[
https://issues.apache.org/jira/browse/ZOOKEEPER-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15981705#comment-15981705
]
ASF GitHub Bot commented on ZOOKEEPER-2731:
-------------------------------------------
Github user afine commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/232#discussion_r113032297
--- Diff: src/java/main/org/apache/jute/compiler/JType.java ---
@@ -27,7 +27,7 @@
private String mCName;
private String mCppName;
private String mCsharpName;
- private String mJavaName;
+ protected String mJavaName;
--- End diff --
@rakeshadr this fixes findbugs issues added by ZOOKEEPER-1045:
> Bug type EI_EXPOSE_REP
> In class org.apache.zookeeper.server.quorum.QuorumAuthPacket
> In method org.apache.zookeeper.server.quorum.QuorumAuthPacket.getToken()
> Field org.apache.zookeeper.server.quorum.QuorumAuthPacket.token
> At QuorumAuthPacket.java:[line 50]
and
> Bug type EI_EXPOSE_REP2
> In class org.apache.zookeeper.server.quorum.QuorumAuthPacket
> In method new org.apache.zookeeper.server.quorum.QuorumAuthPacket(long,
int, byte[])
> Field org.apache.zookeeper.server.quorum.QuorumAuthPacket.token
> Local variable named token
> At QuorumAuthPacket.java:[line 35]
These issues are newer than the findbugs report included with the
ZOOKEEPER-2728, which is why they are not listed there.
@hanm The reason that this solution is not used in 3.5 (and in other
classes of 3.4) is because we ignore similar issues by including the following
in findbugsExcludeFile.xml:
```
<Match>
<Package name="org.apache.jute.compiler.generated" />
</Match>
<Match>
<Package name="~org\.apache\.zookeeper\.(proto|data|txn)" />
<Bug code="EI, EI2" />
</Match>
<Match>
<Class name="org.apache.zookeeper.server.DataNode" />
<Bug code="EI2"/>
</Match>
<Match>
<Class name="org.apache.zookeeper.server.quorum.QuorumPacket" />
<Bug code="EI2, EI" />
</Match>
<Match>
<Class name="org.apache.zookeeper.ClientCnxn"/>
<Bug code="EI, EI2" />
</Match>
```
I went ahead and updated the patch to remove these entries and made some
additional changes to get rid of all the findbugs warnings.
Although I am very concerned about the potential performance impact of
including all of these extra clone() operations, particularly as it relates to
"node data". What do you think, should we just ignore the warning on
`QuorumAuthPacket.java` or fix the cause?
> Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
> -----------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2731
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2731
> Project: ZooKeeper
> Issue Type: Sub-task
> Affects Versions: 3.4.9
> Reporter: Rakesh R
> Assignee: Abraham Fine
> Fix For: 3.4.11
>
>
> Please refer the attached sheet in parent jira. Below is the details of
> findbug warnings.
> {code}
> MS org.apache.zookeeper.Environment.JAAS_CONF_KEY isn't final but should be
> Bug type MS_SHOULD_BE_FINAL (click for details)
> In class org.apache.zookeeper.Environment
> Field org.apache.zookeeper.Environment.JAAS_CONF_KEY
> At Environment.java:[line 34]
> MS org.apache.zookeeper.server.ServerCnxn.cmd2String is a mutable
> collection which should be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details)
> In class org.apache.zookeeper.server.ServerCnxn
> Field org.apache.zookeeper.server.ServerCnxn.cmd2String
> At ServerCnxn.java:[line 230]
> MS org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE is a mutable collection
> Bug type MS_MUTABLE_COLLECTION (click for details)
> In class org.apache.zookeeper.ZooDefs$Ids
> Field org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE
> At ZooDefs.java:[line 100]
> MS org.apache.zookeeper.ZooKeeperMain.commandMap is a mutable collection
> which should be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details)
> In class org.apache.zookeeper.ZooKeeperMain
> Field org.apache.zookeeper.ZooKeeperMain.commandMap
> At ZooKeeperMain.java:[line 53]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
