| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <FindBugsFilter> |
| <!-- Considered to be false positives --> |
| <Match> |
| <!-- Only base null is handled by this resolver --> |
| <Class name="javax.el.BeanNameELResolver"/> |
| <Or> |
| <Method name="getType" /> |
| <Method name="getValue" /> |
| <Method name="isReadOnly" /> |
| <Method name="setValue" /> |
| </Or> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Only base null is handled by this resolver --> |
| <Class name="javax.servlet.jsp.el.ImplicitObjectELResolver"/> |
| <Or> |
| <Method name="getType" /> |
| <Method name="getValue" /> |
| <Method name="isReadOnly" /> |
| <Method name="setValue" /> |
| </Or> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <Class name="javax.servlet.jsp.el.ImplicitObjectELResolver$ScopeMap$ScopeEntry"/> |
| <Method name="equals"/> |
| <Bug code="Eq" /> |
| </Match> |
| <Match> |
| <!-- Only base null is handled by this resolver --> |
| <Class name="javax.servlet.jsp.el.ScopedAttributeELResolver"/> |
| <Or> |
| <Method name="getType" /> |
| <Method name="getValue" /> |
| <Method name="isReadOnly" /> |
| <Method name="setValue" /> |
| </Or> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Cannot do anything about this. API is fixed by the specification. --> |
| <Class name="javax.servlet.jsp.tagext.TagData"/> |
| <Bug code="CN" /> |
| </Match> |
| <Match> |
| <!-- Yes the simple name is the same as the super class. Accept it. --> |
| <Class name="org.apache.catalina.Executor" /> |
| <Bug code="Nm" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.ant.AbstractCatalinaTask"/> |
| <Method name="execute"/> |
| <Bug code="REC"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.ant.jmx.JMXAccessorConditionBase"/> |
| <Method name="accessJMXValue"/> |
| <Bug code="REC"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.authenticator.AuthenticatorBase"/> |
| <Field name="sessionIdGenerator"/> |
| <Bug code="IS"/> |
| </Match> |
| <Match> |
| <!-- request.getCoyoteRequest().getRemoteUser() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.authenticator.AuthenticatorBase"/> |
| <Method name="checkForCachedAuthentication"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- request.getQueryString() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.authenticator.DigestAuthenticator$DigestInfo"/> |
| <Method name="validate"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- Method is synchronized therefore not an issue --> |
| <Class name="org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo"/> |
| <Bug code="VO"/> |
| </Match> |
| <Match> |
| <!-- request.getPathInfo(), request.getDecodedRequestURI() can return null |
| because o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.authenticator.FormAuthenticator"/> |
| <Or> |
| <Method name="doAuthenticate"/> |
| <Method name="matchRequest"/> |
| </Or> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- False positive. It is lifecycle state that is being protected --> |
| <Class name="org.apache.catalina.authenticator.SingleSignOn" /> |
| <Field name="engine" /> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- req.getRemoteUser(), req.getAuthType(), request.getQueryString() can |
| return null because o.a.t.util.buf.MessageBytes.toString() can return NULL |
| --> |
| <Class name="org.apache.catalina.connector.CoyoteAdapter"/> |
| <Or> |
| <Method name="doConnectorAuthenticationAuthorization"/> |
| <Method name="postParseRequest"/> |
| </Or> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.connector.CoyoteReader"/> |
| <Method name="readLine"/> |
| <Bug code="RR"/> |
| </Match> |
| <Match> |
| <!-- request.getPathInfo(), scookie.getDomain() can return null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.connector.Request"/> |
| <Or> |
| <Method name="getRequestDispatcher"/> |
| <Method name="getPathTranslated"/> |
| <Method name="convertCookies"/> |
| </Or> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is a fallback when calculating the |
| length of the string --> |
| <Class name="org.apache.catalina.connector.Request"/> |
| <Method name="parseParts"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- JNI library can only be loaded once so statics are appropriate --> |
| <Class name="org.apache.catalina.core.AprLifecycleListener" /> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <!-- request.getQueryString() can return null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.core.AsyncContextImpl"/> |
| <Method name="logDebug"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- Exception caught deliberately --> |
