You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/11/14 10:57:48 UTC
[tomcat] 01/05: Fix SpotBug failures in Jasper
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 665a6da487947b40e45c631191d8e831c54704e2
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Nov 14 10:29:05 2019 +0000
Fix SpotBug failures in Jasper
---
.../apache/jasper/compiler/JspRuntimeContext.java | 5 +--
.../apache/jasper/compiler/TagFileProcessor.java | 2 +-
java/org/apache/jasper/el/JasperELResolver.java | 18 ++++++----
.../jasper/resources/LocalStrings.properties | 1 +
.../jasper/resources/LocalStrings_fr.properties | 1 +
.../jasper/resources/LocalStrings_ja.properties | 1 +
.../jasper/resources/LocalStrings_ko.properties | 1 +
.../apache/jasper/runtime/JspRuntimeLibrary.java | 2 +-
.../apache/jasper/servlet/JspServletWrapper.java | 4 +--
res/findbugs/filter-false-positives.xml | 40 +++++++++++++++++-----
10 files changed, 54 insertions(+), 21 deletions(-)
diff --git a/java/org/apache/jasper/compiler/JspRuntimeContext.java b/java/org/apache/jasper/compiler/JspRuntimeContext.java
index 78f3f35..87157ff 100644
--- a/java/org/apache/jasper/compiler/JspRuntimeContext.java
+++ b/java/org/apache/jasper/compiler/JspRuntimeContext.java
@@ -19,6 +19,7 @@ package org.apache.jasper.compiler;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FilePermission;
+import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
@@ -543,8 +544,8 @@ public final class JspRuntimeContext {
// Allow the JSP to access org.apache.jasper.runtime.HttpJspBase
permissions.add( new RuntimePermission(
"accessClassInPackage.org.apache.jasper.runtime") );
- } catch(Exception e) {
- context.log("Security Init for context failed",e);
+ } catch (RuntimeException | IOException e) {
+ context.log(Localizer.getMessage("jsp.error.security"), e);
}
}
return new SecurityHolder(source, permissions);
diff --git a/java/org/apache/jasper/compiler/TagFileProcessor.java b/java/org/apache/jasper/compiler/TagFileProcessor.java
index 910cb47..d26ba94 100644
--- a/java/org/apache/jasper/compiler/TagFileProcessor.java
+++ b/java/org/apache/jasper/compiler/TagFileProcessor.java
@@ -599,7 +599,7 @@ class TagFileProcessor {
entry.getValue());
}
}
- } catch (Exception e) {
+ } catch (RuntimeException | ReflectiveOperationException e) {
// ignore errors
}
diff --git a/java/org/apache/jasper/el/JasperELResolver.java b/java/org/apache/jasper/el/JasperELResolver.java
index 3eaab88..07d07a2 100644
--- a/java/org/apache/jasper/el/JasperELResolver.java
+++ b/java/org/apache/jasper/el/JasperELResolver.java
@@ -18,6 +18,7 @@
package org.apache.jasper.el;
import java.util.List;
+import java.util.concurrent.atomic.AtomicInteger;
import javax.el.ArrayELResolver;
import javax.el.BeanELResolver;
@@ -41,15 +42,14 @@ public class JasperELResolver extends CompositeELResolver {
private static final int STANDARD_RESOLVERS_COUNT = 9;
- private int size;
- private ELResolver[] resolvers;
+ private AtomicInteger resolversSize = new AtomicInteger(0);
+ private volatile ELResolver[] resolvers;
private final int appResolversSize;
public JasperELResolver(List<ELResolver> appResolvers,
ELResolver streamResolver) {
appResolversSize = appResolvers.size();
resolvers = new ELResolver[appResolversSize + STANDARD_RESOLVERS_COUNT];
- size = 0;
add(new ImplicitObjectELResolver());
for (ELResolver appResolver : appResolvers) {
@@ -69,6 +69,8 @@ public class JasperELResolver extends CompositeELResolver {
public synchronized void add(ELResolver elResolver) {
super.add(elResolver);
+ int size = resolversSize.get();
+
if (resolvers.length > size) {
resolvers[size] = elResolver;
} else {
@@ -78,7 +80,7 @@ public class JasperELResolver extends CompositeELResolver {
resolvers = nr;
}
- size ++;
+ resolversSize.incrementAndGet();
}
@Override
@@ -106,6 +108,7 @@ public class JasperELResolver extends CompositeELResolver {
start = 1;
}
+ int size = resolversSize.get();
for (int i = start; i < size; i++) {
result = resolvers[i].getValue(context, base, property);
if (context.isPropertyResolved()) {
@@ -143,6 +146,7 @@ public class JasperELResolver extends CompositeELResolver {
// skip collection (map, resource, list, and array) resolvers
index += 4;
// call bean and the rest of resolvers
+ int size = resolversSize.get();
for (int i = index; i < size; i++) {
result = resolvers[i].invoke(
context, base, targetMethod, paramTypes, params);
@@ -154,8 +158,8 @@ public class JasperELResolver extends CompositeELResolver {
return null;
}
- /**
- * Copied from {@link org.apache.el.lang.ELSupport#coerceToString(ELContext,Object)}.
