| <?xml version="1.0"?> |
| <!-- |
| // |
| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| --> |
| <FindBugsFilter> |
| <!-- General exclusions --> |
| <Match> |
| <!-- Ignore classes generated by Protobuf. |
| Unfortunately I couldn't find a way to universally filter all Protobuf classes. --> |
| <Or> |
| <Class name="~.*PB.*"/> |
| <Class name="~org\.apache\.kudu\.consensus\.Opid.*"/> |
| <Class name="~org\.apache\.kudu\.master\.Master.*"/> |
| <Class name="~org\.apache\.kudu\.rpc\.RpcHeader.*"/> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Spotbugs works better with Java than with Scala. We suppress some categories of |
| bug reports when using Scala, since spotbugs generates huge numbers of false positives |
| when examining Scala code. --> |
| <Source name="~.*\.scala" /> |
| <Or> |
| <!-- NP_LOAD_OF_KNOWN_NULL_VALUE: The variable referenced at this point is known to be |
| null due to an earlier check against null. --> |
| <Bug pattern="NP_LOAD_OF_KNOWN_NULL_VALUE"/> |
| <!-- NP_NULL_ON_SOME_PATH: Possible null pointer dereference. --> |
| <Bug pattern="NP_NULL_ON_SOME_PATH"/> |
| <!-- NP_NULL_PARAM_DEREF: Method call passes null for non-null parameter. --> |
| <Bug pattern="NP_NULL_PARAM_DEREF"/> |
| <!-- SE_BAD_FIELD: Non-transient non-serializable instance field in serializable class. --> |
| <Bug pattern="SE_BAD_FIELD"/> |
| <!-- SE_BAD_FIELD_STORE: Non-serializable value stored into instance field of a serializable class. --> |
| <Bug pattern="SE_BAD_FIELD_STORE"/> |
| <!-- DM_STRING_CTOR: Method invokes inefficient new String(String) constructor. --> |
| <Bug pattern="DM_STRING_CTOR"/> |
| <!-- DM_NEW_FOR_GETCLASS: Method allocates an object, only to get the class object. --> |
| <Bug pattern="DM_NEW_FOR_GETCLASS"/> |
| <!-- ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method. --> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/> |
| <!-- DM_NUMBER_CTOR: Method invokes inefficient Number constructor. --> |
| <Bug pattern="DM_NUMBER_CTOR"/> |
| <!-- RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE: Nullcheck of value previously dereferenced. --> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"/> |
| <!-- RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE: Redundant nullcheck of value known to be non-null. --> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/> |
| <!-- RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE: Redundant nullcheck of value known to be null. --> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE"/> |
| <!-- RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT: Return value of method without side effect is ignored. --> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"/> |
| <!-- NM_CLASS_NAMING_CONVENTION: Class names should start with an upper case letter. --> |
| <Bug pattern="NM_CLASS_NAMING_CONVENTION"/> |
| <!-- NM_METHOD_NAMING_CONVENTION: Method names should start with a lower case letter. --> |
| <Bug pattern="NM_METHOD_NAMING_CONVENTION"/> |
| <!-- NM_FIELD_NAMING_CONVENTION: Field names should start with a lower case letter. --> |
| <Bug pattern="NM_FIELD_NAMING_CONVENTION"/> |
| <!-- EC_NULL_ARG: Call to equals(null) --> |
| <Bug pattern="EC_NULL_ARG"/> |
| <!-- NP_ALWAYS_NULL: Null pointer dereference --> |
| <Bug pattern="NP_ALWAYS_NULL"/> |
| <!-- MS_CANNOT_BE_FINAL: Field isn't final and can't be protected from malicious code. --> |
| <Bug pattern="MS_CANNOT_BE_FINAL"/> |
| <!-- DLS_DEAD_LOCAL_STORE: Dead store to local variable. --> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| <!-- UPM_UNCALLED_PRIVATE_METHOD: Private method is never called. --> |