| <Class name="org.apache.catalina.core.NamingContextListener" /> |
| <Method name="constructEnvEntry" /> |
| <Bug pattern="REC_CATCH_EXCEPTION" /> |
| </Match> |
| <Match> |
| <!-- Code uses same approach as CopyOnWriteArrayList --> |
| <Class name="org.apache.catalina.core.StandardContext" /> |
| <Field name="constraints" /> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- Sync is for lifecycle state, not CookieProcessor --> |
| <Class name="org.apache.catalina.core.StandardContext" /> |
| <Field name="cookieProcessor" /> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- Use of new String() is deliberate --> |
| <Class name="org.apache.catalina.core.StandardContext" /> |
| <Method name="setResponseCharacterEncoding" /> |
| <Bug pattern="DM_STRING_CTOR" /> |
| </Match> |
| <Match> |
| <!-- Calling sleep while holding a lock is deliberate --> |
| <Class name="org.apache.catalina.core.StandardContext" /> |
| <Method name="stopInternal" /> |
| <Bug pattern="SWL_SLEEP_WITH_LOCK_HELD" /> |
| </Match> |
| <Match> |
| <!-- Have to trigger GC for leak detection to work. Clearly documented --> |
| <Class name="org.apache.catalina.core.StandardHost" /> |
| <Method name="findReloadedContextMemoryLeaks" /> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- This could be optimised but a) the code would be less clear and --> |
| <!-- b) SpotBugs still reports an error with the optimised code. --> |
| <Class name="org.apache.catalina.core.StandardServer"/> |
| <Method name="startPeriodicLifecycleEvent"/> |
| <Bug pattern="RpC_REPEATED_CONDITIONAL_TEST "/> |
| </Match> |
| <Match> |
| <!-- Sync not targeting these fields --> |
| <Class name="org.apache.catalina.core.StandardWrapper" /> |
| <Or> |
| <Field name="multipartConfigElement" /> |
| <Field name="servletClass" /> |
| <Field name="swallowOutput" /> |
| <Field name="unloadDelay" /> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- There is only a single wait condition --> |
| <Class name="org.apache.catalina.core.StandardWrapper" /> |
| <Method name="deallocate" /> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Match> |
| <Match> |
| <!-- Sleep is of short duration and lock is required --> |
| <Class name="org.apache.catalina.core.StandardWrapper" /> |
| <Method name="unload" /> |
| <Bug code="SWL" /> |
| </Match> |
| <Match> |
| <!-- null return value is documented --> |
| <Class name="org.apache.catalina.core.StandardWrapper" /> |
| <Method name="isSingleThreadModel" /> |
| <Bug pattern="NP_BOOLEAN_RETURN_NULL" /> |
| </Match> |
| <Match> |
| <!-- The code is adding HTTP request headers, not parameters and the |
| header parsing on input will have removed any CR or LF characters. --> |
| <Class name="org.apache.catalina.filters.CorsFilter" /> |
| <Method name="addStandardHeaders" /> |
| <Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" /> |
| </Match> |
| <Match> |
| <!-- ParseException is ignored in loop but handled afterwards if all formats failed --> |
| <Class name="org.apache.catalina.filters.RemoteIpFilter$XForwardedRequest" /> |
| <Method name="getDateHeader" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <!-- False positive. It is lifecycle state that is being protected --> |
| <Class name="org.apache.catalina.ha.authenticator.ClusterSingleSignOn" /> |
| <Field name="cluster" /> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- shost will not be null in normal usage --> |
| <Class name="org.apache.catalina.ha.backend.CollectedInfo" /> |
| <Method name="init" /> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Ignore IOException when closing input/output streams in cleanup --> |
| <Class name="org.apache.catalina.ha.deploy.FileMessageFactory" /> |
| <Method name="cleanup" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <!-- Ignore exceptions from Thread.sleep() --> |
| <Class name="org.apache.catalina.ha.session.DeltaManager" /> |
| <Or> |
| <Method name="handleGET_ALL_SESSIONS" /> |
| <Method name="waitForSendAllSessions" /> |
| </Or> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <!-- False positive caused by additional method syncs --> |
| <Class name="org.apache.catalina.ha.session.DeltaManager" /> |
| <Field name="receiverQueue" /> |
| <Pattern code="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- False positive caused by method syncs --> |
| <Class name="org.apache.catalina.ha.session.JvmRouteBinderValve" /> |
| <Field name="cluster" /> |
| <Pattern code="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- Design choice to reduce need for syncs --> |
