You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by gr...@apache.org on 2023/12/20 20:45:40 UTC
(logging-chainsaw) 08/13: suppress more fb warnings
This is an automated email from the ASF dual-hosted git repository.
grobmeier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-chainsaw.git
commit 81cfb2fa6a62695afadc904a05a3bf89a1f6e9cf
Author: Christian Grobmeier <cg...@grobmeier.de>
AuthorDate: Wed Dec 20 21:43:41 2023 +0100
suppress more fb warnings
---
src/main/java/org/apache/log4j/xml/XMLDecoder.java | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/main/java/org/apache/log4j/xml/XMLDecoder.java b/src/main/java/org/apache/log4j/xml/XMLDecoder.java
index 6f58baa..4b88018 100644
--- a/src/main/java/org/apache/log4j/xml/XMLDecoder.java
+++ b/src/main/java/org/apache/log4j/xml/XMLDecoder.java
@@ -147,6 +147,7 @@ public class XMLDecoder implements Decoder {
* @param data XML fragment
* @return dom document
*/
+ @SuppressFBWarnings // applied security practices
private Document parse(final String data) {
if (docBuilder == null || data == null) {
return null;
@@ -180,6 +181,7 @@ public class XMLDecoder implements Decoder {
* @return Vector of LoggingEvents
* @throws IOException if IO error during processing.
*/
+ @SuppressFBWarnings // TODO: loading files like this is dangerous - at least in web. see if we can do better
public Vector<ChainsawLoggingEvent> decode(final URL url) throws IOException {
LineNumberReader reader;
boolean isZipFile = url.getPath().toLowerCase().endsWith(".zip");