| <Bug pattern="UPM_UNCALLED_PRIVATE_METHOD"/> |
| <!-- SE_NO_SERIALVERSIONID: Class is Serializable, but doesn't define serialVersionUID. --> |
| <Bug pattern="SE_NO_SERIALVERSIONID"/> |
| <!-- HE_HASHCODE_USE_OBJECT_EQUALS: Class defines hashCode() and uses Object.equals(). --> |
| <Bug pattern="HE_HASHCODE_USE_OBJECT_EQUALS"/> |
| <!-- MS_PKGPROTECT: Field should be package protected --> |
| <Bug pattern="MS_PKGPROTECT"/> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Spotbugs can trigger false positives for redundant null checks on JDK 11+. |
| See https://github.com/spotbugs/spotbugs/issues/756 |
| This is fixed in SpotBugs 4.1.3, but we can't upgrade yet due to |
| https://github.com/spotbugs/spotbugs/issues/1272 |
| --> |
| <Or> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE" /> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Disable warnings about mutable objects and the use of public fields. |
| Though these are important concerns, we have many instances of this warning |
| and "fixing" the warning could have performance implications. --> |
| <Bug pattern="EI_EXPOSE_REP,EI_EXPOSE_REP2" /> |
| </Match> |
| <Match> |
| <!-- Bugs that are ignored in all tests. --> |
| <Or> |
| <Class name="~org\.apache\.kudu.*Test.*"/> |
| <Class name="~org\.apache\.kudu\..*\.IT.*"/> |
| </Or> |
| <Or> |
| <!-- Often fields are initialized in the setUp method in tests. --> |
| <Bug pattern="UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR" /> |
| <!-- Tests often ignore expected exceptions --> |
| <Bug pattern="DE_MIGHT_IGNORE" /> |
| <Bug pattern="REC_CATCH_EXCEPTION" /> |
| <!-- Tests of call methods for their side effects or to check for exceptions and |
| ignore the return value --> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" /> |
| <!-- Tests often cast to a known class. --> |
| <Bug pattern="BC_UNCONFIRMED_CAST_OF_RETURN_VALUE" /> |
| <!-- Tests don't need to worry about serialization compatibility. --> |
| <Bug pattern="SE_NO_SERIALVERSIONID" /> |
| <!-- Often tests testing exceptions have "exception" in the name. --> |
| <Bug pattern="NM_CLASS_NOT_EXCEPTION" /> |
| <!-- Tests use i % 2 == 1 frequently to alternate behavior. --> |
| <!-- TODO: converting these into negated "check for even" and remove. --> |
| <Bug pattern="IM_BAD_CHECK_FOR_ODD" /> |
| <!-- Junit rules don't need to be read. |
| This naming scheme should be used for all Junit Rule usage to avoid SpotBugs issues. |
| --> |
| <And> |
| <Field name="~.*Rule" /> |
| <Bug pattern="URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD" /> |
| </And> |
| <!-- We generally don't care about minor performance issues in tests. --> |
| <And> |
| <Bug category="PERFORMANCE" /> |
| <Priority value="3" /> |
| </And> |
| </Or> |
| </Match> |
| |
| <!-- kudu-backup exclusions --> |
| <Match> |
| <!-- These fields don't need to be restored in this case. --> |
| <Class name="org.apache.kudu.backup.KuduBackupRDD"/> |
| <Or> |
| <Field name="options" /> |
| <Field name="sc" /> |
| <Field name="table" /> |
| </Or> |
| <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" /> |
| </Match> |
| <Match> |
| <!-- The casts in these methods are known and safe. --> |
| <Class name="org.apache.kudu.backup.KuduBackupRDD"/> |
| <Or> |
| <Method name="compute" /> |
| <Method name="getPreferredLocations" /> |
| </Or> |
| <Bug pattern="BC_UNCONFIRMED_CAST" /> |
| </Match> |
| |
| <!-- kudu-client exclusions --> |
| <Match> |
| <!-- Reference equality is intended here. --> |
| <Class name="org.apache.kudu.client.AsyncKuduClient"/> |
| <Method name="isMasterTable" /> |
| <Bug pattern="ES_COMPARING_PARAMETER_STRING_WITH_EQ" /> |