| <Class name="org.apache.catalina.ha.tcp.ReplicationValve" /> |
| <Or> |
| <Field name="nrOfCrossContextSendRequests" /> |
| <Field name="nrOfFilterRequests" /> |
| <Field name="nrOfRequests" /> |
| <Field name="nrOfSendRequests" /> |
| </Or> |
| <Pattern code="VO_VOLATILE_INCREMENT" /> |
| </Match> |
| <Match> |
| <!-- Thread never executed so empty run method not an issue --> |
| <Class name="org.apache.catalina.loader.WebappClassLoaderBase" /> |
| <Method name="clearReferences" /> |
| <Bug pattern="DM_USELESS_THREAD" /> |
| </Match> |
| <Match> |
| <!-- Field is only modified during Servlet load --> |
| <Class name="org.apache.catalina.manager.host.HostManagerServlet" /> |
| <Or> |
| <Field name="context" /> |
| <Field name="installedHost" /> |
| <Field name="engine" /> |
| <Field name="wrapper" /> |
| </Or> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD" /> |
| </Match> |
| <Match> |
| <!-- Catching exception is simpler than handling all the individual ones --> |
| <Class name="org.apache.catalina.manager.util.SessionUtils" /> |
| <Method name="guessLocaleFromSession" /> |
| <Bug code="REC" /> |
| </Match> |
| <Match> |
| <!-- The fields are only set in setWrapper() which Tomcat calls once during |
| initialisation. All other accesses are reads. --> |
| <Class name="org.apache.catalina.manager.ManagerServlet" /> |
| <Or> |
| <Field name="context" /> |
| <Field name="host" /> |
| <Field name="mBeanServer" /> |
| <Field name="oname" /> |
| <Field name="wrapper" /> |
| </Or> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD" /> |
| </Match> |
| <Match> |
| <!-- The array contents is never mutated. --> |
| <Class name="org.apache.catalina.mapper.Mapper" /> |
| <Field name="hosts" /> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- The array contents is never mutated. --> |
| <Class name="org.apache.catalina.mapper.Mapper$MappedContext" /> |
| <Field name="versions" /> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- Object is used via side-effect of creation. --> |
| <Class name="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" /> |
| <Method name="createServer" /> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE" /> |
| </Match> |
| <Match> |
| <!-- SQL construction is safe since it is from trusted config --> |
| <Or> |
| <Class name="org.apache.catalina.realm.DataSourceRealm" /> |
| <Class name="org.apache.catalina.realm.JDBCRealm" /> |
| </Or> |
| <Or> |
| <Method name="credentials" /> |
| <Method name="getPassword" /> |
| <Method name="getRoles" /> |
| <Method name="roles" /> |
| </Or> |
| <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.realm.JDBCRealm" /> |
| <Field name="containerLog" /> |
| <Bug code="IS" /> |
| </Match> |
| <Match> |
| <!-- Sync is protecting preparedRoles, not these fields --> |
| <Class name="org.apache.catalina.realm.JDBCRealm" /> |
| <Or> |
| <Field name="roleNameCol" /> |
| <Field name="userRoleTable" /> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC " /> |
| </Match> |
| <Match> |
| <!-- roles will be initialized in addAttributeValues --> |
| <Class name="org.apache.catalina.realm.JNDIRealm" /> |
| <Or> |
| <Method name="getUserByPattern" /> |
| <Method name="getUserBySearch" /> |
| </Or> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Sync is protecting authenticate90, not this field --> |
| <Class name="org.apache.catalina.realm.JNDIRealm" /> |
| <Field name="userPatternFormatArray" /> |
| <Bug pattern="IS2_INCONSISTENT_SYNC " /> |
| </Match> |
| <Match> |
| <!-- request.getRequestPathMB(), request.getQueryString() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.realm.RealmBase"/> |
| <Or> |
| <Method name="findSecurityConstraints"/> |
| <Method name="hasUserDataPermission"/> |
| </Or> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- If encoding is specified it will be used, |
| otherwise platform default encoding will be used --> |
| <Class name="org.apache.catalina.realm.RealmBase"/> |
| <Method name="Digest"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- The header value is safe --> |
| <Class name="org.apache.catalina.servlets.DefaultServlet" /> |
| <Method name="doDirectoryRedirect" /> |
| <Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" /> |
| </Match> |
| <Match> |
| <!-- If encoding is specified it will be used, |
| otherwise platform default encoding will be used --> |
| <Class name="org.apache.catalina.servlets.DefaultServlet"/> |
| <Or> |
| <Method name="copy"/> |
| <Method name="getReadme"/> |
