory.createSocket(host, port, localHost, localPort);
+        return factory.createSocket(host, port, localHost, localPort); // NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
@@ -141,7 +141,7 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
      */
     @Override
     public Socket createSocket(String host, int port) throws IOException {
-        return factory.createSocket(host, port);
+        return factory.createSocket(host, port); // NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
@@ -149,7 +149,7 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
      */
     @Override
     public Socket createSocket() throws IOException {
-        return factory.createSocket();
+        return factory.createSocket(); // NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
diff --git a/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java b/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
index 9d22e5f..f65ba69 100644
--- a/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
+++ b/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
@@ -56,12 +56,10 @@ public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
                             return EMPTY_X509Certificate;
                         }
                         @Override
-                        public void checkClientTrusted(
-                                X509Certificate[] certs, String authType) {
+                        public void checkClientTrusted(X509Certificate[] certs, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                         }
                         @Override
-                        public void checkServerTrusted(
-                                X509Certificate[] certs, String authType) {
+                        public void checkServerTrusted(X509Certificate[] certs, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                         }
                     }
                 },