OOZIE-3690 [server] Fix current SpotBugs discovered issues in Oozie's server module (jmakai via dionusos)
diff --git a/release-log.txt b/release-log.txt
index f0a4c02..3de89b7 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 5.3.0 release (trunk - unreleased)
+OOZIE-3690 [server] Fix current SpotBugs discovered issues in Oozie's server module (jmakai via dionusos)
OOZIE-3692 [sharelib-spark] Fix current SpotBugs discovered issues in Oozie's sharelib-spark module (jmakai via dionusos)
OOZIE-3693 [examples] Fix current SpotBugs discovered issues in Oozie's examples module (jmakai via dionusos)
OOZIE-3696 [sharelib-git] Fix current SpotBugs discovered issues in Oozie's sharelib-git module (dionusos via jmakai)
diff --git a/server/pom.xml b/server/pom.xml
index b03ff72..b312c22 100644
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -153,6 +153,13 @@
<build>
<plugins>
<plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <configuration>
+ <excludeFilterFile>${basedir}/spotbugs-filter.xml</excludeFilterFile>
+ </configuration>
+ </plugin>
+ <plugin>
<groupId>org.apache.openjpa</groupId>
<artifactId>openjpa-maven-plugin</artifactId>
</plugin>
diff --git a/server/spotbugs-filter.xml b/server/spotbugs-filter.xml
new file mode 100644
index 0000000..0f571d8
--- /dev/null
+++ b/server/spotbugs-filter.xml
@@ -0,0 +1,25 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<FindBugsFilter>
+ <!-- Since Java 7 update 40 or Java 8+, the NULL byte injection in filenames is fixed so `WEAK_FILENAMEUTILS`
+ can be filtered in JspHandlerProvider class -->
+ <Match>
+ <Class name="org.apache.oozie.server.guice.JspHandlerProvider"/>
+ <Bug pattern="WEAK_FILENAMEUTILS" />
+ </Match>
+</FindBugsFilter>
\ No newline at end of file
diff --git a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
index 5cecf7c..5b123e9 100644
--- a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
+++ b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
@@ -228,13 +228,13 @@
}
private boolean isSecured() {
- String isSSLEnabled = conf.get("oozie.https.enabled");
+ boolean isSSLEnabled = Boolean.parseBoolean(conf.get("oozie.https.enabled"));
LOG.info("Server started with oozie.https.enabled = " + isSSLEnabled);
- return isSSLEnabled != null && Boolean.valueOf(isSSLEnabled);
+ return isSSLEnabled;
}
public static void setContextPath(Configuration oozieConfiguration) {
- String baseUrl = oozieConfiguration.get("oozie.base.url");
+ String baseUrl = oozieConfiguration.get("oozie.base.url").replaceAll("[\r\n]","");
String contextPath = baseUrl.substring(baseUrl.lastIndexOf("/"));
LOG.info("Server started with contextPath = " + contextPath);
EmbeddedOozieServer.contextPath = contextPath;
diff --git a/server/src/main/java/org/apache/oozie/server/JspHandler.java b/server/src/main/java/org/apache/oozie/server/JspHandler.java
index 3b948c4..a95f24e 100644
--- a/server/src/main/java/org/apache/oozie/server/JspHandler.java
+++ b/server/src/main/java/org/apache/oozie/server/JspHandler.java
@@ -57,7 +57,8 @@
private File getScratchDir() throws IOException
{
if (scratchDir.exists()) {
- LOG.info(String.format("Scratch directory exists and will be reused: %s", scratchDir.getAbsolutePath()));
+ LOG.info(String.format("Scratch directory exists and will be reused: %s",
+ scratchDir.getAbsolutePath().replaceAll("[\r\n]","")));
return scratchDir;
}
@@ -65,7 +66,7 @@
throw new IOException("Unable to create scratch directory: " + scratchDir);
}
- LOG.info(String.format("Scratch directory created: %s", scratchDir.getAbsolutePath()));
+ LOG.info(String.format("Scratch directory created: %s", scratchDir.getAbsolutePath().replaceAll("[\r\n]","")));
return scratchDir;
}
diff --git a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
index 3ba073a..03281b6 100644
--- a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
+++ b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
@@ -103,7 +103,8 @@
String[] excludeCipherSuites = excludeCipherList.split(",");
sslContextFactory.setExcludeCipherSuites(excludeCipherSuites);
