[
https://issues.apache.org/jira/browse/OOZIE-3654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17488653#comment-17488653
]
Andras Salamon commented on OOZIE-3654:
---------------------------------------
This is the important part of the precommit and I agree we can ignore the
spotbugs errors:
{noformat}
16:18:01 +1 PATCH_APPLIES
16:18:01 +1 CLEAN
16:18:01 -1 RAW_PATCH_ANALYSIS
16:18:01 +1 the patch does not introduce any @author tags
16:18:01 +1 the patch does not introduce any tabs
16:18:01 +1 the patch does not introduce any trailing spaces
16:18:01 +1 the patch does not introduce any star imports
16:18:01 +1 the patch does not introduce any line longer than 132
16:18:01 -1 the patch does not add/modify any testcase
16:18:01 +1 RAT
16:18:01 +1 the patch does not seem to introduce new RAT warnings
16:18:01 +1 JAVADOC
16:18:01 +1 Javadoc generation succeeded with the patch
16:18:01 +1 the patch does not seem to introduce new Javadoc warning(s)
16:18:01 +1 COMPILE
16:18:01 +1 HEAD compiles
16:18:01 +1 patch compiles
16:18:01 +1 the patch does not seem to introduce new javac warnings
16:18:01 -1 There are [7] new bugs found below threshold in total that must be
fixed.
16:18:01 +1 There are no new bugs found in [examples].
16:18:01 +1 There are no new bugs found in [fluent-job/fluent-job-api].
16:18:01 +1 There are no new bugs found in [sharelib/hive].
16:18:01 +1 There are no new bugs found in [sharelib/hive2].
16:18:01 +1 There are no new bugs found in [sharelib/git].
16:18:01 +1 There are no new bugs found in [sharelib/distcp].
16:18:01 +1 There are no new bugs found in [sharelib/hcatalog].
16:18:01 +1 There are no new bugs found in [sharelib/sqoop].
16:18:01 +1 There are no new bugs found in [sharelib/spark].
16:18:01 -1 There are [1] new bugs found below threshold in
[sharelib/oozie] that must be fixed.
16:18:01 You can find the SpotBugs diff here (look for the red and orange
ones): sharelib/oozie/findbugs-new.html
16:18:01 The most important SpotBugs errors are:
16:18:01 At ShellMain.java:[line 93]: This usage of
java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to
Command Injection
16:18:01 At ShellMain.java:[line 91]: At ShellMain.java:[line 90]
16:18:01 At ShellMain.java:[line 92]
16:18:01 +1 There are no new bugs found in [sharelib/pig].
16:18:01 +1 There are no new bugs found in [sharelib/streaming].
16:18:01 +1 There are no new bugs found in [server].
16:18:01 +1 There are no new bugs found in [docs].
16:18:01 +1 There are no new bugs found in [webapp].
16:18:01 -1 There are [6] new bugs found below threshold in [core] that
must be fixed, listing only the first [5] ones.
16:18:01 You can find the SpotBugs diff here (look for the red and orange
ones): core/findbugs-new.html
16:18:01 The top [5] most important SpotBugs errors are:
16:18:01 At BulkJPAExecutor.java:[line 206]: This use of
javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
can be vulnerable to SQL/JPQL injection
16:18:01 At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line
175]
16:18:01 At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line
199]
16:18:01 This use of
javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query;
can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206]
16:18:01 At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line
127]
16:18:01 +1 There are no new bugs found in [tools].
16:18:01 +1 There are no new bugs found in [client].
16:18:01 +1 BACKWARDS_COMPATIBILITY
16:18:01 +1 the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
16:18:01 +1 the patch does not modify JPA files
16:18:01 +1 TESTS
16:18:01 Tests run: 3215
16:18:01 Tests failed at first run:
16:18:01 For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
16:18:01 +1 DISTRO
16:18:01 +1 distro tarball builds with the patch
16:18:01 +1 MODERNIZER
{noformat}
> update to httpclient 4.5.13
> ---------------------------
>
> Key: OOZIE-3654
> URL: https://issues.apache.org/jira/browse/OOZIE-3654
> Project: Oozie
> Issue Type: Improvement
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Attachments: OOZIE-3654-002.patch
>
>
> Due to [https://github.com/advisories/GHSA-7r82-7xv7-xcpj]
> xerces issue - https://github.com/advisories/GHSA-h65f-jvqw-m9fj
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