+ /*
+ * Copied from org.apache.el.lang.ELSupport#coerceToString(ELContext,Object)
*/
private static final String coerceToString(final Object obj) {
if (obj == null) {
@@ -168,4 +172,4 @@ public class JasperELResolver extends CompositeELResolver {
return obj.toString();
}
}
-}
\ No newline at end of file
+}
diff --git a/java/org/apache/jasper/resources/LocalStrings.properties b/java/org/apache/jasper/resources/LocalStrings.properties
index 20ad2c7..929bb6a 100644
--- a/java/org/apache/jasper/resources/LocalStrings.properties
+++ b/java/org/apache/jasper/resources/LocalStrings.properties
@@ -168,6 +168,7 @@ jsp.error.prolog_config_encoding_mismatch=Page-encoding specified in XML prolog
jsp.error.prolog_pagedir_encoding_mismatch=Page-encoding specified in XML prolog [{0}] is different from that specified in page directive [{1}]
jsp.error.quotes.unterminated=Unterminated quotes
jsp.error.scripting.variable.missing_name=Unable to determine scripting variable name from attribute [{0}]
+jsp.error.security=Security initialization failed for context
jsp.error.servlet.destroy.failed=Exception during Servlet.destroy() for JSP page
jsp.error.servlet.invalid.method=JSPs only permit GET POST or HEAD
jsp.error.setLastModified=Unable to set last modified date for file [{0}]
diff --git a/java/org/apache/jasper/resources/LocalStrings_fr.properties b/java/org/apache/jasper/resources/LocalStrings_fr.properties
index 6e0d1e6..5010b4b 100644
--- a/java/org/apache/jasper/resources/LocalStrings_fr.properties
+++ b/java/org/apache/jasper/resources/LocalStrings_fr.properties
@@ -168,6 +168,7 @@ jsp.error.prolog_config_encoding_mismatch=Le page-encoding spécifié dans le pr
jsp.error.prolog_pagedir_encoding_mismatch=L''encodage spécifié dans le prologue XML [{0}] est différent de celui spécifié dans la directive de page [{1}]
jsp.error.quotes.unterminated=Guillemets non terminés
jsp.error.scripting.variable.missing_name=Incapable de déterminer le nom de variable scripting d''après l''attribut [{0}]
+jsp.error.security=L'initialisation de la sécurité a échouée pour le contexte
jsp.error.servlet.destroy.failed=Erreur pendant le Servlet.destroy() de la page JSP
jsp.error.setLastModified=Impossible de fixer la date de dernière modification pour le fichier [{0}]
jsp.error.signature.classnotfound=La classe [{0}] spećifié dans la signature de la méthode dans la TLD pour la fonction [{1}] n''a pas pu être trouvée [{2}]
diff --git a/java/org/apache/jasper/resources/LocalStrings_ja.properties b/java/org/apache/jasper/resources/LocalStrings_ja.properties
index c936750..7a10510 100644
--- a/java/org/apache/jasper/resources/LocalStrings_ja.properties
+++ b/java/org/apache/jasper/resources/LocalStrings_ja.properties
@@ -168,6 +168,7 @@ jsp.error.prolog_config_encoding_mismatch=XML導入部で指定されたpage-enc
jsp.error.prolog_pagedir_encoding_mismatch=XML導入部で指定されたpage-encoding [{0}] がpage指示子中の指定 [{1}] と違います
jsp.error.quotes.unterminated=引用符が終了していません
jsp.error.scripting.variable.missing_name=属性 [{0}] からスクリプト変数名を決定できません
+jsp.error.security=コンテキストのセキュリティの初期化に失敗しました。
jsp.error.servlet.destroy.failed=JSPページのServlet.destroy()の例外
jsp.error.setLastModified=ファイル[{0}]の最終更新日を設定できません
jsp.error.signature.classnotfound=TLDの中のメソッドシグネチャで関数 [{1}] に指定されているクラス [{0}] が見つかりません。 [{2}]
diff --git a/java/org/apache/jasper/resources/LocalStrings_ko.properties b/java/org/apache/jasper/resources/LocalStrings_ko.properties
index 1ef05d4..4361c42 100644
--- a/java/org/apache/jasper/resources/LocalStrings_ko.properties
+++ b/java/org/apache/jasper/resources/LocalStrings_ko.properties
@@ -167,6 +167,7 @@ jsp.error.prolog_config_encoding_mismatch=XML 프롤로그 [{0}]에 지정된
jsp.error.prolog_pagedir_encoding_mismatch=XML 프롤로그 [{0}]에 지정된 페이지 인코딩이, 페이지 지시어 [{1}]에 지정된 것과 다릅니다.
jsp.error.quotes.unterminated=종료되지 않은 인용부들
jsp.error.scripting.variable.missing_name=속성 [{0}](으)로부터 스크립팅 변수 이름을 결정할 수 없습니다.
