[
https://issues.apache.org/jira/browse/OOZIE-3212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Artem Ervits resolved OOZIE-3212.
---------------------------------
Resolution: Duplicate
duplicate of https://issues.apache.org/jira/browse/OOZIE-2952
> fix findbugs issues in oozie sharelib
> --------------------------------------
>
> Key: OOZIE-3212
> URL: https://issues.apache.org/jira/browse/OOZIE-3212
> Project: Oozie
> Issue Type: Bug
> Affects Versions: 5.0.0
> Reporter: Artem Ervits
> Assignee: Artem Ervits
> Priority: Minor
> Fix For: 5.1.0
>
>
> {code:java}
> [INFO] BugInstance size is 39
> [INFO] Error size is 0
> [INFO] Total bugs: 39
> [INFO] Unwritten public or protected field:
> org.apache.oozie.action.hadoop.ActionStats.currentActionType
> [org.apache.oozie.action.hadoop.ActionStats] At ActionStats.java:[line 37]
> UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD
> [INFO] Unchecked/unconfirmed cast from Throwable to
> org.apache.oozie.action.hadoop.LauncherMainException of return value in
> org.apache.oozie.action.hadoop.LauncherAM.runActionMain(ErrorHolder)
> [org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 427]
> BC_UNCONFIRMED_CAST_OF_RETURN_VALUE
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
> might be specified by user input [org.apache.oozie.action.hadoop.LauncherAM,
> org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 522]At
> LauncherAM.java:[line 514] PATH_TRAVERSAL_IN
> [INFO] Redundant nullcheck of id, which is known to be non-null in
> org.apache.oozie.action.hadoop.LauncherAM.setRecoveryId()
> [org.apache.oozie.action.hadoop.LauncherAM] Redundant null check at
> LauncherAM.java:[line 481] RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> [INFO] Exception is caught when Exception is not thrown in
> org.apache.oozie.action.hadoop.LauncherAM.executePrepare(ErrorHolder)
> [org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 379]
> REC_CATCH_EXCEPTION
> [INFO] Exception is caught when Exception is not thrown in
> org.apache.oozie.action.hadoop.LauncherAM.run()
> [org.apache.oozie.action.hadoop.LauncherAM] At LauncherAM.java:[line 251]
> REC_CATCH_EXCEPTION
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File,
> String, int): new java.io.FileReader(File)
> [org.apache.oozie.action.hadoop.LauncherAMUtils] At
> LauncherAMUtils.java:[line 64] DM_DEFAULT_ENCODING
> [INFO]
> org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File,
> String, int) may fail to clean up java.io.Reader on checked exception
> [org.apache.oozie.action.hadoop.LauncherAMUtils,
> org.apache.oozie.action.hadoop.LauncherAMUtils,
> org.apache.oozie.action.hadoop.LauncherAMUtils,
> org.apache.oozie.action.hadoop.LauncherAMUtils] Obligation to clean up
> resource created at LauncherAMUtils.java:[line 64] is not dischargedPath
> continues at LauncherAMUtils.java:[line 65]Path continues at
> LauncherAMUtils.java:[line 67]Path continues at LauncherAMUtils.java:[line
> 68] OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
> [INFO]
> org.apache.oozie.action.hadoop.LauncherAMUtils.getLocalFileContentStr(File,
> String, int) may fail to close stream on exception
> [org.apache.oozie.action.hadoop.LauncherAMUtils] At
> LauncherAMUtils.java:[line 64] OS_OPEN_STREAM_EXCEPTION_PATH
> [INFO] Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.oozie.action.hadoop.LauncherMain.printArgs(String, String[])
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 423]
> DM_CONVERT_CASE
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.LauncherMain.getHadoopJobIds(String,
> Pattern[]): new java.io.FileReader(String)
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 144]
> DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.LauncherMain.propagateToHadoopConf(): new
> java.io.FileWriter(String) [org.apache.oozie.action.hadoop.LauncherMain] At
> LauncherMain.java:[line 454] DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.LauncherMain.propagateToHadoopConf(): new
> java.io.OutputStreamWriter(OutputStream)
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 458]
> DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.LauncherMain.writeExternalChildIDs(String,
> Pattern[], String): String.getBytes()
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 180]
> DM_DEFAULT_ENCODING
> [INFO] org.apache.oozie.action.hadoop.LauncherMain.HADOOP_SITE_FILES should
> be both final and package protected
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 80]
> MS_FINAL_PKGPROTECT
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
> might be specified by user input
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 473]
> PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
> might be specified by user input
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 463]
> PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
> might be specified by user input
> [org.apache.oozie.action.hadoop.LauncherMain,
> org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line
> 140]At LauncherMain.java:[line 176] PATH_TRAVERSAL_IN
> [INFO] java/io/FileReader.<init>(Ljava/lang/String;)V reads a file whose
> location might be specified by user input
> [org.apache.oozie.action.hadoop.LauncherMain,
> org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line
> 144]At LauncherMain.java:[line 176] PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/lang/String;)V reads a file whose location
