GitHub user afine opened a pull request:
https://github.com/apache/zookeeper/pull/232
ZOOKEEPER-2731: Cleanup findbug warnings in branch-3.4: Malicious code
vulnerability Warnings
There are two interesting parts to this change.
The first is in the Jute compiler. Fields that are declared buffers
(translated to byte[] in java) now perform a clone in the constructor and while
"getting and setting", following best practice. This prevents accidental
changes to arrays once passed into or out of jute records but may negatively
impact memory usage and performance. Would be interested in hearing if people
think this is acceptable.
The second is in ZooDefs. We are currently declaring our predefined ACL
lists with `new ArrayList<ACL>(Collections.singletonList(new ACL(...`. This
seems strange to me as we appear to be converting a List type to an ArrayList.
Would be great if someone could shed some light on why we do this. I think this
logic can be simplified to `Collections.singletonList(new ACL(...` with the
added bonus that the resulting list is immutable (making FindBugs happy).
Thanks,
Abe
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/afine/zookeeper ZOOKEEPER-2731
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/232.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #232
----
commit c5e3900bf768c6b4b1c0a2683be2b08259d328f8
Author: Abraham Fine <[email protected]>
Date: 2017-04-18T19:39:46Z
ZOOKEEPER-2731: Cleanup findbug warnings in branch-3.4: Malicious code
vulnerability Warnings
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