+jsp.error.security=컨텍스트를 위한 보안 초기화 작업이 실패했습니다.
jsp.error.servlet.destroy.failed=JSP 페이지를 위한 Servlet.destroy() 호출 중 예외 발생
jsp.error.setLastModified=파일 [{0}]의 최종 변경 시간을 설정할 수 없습니다.
jsp.error.signature.classnotfound=TLD 내에 function [{1}]을 위해 지정된 메소드 signature에 포함된 클래스 [{0}]을(를) 찾을 수 없습니다. [{2}]
diff --git a/java/org/apache/jasper/runtime/JspRuntimeLibrary.java b/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
index a7fde0a..e846229 100644
--- a/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
+++ b/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
@@ -487,7 +487,7 @@ public class JspRuntimeLibrary {
}
method.invoke (bean, new Object[] {tmpval});
}
- } catch (Exception ex) {
+ } catch (RuntimeException | ReflectiveOperationException ex) {
Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
ExceptionUtils.handleThrowable(thr);
throw new JasperException ("error in invoking method", ex);
diff --git a/java/org/apache/jasper/servlet/JspServletWrapper.java b/java/org/apache/jasper/servlet/JspServletWrapper.java
index d7f54de..7eca184 100644
--- a/java/org/apache/jasper/servlet/JspServletWrapper.java
+++ b/java/org/apache/jasper/servlet/JspServletWrapper.java
@@ -81,9 +81,9 @@ public class JspServletWrapper {
// Logger
private final Log log = LogFactory.getLog(JspServletWrapper.class); // must not be static
- private Servlet theServlet;
+ private volatile Servlet theServlet;
private final String jspUri;
- private Class<?> tagHandlerClass;
+ private volatile Class<?> tagHandlerClass;
private final JspCompilationContext ctxt;
private long available = 0L;
private final ServletConfig config;
diff --git a/res/findbugs/filter-false-positives.xml b/res/findbugs/filter-false-positives.xml
index eb037f8..b2ed8f1 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -869,18 +869,20 @@
<Bug code="Dm" />
</Match>
<Match>
- <!-- Yes this is a dead store. This is so the IDE warning can be suppressed.
- The object creation has side-effects so the code is required. -->
- <Class name="org.apache.jasper.compiler.JspDocumentParser" />
- <Method name="comment"/>
- <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
- </Match>
- <Match>
<!-- Node constructors add node to parent. Local variable is used to
silence an Eclipse warning -->
<Class name="org.apache.jasper.compiler.ELFunctionMapper"/>
<Method name="map"/>
- <Bug code="DLS"/>
+ <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
+ </Match>
+ <Match>
+ <!-- Sync is not protecting these fields -->
+ <Class name="org.apache.jasper.compiler.JspConfig"/>
+ <Or>
+ <Field name="defaultDeferedSyntaxAllowedAsLiteral" />
+ <Field name="defaultIsELIgnored" />
+ </Or>
+ <Bug pattern="IS2_INCONSISTENT_SYNC"/>
</Match>
<Match>
<!-- NPE is not possible -->
@@ -895,6 +897,16 @@
<Bug code="NP"/>
</Match>
<Match>
+ <!-- Yes this is a dead store. This is so the IDE warning can be suppressed.
+ The object creation has side-effects so the code is required. -->
+ <Class name="org.apache.jasper.compiler.JspDocumentParser" />
+ <Or>
+ <Method name="comment"/>
+ <Method name="processChars"/>
+ </Or>
+ <Bug pattern="DLS_DEAD_LOCAL_STORE"/>
+ </Match>
+ <Match>
<!-- Returning null is intentional -->
<Class name="org.apache.jasper.compiler.JspReader"/>
<Method name="indexOf"/>
@@ -913,6 +925,12 @@
<Bug code="ES"/>
</Match>
<Match>
+ <!-- Sync is not protecting this field -->
+ <Class name="org.apache.jasper.compiler.SmapGenerator"/>
+ <Field name="doEmbedded" />
+ <Bug pattern="IS2_INCONSISTENT_SYNC"/>
+ </Match>
+ <Match>
<!-- Only base null is handled by this resolver -->
<Class name="org.apache.jasper.el.ELResolverImpl"/>
<Or>
@@ -924,6 +942,12 @@
<Bug code="NP" />
</Match>
<Match>
+ <!-- Array contents are not mutated -->
+ <Class name="org.apache.jasper.el.JasperELResolver"/>
+ <Field name="resolvers" />
+ <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
+ </Match>
+ <Match>
<!-- base null is handled by this resolver -->
<Class name="org.apache.jasper.el.JasperELResolver"/>
<Method name="getValue" />
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org