> might be specified by user input
> [org.apache.oozie.action.hadoop.LauncherMain,
> org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain] At LauncherMain.java:[line 399]At
> ShellMain.java:[line 93]At ShellMain.java:[line 101]At ShellMain.java:[line
> 145]At ShellMain.java:[line 148] PATH_TRAVERSAL_IN
> [INFO] java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file
> whose location might be specified by user input
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 404]
> PATH_TRAVERSAL_IN
> [INFO] Exceptional return value of java.io.File.mkdirs() ignored in
> org.apache.oozie.action.hadoop.LauncherMain.writeHadoopConfig(String, File)
> [org.apache.oozie.action.hadoop.LauncherMain] At LauncherMain.java:[line 401]
> RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
> [INFO] The class org.apache.oozie.action.hadoop.LocalFsOperations$1 could be
> refactored into a named _static_ inner class
> [org.apache.oozie.action.hadoop.LocalFsOperations] At
> LocalFsOperations.java:[line 59] SIC_INNER_SHOULD_BE_STATIC_ANON
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File, String):
> String.getBytes() [org.apache.oozie.action.hadoop.MapReduceMain] At
> MapReduceMain.java:[line 84] DM_DEFAULT_ENCODING
> [INFO] org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File,
> String) may fail to clean up java.io.OutputStream on checked exception
> [org.apache.oozie.action.hadoop.MapReduceMain,
> org.apache.oozie.action.hadoop.MapReduceMain] Obligation to clean up resource
> created at MapReduceMain.java:[line 83] is not dischargedPath continues at
> MapReduceMain.java:[line 84] OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
> [INFO] org.apache.oozie.action.hadoop.MapReduceMain.writeJobIdFile(File,
> String) may fail to close stream on exception
> [org.apache.oozie.action.hadoop.MapReduceMain] At MapReduceMain.java:[line
> 83] OS_OPEN_STREAM_EXCEPTION_PATH
> [INFO] Exceptional return value of java.io.File.createNewFile() ignored in
> new org.apache.oozie.action.hadoop.OozieLauncherOutputCommitter()
> [org.apache.oozie.action.hadoop.OozieLauncherOutputCommitter] At
> OozieLauncherOutputCommitter.java:[line 35]
> RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
> [INFO] Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.oozie.action.hadoop.PasswordMasker.isPasswordKey(String)
> [org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line
> 145] DM_CONVERT_CASE
> [INFO] The regular expression
> "(.*)([\\w[.\\w]*]*(?i)pass[\\w]*=)([\\w]+)(.*)" is vulnerable to a denial of
> service attack (ReDOS) [org.apache.oozie.action.hadoop.PasswordMasker] At
> PasswordMasker.java:[line 54] REDOS
> [INFO] The regular expression "([\\w[.\\w]*]*(?i)pass[\\w]*=)([\\w]+)" is
> vulnerable to a denial of service attack (ReDOS)
> [org.apache.oozie.action.hadoop.PasswordMasker] At PasswordMasker.java:[line
> 65] REDOS
> [INFO]
> java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;
> reads a file whose location might be specified by user input
> [org.apache.oozie.action.hadoop.ShellContentWriter,
> org.apache.oozie.action.hadoop.ShellContentWriter] At
> ShellContentWriter.java:[line 67]At ShellContentWriter.java:[line 67]
> PATH_TRAVERSAL_IN
> [INFO] This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can
> be vulnerable to Command Injection [org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 92]At
> ShellMain.java:[line 89]At ShellMain.java:[line 90]At ShellMain.java:[line
> 91] COMMAND_INJECTION
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.ShellMain.handleShellOutput(Process, boolean):
> new java.io.InputStreamReader(InputStream)
> [org.apache.oozie.action.hadoop.ShellMain,
> org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 235]Another
> occurrence at ShellMain.java:[line 236] DM_DEFAULT_ENCODING
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.ShellMain.writeLoggerProperties(Configuration,
> File): new java.io.PrintWriter(OutputStream)
> [org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 176]
> DM_DEFAULT_ENCODING
> [INFO]
> org.apache.oozie.action.hadoop.ShellMain.writeLoggerProperties(Configuration,
> File) may fail to close stream on exception
> [org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 176]
> OS_OPEN_STREAM_EXCEPTION_PATH
> [INFO] java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file
> whose location might be specified by user input
> [org.apache.oozie.action.hadoop.ShellMain] At ShellMain.java:[line 174]
> PATH_TRAVERSAL_IN
> [INFO] Redundant nullcheck of thrArray, which is known to be non-null in
> org.apache.oozie.action.hadoop.ShellMain.execute(Configuration)
> [org.apache.oozie.action.hadoop.ShellMain] Redundant null check at
> ShellMain.java:[line 120] RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> [INFO] Found reliance on default encoding in
> org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread.run(): new
> java.io.FileWriter(File)
> [org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread] At
> ShellMain.java:[line 272] DM_DEFAULT_ENCODING
> [INFO] Should org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread be a
> _static_ inner class?
> [org.apache.oozie.action.hadoop.ShellMain$OutputWriteThread] At
> ShellMain.java:[lines 254-312] SIC_INNER_SHOULD_BE_STATIC
> [INFO]{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
