[tomcat] branch 8.5.x updated: More SpotBugs fixes

Thu, 14 Nov 2019 03:23:53 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 2b2ed21  More SpotBugs fixes
2b2ed21 is described below

commit 2b2ed21c75bf43d66982f133f2a881c892c40462
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Nov 14 11:22:51 2019 +0000

    More SpotBugs fixes
---
 .../apache/tomcat/util/http/parser/HttpParser.java    |  2 +-
 res/findbugs/filter-false-positives.xml               | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/http/parser/HttpParser.java 
b/java/org/apache/tomcat/util/http/parser/HttpParser.java
index f76ddcb..90d7e42 100644
--- a/java/org/apache/tomcat/util/http/parser/HttpParser.java
+++ b/java/org/apache/tomcat/util/http/parser/HttpParser.java
@@ -149,7 +149,7 @@ public class HttpParser {
             // Not valid for request target.
             // Combination of multiple rules from RFC7230 and RFC 3986. Must be
             // ASCII, no controls plus a few additional characters excluded
-            if (IS_CONTROL[i] || i > 127 ||
+            if (IS_CONTROL[i] ||
                     i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' 
|| i == '\\' ||
                     i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') 
{
                 if (!REQUEST_TARGET_ALLOW[i]) {
diff --git a/res/findbugs/filter-false-positives.xml 
b/res/findbugs/filter-false-positives.xml
index c691b6c..a4596d0 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -1212,6 +1212,16 @@
     <Bug code="Dm" />
   </Match>
   <Match>
+    <!-- URLs used are always provided by the container so would normally be 
-->
+    <!-- file URLs.                                                          
-->
+    <Class name="org.apache.tomcat.util.descriptor.tld.TldResourcePath" />
+    <Or>
+      <Method name="equals" />
+      <Method name="hashCode" />
+    </Or>
+    <Bug pattern="DMI_BLOCKING_METHODS_ON_URL" />
+  </Match>
+  <Match>
     <!-- NPE is desired as it indicates an error condition -->
     <Class name="org.apache.tomcat.util.digester.CallMethodRule"/>
     <Method name="end"/>
@@ -1245,6 +1255,15 @@
     <Bug code="Dm" />
   </Match>
   <Match>
+    <!-- Deletion failure should never happen -->
+    <Class name="org.apache.tomcat.util.http.fileupload.disk.DiskFileItem"/>
+    <Or>
+      <Method name="delete"/>
+      <Method name="finalize"/>
+    </Or>
+    <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" />
+  </Match>
+  <Match>
     <!-- the platform default encoding is a fallback -->
     <Class name="org.apache.tomcat.util.http.fileupload.disk.DiskFileItem"/>
     <Method name="getString"/>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to