Artem Ervits created OOZIE-3212:
-----------------------------------
Summary: fix findbugs issues in oozie sharelib
Key: OOZIE-3212
URL: https://issues.apache.org/jira/browse/OOZIE-3212
Project: Oozie
Issue Type: Bug
Affects Versions: 5.0.0
Reporter: Artem Ervits
Assignee: Artem Ervits
Fix For: 5.1.0
{code:java}
[INFO] BugInstance size is 39
[INFO] Error size is 0
[INFO] Total bugs: 39
[INFO] Unwritten public or protected field:
org.apache.oozie.action.hadoop.ActionStats.currentActionType
[org.apache.oozie.action.hadoop.ActionStats] At ActionStats.java:[line 37]
UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD
[INFO] Unchecked/unconfirmed cast from Throwable to
org.apache.oozie.action.hadoop.LauncherMainException of return value in
org.apache.oozie.action.hadoop.LauncherAM.runActionMain(ErrorHolder)
[org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 427]
BC_UNCONFIRMED_CAST_OF_RETURN_VALUE
[INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
might be specified by user input [org.apache.oozie.action.hadoop.LauncherAM,
org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 522]At
LauncherAM.java:[line 514] PATH_TRAVERSAL_IN
[INFO] Redundant nullcheck of id, which is known to be non-null in
org.apache.oozie.action.hadoop.LauncherAM.setRecoveryId()
[org.apache.oozie.action.hadoop.LauncherAM] Redundant null check at
LauncherAM.java:[line 481] RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
[INFO] Exception is caught when Exception is not thrown in
org.apache.oozie.action.hadoop.LauncherAM.executePrepare(ErrorHolder)
[org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 379]
REC_CATCH_EXCEPTION
[INFO] Exception is caught when Exception is not thrown in
org.apache.oozie.action.hadoop.LauncherAM.run()
[org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 251]
REC_CATCH_EXCEPTION
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File,
String, int): new java.io.FileReader(File)
[org.apache.oozie.action.hadoop.LauncherAMUtils] At LauncherAMUtils.java:[line
64] DM_DEFAULT_ENCODING
[INFO]
org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File,
String, int) may fail to clean up java.io.Reader on checked exception
[org.apache.oozie.action.hadoop.LauncherAMUtils,
org.apache.oozie.action.hadoop.LauncherAMUtils,
org.apache.oozie.action.hadoop.LauncherAMUtils,
org.apache.oozie.action.hadoop.LauncherAMUtils] Obligation to clean up resource
created at LauncherAMUtils.java:[line 64] is not dischargedPath continues at
LauncherAMUtils.java:[line 65]Path continues at LauncherAMUtils.java:[line
67]Path continues at LauncherAMUtils.java:[line 68]
OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
[INFO]
org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File,
String, int) may fail to close stream on exception
[org.apache.oozie.action.hadoop.LauncherAMUtils] At LauncherAMUtils.java:[line
64] OS_OPEN_STREAM_EXCEPTION_PATH
[INFO] Use of non-localized String.toUpperCase() or String.toLowerCase() in
org.apache.oozie.action.hadoop.LauncherMain.printArgs(String, String[])
[org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 423]
DM_CONVERT_CASE
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.LauncherMain.getHadoopJobIds(String, Pattern[]):
new java.io.FileReader(String) [org.apache.oozie.action.hadoop.LauncherMain] At
LauncherMain.java:[line 144] DM_DEFAULT_ENCODING
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.LauncherMain.propagateToHadoopConf(): new
java.io.FileWriter(String) [org.apache.oozie.action.hadoop.LauncherMain] At
LauncherMain.java:[line 454] DM_DEFAULT_ENCODING
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.LauncherMain.propagateToHadoopConf(): new
java.io.OutputStreamWriter(OutputStream)
[org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 458]
DM_DEFAULT_ENCODING
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.LauncherMain.writeExternalChildIDs(String,
Pattern[], String): String.getBytes()
[org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 180]
DM_DEFAULT_ENCODING
[INFO] org.apache.oozie.action.hadoop.LauncherMain.HADOOP_SITE_FILES should be
both final and package protected [org.apache.oozie.action.hadoop.LauncherMain]
At LauncherMain.java:[line 80] MS_FINAL_PKGPROTECT
[INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain]
At LauncherMain.java:[line 473] PATH_TRAVERSAL_IN
[INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain]
At LauncherMain.java:[line 463] PATH_TRAVERSAL_IN
[INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain,
org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 140]At
LauncherMain.java:[line 176] PATH_TRAVERSAL_IN
[INFO] java/io/FileReader.<init>(Ljava/lang/String;)V reads a file whose
location might be specified by user input
[org.apache.oozie.action.hadoop.LauncherMain,
org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 144]At
LauncherMain.java:[line 176] PATH_TRAVERSAL_IN
[INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
might be specified by user input [org.apache.oozie.action.hadoop.LauncherMain,
