[
https://issues.apache.org/jira/browse/ZOOKEEPER-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019125#comment-16019125
]
ASF GitHub Bot commented on ZOOKEEPER-2731:
-------------------------------------------
Github user rakeshadr commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/232#discussion_r117658709
--- Diff: src/java/main/org/apache/zookeeper/ZooDefs.java ---
@@ -96,21 +97,20 @@
/**
* This is a completely open ACL .
*/
- public final ArrayList<ACL> OPEN_ACL_UNSAFE = new ArrayList<ACL>(
- Collections.singletonList(new ACL(Perms.ALL,
ANYONE_ID_UNSAFE)));
+ public final List<ACL> OPEN_ACL_UNSAFE =
--- End diff --
@afine , Its touching an exposed API and changing to List will impact b/w
compatibility. Could you please follow the branch-3.5 fix like adding an
exclude entry in `findbugsExcludeFile.xml`,
```
<!-- Disable 'Malicious code vulnerability warnings' due to mutable
collection types in interface.
Undo this when ZOOKEEPER-1362 is done. -->
<Match>
<Class name="org.apache.zookeeper.ZooDefs$Ids"/>
<Bug pattern="MS_MUTABLE_COLLECTION" />
</Match>
```
API doc referenece http://zookeeper.apache.org/doc/r3.4.10/api/
Also, please read the discussions in
https://issues.apache.org/jira/browse/ZOOKEEPER-1362
> Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
> -----------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2731
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2731
> Project: ZooKeeper
> Issue Type: Sub-task
> Affects Versions: 3.4.9
> Reporter: Rakesh R
> Assignee: Abraham Fine
> Fix For: 3.4.11
>
>
> Please refer the attached sheet in parent jira. Below is the details of
> findbug warnings.
> {code}
> MS org.apache.zookeeper.Environment.JAAS_CONF_KEY isn't final but should be
> Bug type MS_SHOULD_BE_FINAL (click for details)
> In class org.apache.zookeeper.Environment
> Field org.apache.zookeeper.Environment.JAAS_CONF_KEY
> At Environment.java:[line 34]
> MS org.apache.zookeeper.server.ServerCnxn.cmd2String is a mutable
> collection which should be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details)
> In class org.apache.zookeeper.server.ServerCnxn
> Field org.apache.zookeeper.server.ServerCnxn.cmd2String
> At ServerCnxn.java:[line 230]
> MS org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE is a mutable collection
> Bug type MS_MUTABLE_COLLECTION (click for details)
> In class org.apache.zookeeper.ZooDefs$Ids
> Field org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE
> At ZooDefs.java:[line 100]
> MS org.apache.zookeeper.ZooKeeperMain.commandMap is a mutable collection
> which should be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details)
> In class org.apache.zookeeper.ZooKeeperMain
> Field org.apache.zookeeper.ZooKeeperMain.commandMap
> At ZooKeeperMain.java:[line 53]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