| </Match> |
| <Match> |
| <!-- These classes have exception in the name because they hold an exception. --> |
| <Or> |
| <Class name="org.apache.kudu.client.AuthzTokenCache$RpcAndException"/> |
| <Class name="org.apache.kudu.client.KuduException$OriginalException"/> |
| </Or> |
| <Bug pattern="NM_CLASS_NOT_EXCEPTION" /> |
| </Match> |
| <Match> |
| <!-- Though returning null is a bad practice, changing this now breaks expectations. --> |
| <Or> |
| <And> |
| <Class name="org.apache.kudu.client.KuduRpc"/> |
| <Method name="partitionKey" /> |
| </And> |
| <And> |
| <Class name="org.apache.kudu.client.ColumnRangePredicate"/> |
| <Method name="toByteArray" /> |
| </And> |
| </Or> |
| <Bug pattern="PZLA_PREFER_ZERO_LENGTH_ARRAYS" /> |
| </Match> |
| <Match> |
| <!-- The return value isn't needed. --> |
| <Class name="org.apache.kudu.client.ErrorCollector"/> |
| <Or> |
| <Method name="addError" /> |
| <Method name="resize" /> |
| </Or> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED" /> |
| </Match> |
| <Match> |
| <!-- Status has manny upper case methods, but changing it would be breaking. --> |
| <Class name="org.apache.kudu.client.Status"/> |
| <Bug pattern="NM_METHOD_NAMING_CONVENTION" /> |
| </Match> |
| <Match> |
| <!-- These instances of floating point equality are correct. --> |
| <Or> |
| <And> |
| <Class name="org.apache.kudu.client.KuduPredicate"/> |
| <Method name="areConsecutive" /> |
| </And> |
| <And> |
| <Class name="org.apache.kudu.client.PartialRow"/> |
| <Or> |
| <Method name="incrementColumn" /> |
| <Method name="isCellEqual" /> |
| <Method name="isCellIncremented" /> |
| </Or> |
| </And> |
| </Or> |
| <Bug pattern="FE_FLOATING_POINT_EQUALITY" /> |
| </Match> |
| <Match> |
| <!-- This cast is safe. --> |
| <Class name="org.apache.kudu.client.Negotiator"/> |
| <Method name="evaluateChallenge" /> |
| <Bug pattern="BC_UNCONFIRMED_CAST_OF_RETURN_VALUE" /> |
| </Match> |
| <Match> |
| <!-- Changing this would break public API. --> |
| <Class name="org.apache.kudu.client.AlterTableResponse"/> |
| <Method name="getTsUUID" /> |
| <Bug pattern="NM_CONFUSING" /> |
| </Match> |
| |
| <Match> |
| <!-- The nullable annotation is from Guava and therefore can't be changed. |
| Guava is adding `@Nullable` on the parent `apply` method from the guava Predicate |
| implementation for `gtePred` and `ltPred` and that's being detected by SpotBugs for |
| some reason. |
| --> |
| <Class name="~org\.apache\.kudu\.client\.TestFlexiblePartitioning.*"/> |
| <Bug pattern="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE" /> |
| </Match> |
| <Match> |
| <!-- Adjusts AsyncKuduClient.FETCH_TABLETS_PER_RANGE_LOOKUP for testing purposes. --> |
| <Class name="org.apache.kudu.client.TestScanToken"/> |
| <Method name="testScanTokens" /> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" /> |
| </Match> |
| <Match> |
| <!-- Adjusts TableLocationsCache.ticker for testing purposes. --> |
| <Class name="org.apache.kudu.client.TestTableLocationsCache"/> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" /> |
| </Match> |
| <Match> |
| <!-- This is a private API and a null array is expected/handled. --> |
| <Class name="org.apache.kudu.util.NetUtil"/> |
| <Method name="getAllInetAddresses" /> |
| <Bug pattern="PZLA_PREFER_ZERO_LENGTH_ARRAYS" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.kudu.util.HashUtil"/> |
| <Method name="fastHash64" /> |
| <Or> |
| <!-- This is the expected behavior. --> |
| <Bug pattern="BIT_ADD_OF_SIGNED_BYTE" /> |
| <!-- The fallthrough is intended and documented. --> |
| <Bug pattern="SF_SWITCH_FALLTHROUGH" /> |
| <!-- All cases are handled. --> |