| </Or> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- The use of != with a String is a deliberate hack --> |
| <Class name="org.apache.catalina.servlets.DefaultServlet" /> |
| <Method name="serveResource" /> |
| <Bug pattern="ES_COMPARING_STRINGS_WITH_EQ" /> |
| </Match> |
| <Match> |
| <!-- Non-constant strings are configuration settings rather than client |
| supplied --> |
| <Class name="org.apache.catalina.session.JDBCStore" /> |
| <Or> |
| <Method name="clear" /> |
| <Method name="getSize" /> |
| <Method name="keys" /> |
| <Method name="load" /> |
| <Method name="remove" /> |
| <Method name="save" /> |
| </Or> |
| <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" /> |
| </Match> |
| <Match> |
| <!-- Syncs aren't intended to protect these fields --> |
| <Class name="org.apache.catalina.session.JDBCStore" /> |
| <Or> |
| <Field name="dataSourceName" /> |
| <Field name="sessionAppCol" /> |
| <Field name="sessionIdCol" /> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- We can live with the threading issue. See code comment for details. --> |
| <Class name="org.apache.catalina.session.ManagerBase" /> |
| <Method name="generateSessionId" /> |
| <Bug code="VO" /> |
| </Match> |
| <Match> |
| <!-- These fields should not be serialized with the session --> |
| <Class name="org.apache.catalina.session.StandardSession" /> |
| <Or> |
| <Field name="listeners" /> |
| <Field name="notes" /> |
| <Field name="support" /> |
| </Or> |
| <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" /> |
| </Match> |
| <Match> |
| <!-- Use of null is deliberate --> |
| <Class name="org.apache.catalina.ssi.ExpressionParseTree" /> |
| <Method name="pushOpp" /> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- If encoding is specified it will be used, |
| otherwise platform default encoding will be used --> |
| <Class name="org.apache.catalina.ssi.SSIServlet"/> |
| <Method name="processSSI"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- If encoding is specified it will be used, |
| otherwise platform default encoding will be used --> |
| <Class name="org.apache.catalina.ssi.SSIServletExternalResolver"/> |
| <Method name="getFileText"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- Dead store is deliberate to test URL validity --> |
| <Class name="org.apache.catalina.startup.Bootstrap" /> |
| <Method name="createClassLoader" /> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE" /> |
| </Match> |
| <Match> |
| <!-- Failure at this point is fatal --> |
| <Class name="org.apache.catalina.startup.Bootstrap" /> |
| <Method name="initClassLoaders" /> |
| <Bug pattern="DM_EXIT" /> |
| </Match> |
| <Match> |
| <!-- Catalina isn't used when embedding --> |
| <Class name="org.apache.catalina.startup.Catalina" /> |
| <Method name="stopServer" /> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- The stream is closed in WebXmlParser.parseWebXml --> |
| <Class name="org.apache.catalina.startup.ContextConfig" /> |
| <Or> |
| <Method name="getContextWebXmlSource" /> |
| <Method name="getWebXmlSource" /> |
| </Or> |
| <Bug code="OBL" /> |
| </Match> |
| <Match> |
| <!-- Method checks result and logs error later --> |
| <Class name="org.apache.catalina.startup.ExpandWar" /> |
| <Method name="deleteDir" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" /> |
| </Match> |
| <Match> |
| <!-- Sleep is short, needs to keep lock --> |
| <Class name="org.apache.catalina.startup.HostConfig" /> |
| <Method name="checkResources" /> |
| <Bug code="SWL" /> |
| </Match> |
| <Match> |
| <!-- context is never null --> |
| <Class name="org.apache.catalina.startup.HostConfig" /> |
| <Or> |
| <Method name="deployDescriptor" /> |
| <Method name="deployDirectory" /> |
| <Method name="deployWAR" /> |
| </Or> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- If old -> save worked, assume save -> old will to --> |
| <Class name="org.apache.catalina.storeconfig.StoreFileMover" /> |
| <Method name="move" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" /> |
| </Match> |
| <Match> |
| <!-- Monitor only used for election --> |
| <Class name="org.apache.catalina.tribes.group.interceptors.NonBlockingCoordinator"/> |
| <Method name="startElection"/> |
| <Bug pattern="WA_NOT_IN_LOOP"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> |
| <Method name="memberAlive"/> |
| <Bug code="DE"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.group.ChannelCoordinator"/> |
| <Field name="membershipService"/> |
| <Bug pattern="IS2_INCONSISTENT_SYNC"/> |
| </Match> |
| <Match> |
| <!-- This could be optimised but a) the code would be less clear and --> |