- LOG.info(String.format("SSL context - excluding cipher suites: %s", Arrays.toString(excludeCipherSuites)));
+ LOG.info(String.format("SSL context - excluding cipher suites: %s",
+ Arrays.toString(excludeCipherSuites).replaceAll("[\r\n]","")));
}
private void setIncludeCipherSuites() {
@@ -115,7 +116,8 @@
String[] includeCipherSuites = includeCipherList.split(",");
sslContextFactory.setIncludeCipherSuites(includeCipherSuites);
- LOG.info(String.format("SSL context - including cipher suites: %s", Arrays.toString(includeCipherSuites)));
+ LOG.info(String.format("SSL context - including cipher suites: %s",
+ Arrays.toString(includeCipherSuites).replaceAll("[\r\n]","")));
}
private void setIncludeProtocols() {
@@ -123,7 +125,8 @@
String[] enabledProtocols = enabledProtocolsList.split(",");
sslContextFactory.setIncludeProtocols(enabledProtocols);
- LOG.info(String.format("SSL context - including protocols: %s", Arrays.toString(enabledProtocols)));
+ LOG.info(String.format("SSL context - including protocols: %s",
+ Arrays.toString(enabledProtocols).replaceAll("[\r\n]","")));
}
private void setExcludeProtocols() {
@@ -133,7 +136,8 @@
}
String[] excludedProtocols = excludedProtocolsList.split(",");
sslContextFactory.setExcludeProtocols(excludedProtocols);
- LOG.info(String.format("SSL context - excluding protocols: %s", Arrays.toString(excludedProtocols)));
+ LOG.info(String.format("SSL context - excluding protocols: %s",
+ Arrays.toString(excludedProtocols).replaceAll("[\r\n]","")));
}
private void setKeystorePass() {
diff --git a/server/src/main/java/org/apache/oozie/server/ServletMapper.java b/server/src/main/java/org/apache/oozie/server/ServletMapper.java
index fcc7d92..f025093 100644
--- a/server/src/main/java/org/apache/oozie/server/ServletMapper.java
+++ b/server/src/main/java/org/apache/oozie/server/ServletMapper.java
@@ -97,7 +97,7 @@
try {
servletContextHandler.addServlet(new ServletHolder(servletClass.newInstance()), servletPath);
} catch (final InstantiationException | IllegalAccessException e) {
- LOG.error(e.getMessage(), e);
+ LOG.error(e.getMessage().replaceAll("[\r\n]",""), e);
}
}
}
diff --git a/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java b/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java
index 8a54a9a..3ce867f 100644
--- a/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java
+++ b/server/src/main/java/org/apache/oozie/server/guice/JspHandlerProvider.java
@@ -20,6 +20,7 @@
import com.google.inject.Inject;
import com.google.inject.Provider;
+import org.apache.commons.io.FilenameUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.oozie.server.JspHandler;
import org.apache.oozie.server.WebRootResourceLocator;
@@ -40,7 +41,8 @@
@Override
public JspHandler get() {
- final File tempDir = new File(oozieConfiguration.get(OOZIE_JSP_TMP_DIR), EMBEDDED_JETTY_JSP_DIR);
+ final File tempDir = new File(FilenameUtils.getName(oozieConfiguration.get(OOZIE_JSP_TMP_DIR)),
+ FilenameUtils.getName(EMBEDDED_JETTY_JSP_DIR));
return new JspHandler(tempDir, new WebRootResourceLocator());
}
diff --git a/server/src/test/java/org/apache/oozie/server/TestJspHandler.java b/server/src/test/java/org/apache/oozie/server/TestJspHandler.java
index be05583..c113cbf 100644
--- a/server/src/test/java/org/apache/oozie/server/TestJspHandler.java
+++ b/server/src/test/java/org/apache/oozie/server/TestJspHandler.java
@@ -63,6 +63,7 @@
public void scratchDir_Is_Created_When_Setup_Called_And_ScratchDir_Did_Not_Exist() throws IOException, URISyntaxException {
when(mockScratchDir.exists()).thenReturn(false);
when(mockScratchDir.mkdirs()).thenReturn(true);
+ when(mockScratchDir.getAbsolutePath()).thenReturn("foobar");
jspHandler.setupWebAppContext(mockWebAppContext);
@@ -84,6 +85,7 @@
@Test
public void scratchDir_Is_Reused_When_Setup_Called_And_ScratchDir_Existed() throws IOException, URISyntaxException {
when(mockScratchDir.exists()).thenReturn(true);
+ when(mockScratchDir.getAbsolutePath()).thenReturn("foobar");
jspHandler.setupWebAppContext(mockWebAppContext);