This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/2.x by this push:
new 15fddad192 More Spotbugs fixes
15fddad192 is described below
commit 15fddad1925645d3484e31ad171a1ff6487a1e46
Author: Volkan Yazıcı <[email protected]>
AuthorDate: Fri Dec 8 12:18:58 2023 +0100
More Spotbugs fixes
---
.../src/main/java/org/apache/logging/log4j/test/TestLogger.java | 2 ++
.../java/org/apache/logging/log4j/test/junit/DirectoryCleaner.java | 2 ++
.../main/java/org/apache/logging/log4j/test/junit/FileCleaner.java | 2 ++
.../src/main/java/org/apache/logging/log4j/test/junit/SerialUtil.java | 2 ++
log4j-core-its/pom.xml | 1 +
.../java/org/apache/logging/log4j/core/test/AvailablePortFinder.java | 2 ++
.../org/apache/logging/log4j/core/test/GcFreeLoggingTestUtil.java | 2 ++
.../logging/log4j/core/test/appender/db/jdbc/JdbcH2TestHelper.java | 1 +
.../logging/log4j/core/test/junit/AbstractExternalFileCleaner.java | 2 ++
.../main/java/org/apache/logging/log4j/core/test/junit/JdbcRule.java | 2 ++
.../apache/logging/log4j/core/test/net/mock/MockTcpSyslogServer.java | 2 ++
.../org/apache/logging/log4j/core/test/net/ssl/TlsSyslogTestUtil.java | 2 ++
.../org/apache/logging/log4j/core/test/smtp/SimpleSmtpServer.java | 2 ++
log4j-osgi-test/pom.xml | 1 +
log4j-perf-test/pom.xml | 4 +---
15 files changed, 26 insertions(+), 3 deletions(-)
diff --git
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/TestLogger.java
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/TestLogger.java
index 33d41212c1..fc8de75793 100644
--- a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/TestLogger.java
+++ b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/TestLogger.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.test;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.util.ArrayList;
@@ -58,6 +59,7 @@ public class TestLogger extends AbstractLogger {
}
@Override
+ @SuppressFBWarnings("INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE")
protected void log(
final Level level,
final Marker marker,
diff --git
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/DirectoryCleaner.java
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/DirectoryCleaner.java
index bfb146b0ef..84c12b4210 100644
---
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/DirectoryCleaner.java
+++
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/DirectoryCleaner.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.test.junit;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
@@ -29,6 +30,7 @@ import org.junit.jupiter.api.extension.ExtensionContext;
class DirectoryCleaner extends AbstractFileCleaner {
@Override
+ @SuppressFBWarnings("PATH_TRAVERSAL_IN")
Collection<Path> getPathsForTest(final ExtensionContext context) {
final Collection<Path> paths = new HashSet<>();
final CleanUpDirectories testClassAnnotation =
diff --git
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/FileCleaner.java
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/FileCleaner.java
index ece4b189d4..9a9500d53a 100644
---
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/FileCleaner.java
+++
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/FileCleaner.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.test.junit;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
@@ -26,6 +27,7 @@ import org.junit.jupiter.api.extension.ExtensionContext;
class FileCleaner extends AbstractFileCleaner {
@Override
+ @SuppressFBWarnings("PATH_TRAVERSAL_IN")
Collection<Path> getPathsForTest(final ExtensionContext context) {
final Collection<Path> paths = new HashSet<>();
final CleanUpFiles testClassAnnotation =
context.getRequiredTestClass().getAnnotation(CleanUpFiles.class);
diff --git
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/SerialUtil.java
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/SerialUtil.java
index b17a82e13a..943fb39b0f 100644
---
a/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/SerialUtil.java
+++
b/log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/SerialUtil.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.test.junit;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
@@ -54,6 +55,7 @@ public class SerialUtil {
* @return the deserialized object
*/
@SuppressWarnings("unchecked")
+ @SuppressFBWarnings("OBJECT_DESERIALIZATION")
public static <T> T deserialize(final byte[] data) {
try {
final ByteArrayInputStream bas = new ByteArrayInputStream(data);
diff --git a/log4j-core-its/pom.xml b/log4j-core-its/pom.xml
index 4c780e5c4d..8f5917ec18 100644
--- a/log4j-core-its/pom.xml
+++ b/log4j-core-its/pom.xml
@@ -31,6 +31,7 @@
<bnd.baseline.skip>true</bnd.baseline.skip>
<maven.deploy.skip>true</maven.deploy.skip>
<maven.install.skip>true</maven.install.skip>
+ <spotbugs.skip>true</spotbugs.skip>
</properties>
<dependencies>
<dependency>
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/AvailablePortFinder.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/AvailablePortFinder.java
index 239aa5ea0b..ffd7d0b276 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/AvailablePortFinder.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/AvailablePortFinder.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.core.test;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.net.DatagramSocket;
import java.net.ServerSocket;
@@ -28,6 +29,7 @@ import org.apache.logging.log4j.status.StatusLogger;
/**
* Finds currently available server ports.