| <Bug pattern="SF_SWITCH_NO_DEFAULT" /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Null pointer dereference isn't possible given we check for existence. --> |
| <Class name="org.apache.kudu.client.RpcTraceFrame"/> |
| <Method name="getHumanReadableSummaryStringForTraces" /> |
| <Bug pattern="NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE" /> |
| </Match> |
| |
| <!-- kudu-client-tools exclusions --> |
| <Match> |
| <!-- The rule doesn't need to be read. --> |
| <Class name="org.apache.kudu.mapreduce.tools.ITImportParquetPreCheck"/> |
| <Field name="chain" /> |
| <Bug pattern="URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD" /> |
| </Match> |
| |
| <!-- kudu-mapreduce exclusions --> |
| <Match> |
| <!-- This is a false positive. --> |
| <Class name="org.apache.kudu.mapreduce.TestJarFinder"/> |
| <Method name="writeManifest" /> |
| <Bug pattern="OBL_UNSATISFIED_OBLIGATION" /> |
| </Match> |
| |
| <!-- kudu-spark exclusions --> |
| <Match> |
| <!-- These fields don't need to be restored in this case. --> |
| <Class name="org.apache.kudu.spark.kudu.KuduRDD"/> |
| <Or> |
| <Field name="options" /> |
| <Field name="predicates"/> |
| <Field name="projectedCols"/> |
| <Field name="sc"/> |
| <Field name="table"/> |
| </Or> |
| <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" /> |
| </Match> |
| <Match> |
| <!-- The casts in these methods are known and safe. --> |
| <Class name="org.apache.kudu.spark.kudu.KuduRDD"/> |
| <Or> |
| <Method name="compute" /> |
| <Method name="getPreferredLocations" /> |
| </Or> |
| <Bug pattern="BC_UNCONFIRMED_CAST" /> |
| </Match> |
| <Match> |
| <!-- These fields don't need to be restored in this case. --> |
| <Class name="org.apache.kudu.spark.kudu.KuduContext"/> |
| <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" /> |
| </Match> |
| <Match> |
| <!-- This instance of floating point equality is correct. --> |
| <Class name="~org\.apache\.kudu\.spark\.kudu\.KuduContextTest.*"/> |
| <Bug pattern="FE_FLOATING_POINT_EQUALITY" /> |
| </Match> |
| |
| <!-- kudu-subprocess exclusions --> |
| <Match> |
| <!-- We want to ignore the exception. --> |
| <Class name="org.apache.kudu.subprocess.echo.EchoProtocolHandler"/> |
| <Bug pattern="DE_MIGHT_IGNORE" /> |
| </Match> |
| <Match> |
| <!-- This is not a security concern. --> |
| <Class name="org.apache.kudu.subprocess.SubprocessTestUtil"/> |
| <Field name="NO_ARGS" /> |
| <Bug pattern="MS_MUTABLE_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- We need to exit instead of throwing RuntimeException to make sure |
| all threads stop --> |
| <Class name="org.apache.kudu.subprocess.SubprocessExecutor"/> |
| <Bug pattern="DM_EXIT"/> |
| </Match> |
| <Match> |
| <!-- This is done to simplify testing. --> |
| <Class name="org.apache.kudu.subprocess.ranger.TestRangerSubprocess"/> |
| <Method name="mockAuthorizer" /> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" /> |
| </Match> |
| |
| <!-- kudu-test-utils exclusions --> |
| <Match> |
| <!-- There is nothing useful to do with the File.delete() return value. --> |
| <Class name="org.apache.kudu.test.CapturingToFileLogAppender"/> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" /> |
| </Match> |
| <Match> |
| <!-- This is a mock for a test and doesn't need to be serialized. --> |
| <Class name="org.apache.kudu.test.junit.TestResultReporter$MockFlakyTestServlet"/> |
| <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" /> |
| </Match> |
| <Match> |
| <!-- This is okay in a test context. --> |
| <Class name="org.apache.kudu.test.cluster.FakeDNS"/> |
| <Bug pattern="DP_DO_INSIDE_DO_PRIVILEGED" /> |
| </Match> |
| </FindBugsFilter> |