[jira] [Commented] (KNOX-1442) Enable forbiddenapis for static build checking

[Kevin Risden (JIRA)]

    [ 
https://issues.apache.org/jira/browse/KNOX-1442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626575#comment-16626575
 ] 

Kevin Risden commented on KNOX-1442:
------------------------------------

forbiddenapis is a static build tool that checks for methods and classes that 
should not be used for various reasons. There are a few bundled signature lists 
([https://github.com/policeman-tools/forbidden-apis/wiki/BundledSignatures)] 
that prevent certain API usages. A few examples include:
 * default locale, charset, timezone
 * JDK deprecated methods

Additional signatures can be specified if certain methods shouldn't be used. 
This is done with the following syntax 
[https://github.com/policeman-tools/forbidden-apis/wiki/SignaturesSyntax.] 

If an error is detected during the build, it will stop the build and print a 
message like the following:
{noformat}
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses 
default locale]
[ERROR] in org.apache.knox.gateway.dispatch.UrlConnectionDispatch 
(UrlConnectionDispatch.java:68){noformat}
This tells you the following:
 # Class that the error occurred in
 # Line number of the error
 # The method or class that failed
 # The reason the method or class failed

In the example above, toUpperCase() without any parameters uses the default 
locale. This can cause issues in certain locales like Turkish where upper and 
lower case i are different. In most cases, you should specify what locale to 
use or use Locale.getDefault() explicitly when you know you want that behavior.

To fix the error above, the following was used:
{code:java}
String method = request.getMethod().toUpperCase(Locale.ROOT)
{code}
This ensures that upper case is handled in the base locale that doesn't have 
special rules for case.

If for some reason the usage is correct, you can suppress the error with 
'@SuppressForbidden(reason = "System#out")'. This will apply to that method or 
class depending on the location. 

> Enable forbiddenapis for static build checking
> ----------------------------------------------
>
>                 Key: KNOX-1442
>                 URL: https://issues.apache.org/jira/browse/KNOX-1442
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Build
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: 1.2.0
>
>         Attachments: KNOX-1442.patch, KNOX-1442.patch, KNOX-1442.patch
>
>
> Split out from KNOX-1284 specifically for forbiddenapis 
> (https://github.com/policeman-tools/forbidden-apis).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)