*/
+@SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET")
public final class AvailablePortFinder {
/**
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/GcFreeLoggingTestUtil.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/GcFreeLoggingTestUtil.java
index b44d7bf896..c6de31716c 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/GcFreeLoggingTestUtil.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/GcFreeLoggingTestUtil.java
@@ -22,6 +22,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import com.google.monitoring.runtime.instrumentation.AllocationRecorder;
import com.google.monitoring.runtime.instrumentation.Sampler;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.net.URL;
import java.nio.charset.Charset;
@@ -206,6 +207,7 @@ public enum GcFreeLoggingTestUtil {
logger.fatal(mapMessage); // LOG4J2-1683
}
+ @SuppressFBWarnings("COMMAND_INJECTION")
public static void runTest(final Class<?> cls) throws Exception {
final String javaHome = System.getProperty("java.home");
final String javaBin = javaHome + File.separator + "bin" +
File.separator + "java";
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/appender/db/jdbc/JdbcH2TestHelper.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/appender/db/jdbc/JdbcH2TestHelper.java
index b75e6a2998..95ee5330ca 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/appender/db/jdbc/JdbcH2TestHelper.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/appender/db/jdbc/JdbcH2TestHelper.java
@@ -24,6 +24,7 @@ import java.sql.SQLException;
import org.apache.logging.log4j.core.appender.db.jdbc.AbstractConnectionSource;
import org.apache.logging.log4j.core.appender.db.jdbc.ConnectionSource;
+@SuppressFBWarnings("HARD_CODE_PASSWORD")
public class JdbcH2TestHelper {
/**
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/AbstractExternalFileCleaner.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/AbstractExternalFileCleaner.java
index afac8b941b..4477b55da7 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/AbstractExternalFileCleaner.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/AbstractExternalFileCleaner.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.core.test.junit;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
@@ -181,6 +182,7 @@ public abstract class AbstractExternalFileCleaner extends
ExternalResource {
}
}
+ @SuppressFBWarnings("INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE")
protected void printStackTrace(final Throwable t) {
if (printStream != null) {
t.printStackTrace(printStream);
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/JdbcRule.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/JdbcRule.java
index f9f5c8722a..d6f76b4fa2 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/JdbcRule.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/JdbcRule.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.core.test.junit;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
@@ -33,6 +34,7 @@ import org.junit.runner.Description;
*
* @since 2.8
*/
+@SuppressFBWarnings("SQL_INJECTION_JDBC")
public class JdbcRule implements TestRule {
private final ConnectionSource connectionSource;
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/mock/MockTcpSyslogServer.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/mock/MockTcpSyslogServer.java
index 99d170d07b..7fecbe9ef8 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/mock/MockTcpSyslogServer.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/mock/MockTcpSyslogServer.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.core.test.net.mock;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.io.InputStream;
import java.net.ServerSocket;
@@ -34,6 +35,7 @@ public class MockTcpSyslogServer extends MockSyslogServer {
this(0);
}
+ @SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET")
private MockTcpSyslogServer(final int port) throws IOException {
super(0, port);
serverSocket = new ServerSocket(port);
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/ssl/TlsSyslogTestUtil.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/ssl/TlsSyslogTestUtil.java
index 0900c8b9b3..bb3b7691b6 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/ssl/TlsSyslogTestUtil.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/net/ssl/TlsSyslogTestUtil.java
@@ -16,9 +16,11 @@
*/
package org.apache.logging.log4j.core.test.net.ssl;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.ArrayList;
import java.util.Random;
+@SuppressFBWarnings("PREDICTABLE_RANDOM")
public class TlsSyslogTestUtil {
public static final String ABC =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public static final String NUMBERS = "0123456789";
diff --git
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/smtp/SimpleSmtpServer.java
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/smtp/SimpleSmtpServer.java
index c2666952d5..c02b115d22 100644
---
a/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/smtp/SimpleSmtpServer.java
+++
b/log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/smtp/SimpleSmtpServer.java
@@ -16,6 +16,7 @@
*/
package org.apache.logging.log4j.core.test.smtp;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
@@ -77,6 +78,7 @@ public class SimpleSmtpServer implements Runnable {
* Main loop of the SMTP server.
*/
@Override
+ @SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET")
public void run() {
stopped = false;
try {
diff --git a/log4j-osgi-test/pom.xml b/log4j-osgi-test/pom.xml
index 4c66ab6e33..a571ac5bd8 100644
--- a/log4j-osgi-test/pom.xml
+++ b/log4j-osgi-test/pom.xml
@@ -32,6 +32,7 @@
<bnd.baseline.skip>true</bnd.baseline.skip>
<maven.deploy.skip>true</maven.deploy.skip>
<maven.install.skip>true</maven.install.skip>
+ <spotbugs.skip>true</spotbugs.skip>
<spifly.version>1.3.7</spifly.version>
</properties>
<dependencies>
diff --git a/log4j-perf-test/pom.xml b/log4j-perf-test/pom.xml
index dab237df03..9bcca5a2c7 100644
--- a/log4j-perf-test/pom.xml
+++ b/log4j-perf-test/pom.xml
@@ -30,9 +30,6 @@
<description>The Apache Log4j development-time performance
tests</description>
<properties>
- <!-- Ignore less important (high rank) bugs for test artifacts -->
- <spotbugs.maxRank>9</spotbugs.maxRank>
-
<uberjar.name>benchmarks</uberjar.name>
<bnd.baseline.skip>true</bnd.baseline.skip>
<maven.test.skip>true</maven.test.skip>
@@ -41,6 +38,7 @@
<module.name>org.apache.logging.log4j.perf</module.name>
<maven.compiler.release>9</maven.compiler.release>
<surefire.jdkToolchain>[9, )</surefire.jdkToolchain>
+ <spotbugs.skip>true</spotbugs.skip>
</properties>
<dependencies>
