[jmeter] 04/07: Sonar security Warning: False positives in the context of performance and pen testing which is what JMeter is made for

Mon, 30 Sep 2019 14:16:07 -0700 

This is an automated email from the ASF dual-hosted git repository.

pmouawad pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git

commit 5dc63d8cdd2062bb043846c84226d5ff891440d0
Author: pmouawad <[email protected]>
AuthorDate: Mon Sep 30 23:12:36 2019 +0200

    Sonar security Warning: False positives in the context of performance
    and pen testing which is what JMeter is made for
---
 .../org/apache/jmeter/util/CustomX509TrustManager.java   |  5 +++--
 .../org/apache/jmeter/util/TrustAllSSLSocketFactory.java | 16 ++++++++--------
 .../smtp/sampler/protocol/TrustAllSSLSocketFactory.java  |  6 ++----
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git 
a/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java 
b/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java
index 31795e1..4258e8a 100644
--- a/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java
+++ b/src/core/src/main/java/org/apache/jmeter/util/CustomX509TrustManager.java
@@ -53,7 +53,7 @@ public class CustomX509TrustManager implements 
X509TrustManager
      * @see 
javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String)
      */
     @Override
-    public void checkClientTrusted(X509Certificate[] certificates, String 
authType) {
+    public void checkClientTrusted(X509Certificate[] certificates, String 
authType) { // NOSONAR JMeter is a pentest and perf testing tool
         if (log.isDebugEnabled() && certificates != null) {
             for (int i = 0; i < certificates.length; i++) {
                 X509Certificate cert = certificates[i];
@@ -78,7 +78,8 @@ public class CustomX509TrustManager implements 
X509TrustManager
      * @see 
javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String)
      */
     @Override
-    public void checkServerTrusted(X509Certificate[] certificates,String 
authType) throws CertificateException {
+    public void checkServerTrusted(X509Certificate[] certificates,String 
authType) // NOSONAR JMeter is a pentest and perf testing tool
+            throws CertificateException {
         if (log.isDebugEnabled() && certificates != null) {
             for (int i = 0; i < certificates.length; i++) {
                 X509Certificate cert = certificates[i];
diff --git 
a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java 
b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
index 66841dc..16e52ab 100644
--- 
a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
+++ 
b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
@@ -35,7 +35,7 @@ import javax.net.ssl.X509ExtendedTrustManager;
  * This class can be used as a SocketFactory with SSL-connections.<p>
  * Its purpose is to ensure that all certificates - no matter from which CA - 
are accepted to secure the SSL-connection.
  */
-public class TrustAllSSLSocketFactory extends SSLSocketFactory  {
+public class TrustAllSSLSocketFactory extends SSLSocketFactory  { // NOSONAR 
JMeter is a pentest and perf testing tool
 
     private final SSLSocketFactory factory;
 
@@ -56,11 +56,11 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
                             return EMPTY_X509Certificate;
                         }
                         @Override
-                        public void checkClientTrusted(X509Certificate[] 
chain, String authType) {
+                        public void checkClientTrusted(X509Certificate[] 
chain, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                             // NOOP
                         }
                         @Override
-                        public void checkServerTrusted(X509Certificate[] 
chain, String authType) {
+                        public void checkServerTrusted(X509Certificate[] 
chain, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                             // NOOP
                         }
                         @Override
@@ -115,7 +115,7 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
     @Override
     public Socket createSocket(InetAddress address, int port,
             InetAddress localAddress, int localPort) throws IOException {
-        return factory.createSocket(address, port, localAddress, localPort);
+        return factory.createSocket(address, port, localAddress, localPort); 
// NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
@@ -124,7 +124,7 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
     @Override
     public Socket createSocket(InetAddress address, int port) throws
             IOException {
-        return factory.createSocket(address, port);
+        return factory.createSocket(address, port); // NOSONAR JMeter is a 
pentest and perf testing tool
     }
 
     /**
@@ -133,7 +133,7 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
     @Override
     public Socket createSocket(String host, int port, InetAddress localHost, 
int localPort)
     throws IOException {
-        return factory.createSocket(host, port, localHost, localPort);
+        return factory.createSocket(host, port, localHost, localPort); // 
NOSONAR JMeter is a pentest and perf testing tool
     }
 
     /**
@@ -141,7 +141,7 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
      */
     @Override
     public Socket createSocket(String host, int port) throws IOException {
-        return factory.createSocket(host, port);
+        return factory.createSocket(host, port); // NOSONAR JMeter is a 
pentest and perf testing tool
     }
 
     /**
@@ -149,7 +149,7 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
      */
     @Override
     public Socket createSocket() throws IOException {
-        return factory.createSocket();
+        return factory.createSocket(); // NOSONAR JMeter is a pentest and perf 
testing tool
     }
 
     /**
diff --git 
a/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
 
b/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
index 9d22e5f..f65ba69 100644
--- 
a/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
+++ 
b/src/protocol/mail/src/main/java/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
@@ -56,12 +56,10 @@ public class TrustAllSSLSocketFactory extends 
SSLSocketFactory  {
                             return EMPTY_X509Certificate;
                         }
                         @Override
-                        public void checkClientTrusted(
-                                X509Certificate[] certs, String authType) {
+                        public void checkClientTrusted(X509Certificate[] 
certs, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                         }
                         @Override
-                        public void checkServerTrusted(
-                                X509Certificate[] certs, String authType) {
+                        public void checkServerTrusted(X509Certificate[] 
certs, String authType) { // NOSONAR JMeter is a pentest and perf testing tool
                         }
                     }
                 },

Reply via email to