[jira] [Commented] (FLINK-23542) Upgrade Checkstyle to at least 8.29

Thu, 29 Jul 2021 03:00:06 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-23542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17389793#comment-17389793
 ] 

Martijn Visser commented on FLINK-23542:
----------------------------------------

I've tried to perform the upgrade myself, but the newer Checkstyle version also 
returns checkstyle errors. For example:

{code:java}
[ERROR] 
src/main/java/org/apache/flink/core/memory/ByteArrayOutputStreamWithPos.java:[91,30]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
[ERROR] 
src/test/java/org/apache/flink/api/java/typeutils/runtime/TupleComparatorTTT3Test.java:[40,78]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
[ERROR] 
src/test/java/org/apache/flink/api/java/typeutils/runtime/TupleComparatorTTT3Test.java:[160,88]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
[ERROR] 
src/test/java/org/apache/flink/api/java/typeutils/runtime/TupleComparatorTTT2Test.java:[41,78]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
[ERROR] 
src/test/java/org/apache/flink/api/java/typeutils/runtime/TupleComparatorTTT2Test.java:[153,88]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
[ERROR] 
src/test/java/org/apache/flink/api/java/typeutils/runtime/TupleComparatorTTT1Test.java:[39,78]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
[ERROR] 
src/test/java/org/apache/flink/api/java/typeutils/runtime/TupleComparatorTTT1Test.java:[145,88]
 (misc) ArrayTypeStyle: Array brackets at illegal position.
{code}

There are probably more errors that need to be fixed or excluded

> Upgrade Checkstyle to at least 8.29
> -----------------------------------
>
>                 Key: FLINK-23542
>                 URL: https://issues.apache.org/jira/browse/FLINK-23542
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: Build System
>            Reporter: Martijn Visser
>            Priority: Major
>
> Checkstyle version < 8.29 are still vulnerable to XML External Entity (XXE) 
> Processing due to an incomplete fix for CVE-2019-9658.
> This vulnerability probably doesn't impact Flink as, in most cases, these 
> builds are processing files that are trusted, or pre-vetted by a pull request 
> reviewer before being run on internal CI infrastructure.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to