org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain] At LauncherMain.java:[line 399]At
ShellMain.java:[line 93]At ShellMain.java:[line 101]At ShellMain.java:[line
145]At ShellMain.java:[line 148] PATH_TRAVERSAL_IN
[INFO] java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file
whose location might be specified by user input
[org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 404]
PATH_TRAVERSAL_IN
[INFO] Exceptional return value of java.io.File.mkdirs() ignored in
org.apache.oozie.action.hadoop.LauncherMain.writeHadoopConfig(String, File)
[org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 401]
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
[INFO] The class org.apache.oozie.action.hadoop.LocalFsOperations$1 could be
refactored into a named _static_ inner class
[org.apache.oozie.action.hadoop.LocalFsOperations] At
LocalFsOperations.java:[line 59] SIC_INNER_SHOULD_BE_STATIC_ANON
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File, String):
String.getBytes() [org.apache.oozie.action.hadoop.MapReduceMain] At
MapReduceMain.java:[line 84] DM_DEFAULT_ENCODING
[INFO] org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File,
String) may fail to clean up java.io.OutputStream on checked exception
[org.apache.oozie.action.hadoop.MapReduceMain,
org.apache.oozie.action.hadoop.MapReduceMain] Obligation to clean up resource
created at MapReduceMain.java:[line 83] is not dischargedPath continues at
MapReduceMain.java:[line 84] OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
[INFO] org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File,
String) may fail to close stream on exception
[org.apache.oozie.action.hadoop.MapReduceMain] At MapReduceMain.java:[line 83]
OS_OPEN_STREAM_EXCEPTION_PATH
[INFO] Exceptional return value of java.io.File.createNewFile() ignored in new
org.apache.oozie.action.hadoop.OozieLauncherOutputCommitter()
[org.apache.oozie.action.hadoop.OozieLauncherOutputCommitter] At
OozieLauncherOutputCommitter.java:[line 35] RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
[INFO] Use of non-localized String.toUpperCase() or String.toLowerCase() in
org.apache.oozie.action.hadoop.PasswordMasker.isPasswordKey(String)
[org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line
145] DM_CONVERT_CASE
[INFO] The regular expression "(.*)([\\w[.\\w]*]*(?i)pass[\\w]*=)([\\w]+)(.*)"
is vulnerable to a denial of service attack (ReDOS)
[org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line
54] REDOS
[INFO] The regular expression "([\\w[.\\w]*]*(?i)pass[\\w]*=)([\\w]+)" is
vulnerable to a denial of service attack (ReDOS)
[org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line
65] REDOS
[INFO]
java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;
reads a file whose location might be specified by user input
[org.apache.oozie.action.hadoop.ShellContentWriter,
org.apache.oozie.action.hadoop.ShellContentWriter] At
ShellContentWriter.java:[line 67]At ShellContentWriter.java:[line 67]
PATH_TRAVERSAL_IN
[INFO] This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be
vulnerable to Command Injection [org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 92]At
ShellMain.java:[line 89]At ShellMain.java:[line 90]At ShellMain.java:[line 91]
COMMAND_INJECTION
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.ShellMain.handleShellOutput(Process, boolean):
new java.io.InputStreamReader(InputStream)
[org.apache.oozie.action.hadoop.ShellMain,
org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 235]Another
occurrence at ShellMain.java:[line 236] DM_DEFAULT_ENCODING
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.ShellMain.writeLoggerProperties(Configuration,
File): new java.io.PrintWriter(OutputStream)
[org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 176]
DM_DEFAULT_ENCODING
[INFO]
org.apache.oozie.action.hadoop.ShellMain.writeLoggerProperties(Configuration,
File) may fail to close stream on exception
[org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 176]
OS_OPEN_STREAM_EXCEPTION_PATH
[INFO] java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file
whose location might be specified by user input
[org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 174]
PATH_TRAVERSAL_IN
[INFO] Redundant nullcheck of thrArray, which is known to be non-null in
org.apache.oozie.action.hadoop.ShellMain.execute(Configuration)
[org.apache.oozie.action.hadoop.ShellMain] Redundant null check at
ShellMain.java:[line 120] RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
[INFO] Found reliance on default encoding in
org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread.run(): new
java.io.FileWriter(File)
[org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread] At
ShellMain.java:[line 272] DM_DEFAULT_ENCODING
[INFO] Should org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread be a
_static_ inner class?
[org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread] At
ShellMain.java:[lines 254-312] SIC_INNER_SHOULD_BE_STATIC
[INFO]{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
