Repository: zookeeper Updated Branches: refs/heads/branch-3.4 a378ea163 -> 2019d29f9
ZOOKEEPER-2731: Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings There are two interesting parts to this change. The first is in the Jute compiler. Fields that are declared buffers (translated to byte[] in java) now perform a clone in the constructor and while "getting and setting", following best practice. This prevents accidental changes to arrays once passed into or out of jute records but may negatively impact memory usage and performance. Would be interested in hearing if people think this is acceptable. The second is in ZooDefs. We are currently declaring our predefined ACL lists with `new ArrayList<ACL>(Collections.singletonList(new ACL(...`. This seems strange to me as we appear to be converting a List type to an ArrayList. Would be great if someone could shed some light on why we do this. I think this logic can be simplified to `Collections.singletonList(new ACL(...` with the added bonus that the resulting list is immutable (making FindBugs happy). Thanks, Abe Author: Abraham Fine <[email protected]> Reviewers: Michael Han <[email protected]>, Rakesh Radhakrishnan <[email protected]> Closes #232 from afine/ZOOKEEPER-2731 Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/2019d29f Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/2019d29f Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/2019d29f Branch: refs/heads/branch-3.4 Commit: 2019d29f908ac61e0b4e10e329d47fe8da99c244 Parents: a378ea1 Author: Abraham Fine <[email protected]> Authored: Wed May 24 03:47:24 2017 -0700 Committer: Rakesh Radhakrishnan <[email protected]> Committed: Wed May 24 03:47:24 2017 -0700 ---------------------------------------------------------------------- src/java/main/org/apache/zookeeper/Environment.java | 2 +- src/java/main/org/apache/zookeeper/ZooKeeperMain.java | 2 +- .../main/org/apache/zookeeper/server/ServerCnxn.java | 2 +- src/java/test/config/findbugsExcludeFile.xml | 11 +++++++++++ 4 files changed, 14 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zookeeper/blob/2019d29f/src/java/main/org/apache/zookeeper/Environment.java ---------------------------------------------------------------------- diff --git a/src/java/main/org/apache/zookeeper/Environment.java b/src/java/main/org/apache/zookeeper/Environment.java index 34cac4c..51797a1 100644 --- a/src/java/main/org/apache/zookeeper/Environment.java +++ b/src/java/main/org/apache/zookeeper/Environment.java @@ -31,7 +31,7 @@ import org.slf4j.LoggerFactory; * */ public class Environment { - public static String JAAS_CONF_KEY = "java.security.auth.login.config"; + public static final String JAAS_CONF_KEY = "java.security.auth.login.config"; public static class Entry { private String k; http://git-wip-us.apache.org/repos/asf/zookeeper/blob/2019d29f/src/java/main/org/apache/zookeeper/ZooKeeperMain.java ---------------------------------------------------------------------- diff --git a/src/java/main/org/apache/zookeeper/ZooKeeperMain.java b/src/java/main/org/apache/zookeeper/ZooKeeperMain.java index 48aaa73..74b05c2 100644 --- a/src/java/main/org/apache/zookeeper/ZooKeeperMain.java +++ b/src/java/main/org/apache/zookeeper/ZooKeeperMain.java @@ -50,7 +50,7 @@ import java.util.regex.Pattern; */ public class ZooKeeperMain { private static final Logger LOG = LoggerFactory.getLogger(ZooKeeperMain.class); - protected static final Map<String,String> commandMap = new HashMap<String,String>( ); + static final Map<String,String> commandMap = new HashMap<String,String>( ); protected MyCommandOptions cl = new MyCommandOptions(); protected HashMap<Integer,String> history = new HashMap<Integer,String>( ); http://git-wip-us.apache.org/repos/asf/zookeeper/blob/2019d29f/src/java/main/org/apache/zookeeper/server/ServerCnxn.java ---------------------------------------------------------------------- diff --git a/src/java/main/org/apache/zookeeper/server/ServerCnxn.java b/src/java/main/org/apache/zookeeper/server/ServerCnxn.java index b554df9..ad259e3 100644 --- a/src/java/main/org/apache/zookeeper/server/ServerCnxn.java +++ b/src/java/main/org/apache/zookeeper/server/ServerCnxn.java @@ -234,7 +234,7 @@ public abstract class ServerCnxn implements Stats, Watcher { protected final static int isroCmd = ByteBuffer.wrap("isro".getBytes()) .getInt(); - protected final static Map<Integer, String> cmd2String = new HashMap<Integer, String>(); + final static Map<Integer, String> cmd2String = new HashMap<Integer, String>(); private static final String ZOOKEEPER_4LW_COMMANDS_WHITELIST = "zookeeper.4lw.commands.whitelist"; http://git-wip-us.apache.org/repos/asf/zookeeper/blob/2019d29f/src/java/test/config/findbugsExcludeFile.xml ---------------------------------------------------------------------- diff --git a/src/java/test/config/findbugsExcludeFile.xml b/src/java/test/config/findbugsExcludeFile.xml index de8e078..b1a4f3d 100644 --- a/src/java/test/config/findbugsExcludeFile.xml +++ b/src/java/test/config/findbugsExcludeFile.xml @@ -75,6 +75,11 @@ </Match> <Match> + <Class name="org.apache.zookeeper.server.quorum.QuorumAuthPacket" /> + <Bug code="EI2, EI" /> + </Match> + + <Match> <Class name="org.apache.zookeeper.ClientCnxn"/> <Bug code="EI, EI2" /> </Match> @@ -136,4 +141,10 @@ <Method name="writeLongToFile" /> </Match> + <!-- Disable 'Malicious code vulnerability warnings' due to mutable collection types in interface. + Undo this when ZOOKEEPER-1362 is done. --> + <Match> + <Class name="org.apache.zookeeper.ZooDefs$Ids"/> + <Bug pattern="MS_MUTABLE_COLLECTION" /> + </Match> </FindBugsFilter>
