You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/15 14:41:32 UTC
[tomcat] 01/02: Update to SpotBugs 4.6.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1d700dd1bb6b816e22a8592c125b16abc34783e5
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 15 14:00:22 2022 +0000
Update to SpotBugs 4.6.0
---
build.properties.default | 4 ++--
res/spotbugs/filter-false-positives.xml | 39 +++++++++++++++++++++++++++++++++
webapps/docs/changelog.xml | 3 +++
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index a6a2e48..d25e72b 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -287,10 +287,10 @@ jacoco.jar=${jacoco.home}/lib/jacocoant.jar
jacoco.loc=${base-maven.loc}/org/jacoco/jacoco/${jacoco.version}/jacoco-${jacoco.version}.zip
# ----- SpotBugs (originally FindBugs) -----
-spotbugs.version=4.5.2
+spotbugs.version=4.6.0
spotbugs.checksum.enabled=true
spotbugs.checksum.algorithm=SHA-512
-spotbugs.checksum.value=6e6d4aab1a935f47f9cf4983c30c5c338a257339bd2a6ae4fea2204683d973a67bb95a9204e387ebf9c31070a998367afa12a3b1f812b01f2e27715b704bf194
+spotbugs.checksum.value=c3ebc5761299b253e7e563a0a71f931ffa6ab3861380abb246d2258a916c9c6d40f6582dbe10b084d6932536c38f6d8bd7711456b6b7eef7c83df770915ecf1e
spotbugs.home=${base.path}/spotbugs-${spotbugs.version}
spotbugs.jar=${spotbugs.home}/lib/spotbugs-ant.jar
spotbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${spotbugs.version}/spotbugs-${spotbugs.version}.tgz
diff --git a/res/spotbugs/filter-false-positives.xml b/res/spotbugs/filter-false-positives.xml
index 00189b0..b6cc8ba 100644
--- a/res/spotbugs/filter-false-positives.xml
+++ b/res/spotbugs/filter-false-positives.xml
@@ -42,6 +42,12 @@
<Bug code="NP" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="jakarta.security.auth.message.config.AuthConfigFactory"/>
+ <Field name="factory"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Null is not possible here -->
<Class name="jakarta.servlet.http.HttpServlet$NoBodyPrintWriter"/>
<Method name="resetBuffer"/>
@@ -426,6 +432,12 @@
<Bug pattern="IS2_INCONSISTENT_SYNC " />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.realm.MemoryRealm" />
+ <Field name="digester"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- request.getRequestPathMB(), request.getQueryString() can be null because
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
<Class name="org.apache.catalina.realm.RealmBase"/>
@@ -641,6 +653,12 @@
<Bug pattern="WA_NOT_IN_LOOP"/>
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.tribes.io.BufferPool" />
+ <Field name="instance"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/>
<Method name="stop"/>
<Bug code="DE"/>
@@ -846,6 +864,12 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.catalina.webresources.TomcatURLStreamHandlerFactory"/>
+ <Field name="instance"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Switch fall-though is deliberate -->
<Class name="org.apache.coyote.AbstractProcessor"/>
<Method name="parseHost"/>
@@ -1149,6 +1173,12 @@
<Bug code="Nm" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.naming.java.javaURLContextFactory" />
+ <Field name="initialContext"/>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Utility classes used to import/export l10n strings -->
<!-- This code does not need to be robust -->
<Or>
@@ -1236,6 +1266,15 @@
<Bug pattern="VO_VOLATILE_INCREMENT" />
</Match>
<Match>
+ <!-- Class lock is not an instance lock -->
+ <Class name="org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper" />
+ <Or>
+ <Field name="executor"/>
+ <Field name="taskMap"/>
+ </Or>
+ <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
+ </Match>
+ <Match>
<!-- Fields do not need to be sync'd for toString() -->
<Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" />
<Or>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e2089e6..70b950d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -130,6 +130,9 @@
<update>
Update to Checkstyle 10.0. (markt)
</update>
+ <update>
+ Update to SpotBugs 4.6.0. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org