You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/23 14:48:51 UTC
[tomcat] branch 8.5.x updated: Additional false positives with
latest SpotBugs
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 6f7d47e Additional false positives with latest SpotBugs
6f7d47e is described below
commit 6f7d47e68e39db2b52fa2ad73bdcebd163a8591f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 23 15:11:19 2021 +0100
Additional false positives with latest SpotBugs
---
res/findbugs/filter-false-positives.xml | 52 +++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/res/findbugs/filter-false-positives.xml b/res/findbugs/filter-false-positives.xml
index e36ec9b..6dee97b 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -215,6 +215,12 @@
<Bug code="Dm" />
</Match>
<Match>
+ <!-- Random will be used multiple times if required. -->
+ <Class name="org.apache.catalina.core.StandardServer"/>
+ <Method name="await"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Sync not targeting these fields -->
<Class name="org.apache.catalina.core.StandardWrapper" />
<Or>
@@ -251,6 +257,13 @@
<Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
</Match>
<Match>
+ <!-- Random will be SecureRandom by default and will be used multiple
+ times. -->
+ <Class name="org.apache.catalina.filters.CsrfPreventionFilterBase"/>
+ <Method name="generateNonce"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- ParseException is ignored in loop but handled afterwards if all formats failed -->
<Class name="org.apache.catalina.filters.RemoteIpFilter$XForwardedRequest" />
<Method name="getDateHeader" />
@@ -383,6 +396,12 @@
<Bug pattern="IS2_INCONSISTENT_SYNC " />
</Match>
<Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.realm.DigestCredentialHandlerBase"/>
+ <Method name="mutate"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- roles will be initialized in addAttributeValues -->
<Class name="org.apache.catalina.realm.JNDIRealm" />
<Or>
@@ -713,11 +732,26 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Random is SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.tribes.util.UUIDGenerator"/>
+ <Or>
+ <Method name="<clinit>"/>
+ <Method name="nextBytes"/>
+ </Or>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.util.LifecycleBase" />
<Method name="getState"/>
<Bug code="UG" />
</Match>
<Match>
+ <!-- Random is SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.catalina.util.SessionIdGeneratorBase"/>
+ <Method name="createSecureRandom"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- the platform default encoding is a fallback -->
<Class name="org.apache.catalina.util.URLEncoder"/>
<Method name="encode"/>
@@ -1555,12 +1589,30 @@
<Bug code="Nm" />
</Match>
<Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.DigestAuthenticator"/>
+ <Method name="getAuthorization"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
+ <!-- Random will be SecureRandom and will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.Util"/>
+ <Method name="generateMask"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Object creation will trigger input processing. -->
<Class name="org.apache.tomcat.websocket.WsWebSocketContainer" />
<Method name="connectToServer" />
<Bug code="DLS" />
</Match>
<Match>
+ <!-- Random will be used multiple times. -->
+ <Class name="org.apache.tomcat.websocket.WsWebSocketContainer"/>
+ <Method name="generateWsKeyValue"/>
+ <Bug pattern="DMI_RANDOM_USED_ONLY_ONCE"/>
+ </Match>
+ <Match>
<!-- Fall-through expected -->
<Class name="org.apache.tomcat.websocket.server.WsHttpUpgradeHandler" />
<Method name="upgradeDispatch"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org