| <!-- b) SpotBugs still reports an error with the optimised code. --> |
| <Class name="org.apache.catalina.tribes.group.GroupChannel"/> |
| <Method name="startHeartbeat"/> |
| <Bug pattern="RpC_REPEATED_CONDITIONAL_TEST "/> |
| </Match> |
| <Match> |
| <!-- False positive. It is lifecycle state that is being protected --> |
| <Class name="org.apache.catalina.tribes.group.GroupChannel" /> |
| <Field name="utilityExecutor" /> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.group.RpcChannel"/> |
| <Method name="send"/> |
| <Bug pattern="WA_NOT_IN_LOOP"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/> |
| <Method name="stop"/> |
| <Bug code="DE"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.membership.McastServiceImpl$ReceiverThread"/> |
| <Method name="run"/> |
| <Bug code="DE"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.membership.McastServiceImpl$RecoveryThread"/> |
| <Method name="run"/> |
| <Bug code="NS"/> |
| </Match> |
| <Match> |
| <!-- Sync is to protect construction of data not individual fields --> |
| <Class name="org.apache.catalina.tribes.membership.MemberImpl"/> |
| <Or> |
| <Method name="getCommand"/> |
| <Method name="getDomain"/> |
| <Method name="getHost"/> |
| <Method name="getPayload"/> |
| <Method name="getPort"/> |
| <Method name="getSecurePort"/> |
| <Method name="getUdpPort"/> |
| <Method name="getUniqueId"/> |
| </Or> |
| <Bug pattern="UG_SYNC_SET_UNSYNC_GET"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.membership.MemberImpl"/> |
| <Field name="dataPkg"/> |
| <Bug pattern="IS2_INCONSISTENT_SYNC"/> |
| </Match> |
| <Match> |
| <!-- Byte arrays contents are not mutated --> |
| <Class name="org.apache.catalina.tribes.membership.MemberImpl"/> |
| <Or> |
| <Field name="command"/> |
| <Field name="domain"/> |
| <Field name="host"/> |
| <Field name="payload"/> |
| <Field name="uniqueId"/> |
| </Or> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/> |
| </Match> |
| <Match> |
| <!-- lock is in clone so this is safe --> |
| <Class name="org.apache.catalina.tribes.membership.Membership" /> |
| <Method name="clone" /> |
| <Bug pattern="ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD" /> |
| </Match> |
| <Match> |
| <!-- Byte arrays contents are not mutated --> |
| <Class name="org.apache.catalina.tribes.membership.Membership" /> |
| <Field name="members"/> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/> |
| </Match> |
| <Match> |
| <!-- Fields are always recalculated on access --> |
| <Class name="org.apache.catalina.tribes.tipis.AbstractReplicatedMap$MapMessage" /> |
| <Or> |
| <Field name="key" /> |
| <Field name="value" /> |
| </Or> |
| <Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" /> |
| </Match> |
| <Match> |
| <!-- Sync is not intended to protect access to this field --> |
| <Class name="org.apache.catalina.tribes.transport.ReplicationTransmitter"/> |
| <Field name="oname"/> |
| <Bug pattern="IS2_INCONSISTENT_SYNC"/> |
| </Match> |
| <Match> |
| <!-- Intentional in case thread is waiting --> |
| <Class name="org.apache.catalina.tribes.transport.RxTaskPool"/> |
| <Method name="returnWorker"/> |
| <Bug code="NN"/> |
| </Match> |
| <Match> |
| <!-- Sync is to protect multiple against calls to connect() --> |
| <Class name="org.apache.catalina.tribes.transport.nio.NioSender"/> |
| <Or> |
| <Field name="dataChannel"/> |
| <Field name="socketChannel"/> |
| <Field name="writebuf"/> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC"/> |
| </Match> |
| <Match> |
| <!-- Byte arrays contents are not mutated --> |
| <Class name="org.apache.catalina.tribes.transport.nio.NioSender"/> |
| <Field name="current"/> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.util.LifecycleBase" /> |
| <Method name="getState"/> |
| <Bug code="UG" /> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is a fallback --> |
| <Class name="org.apache.catalina.util.URLEncoder"/> |
| <Method name="encode"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- request.getRemoteHost() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.valves.AbstractAccessLogValve$HostElement"/> |
| <Method name="addElement"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- request.getMethod() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.valves.AbstractAccessLogValve$RequestElement"/> |
| <Method name="addElement"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- Non-constant strings are configuration settings rather than client |
| supplied --> |
| <Class name="org.apache.catalina.valves.JDBCAccessLogValve" /> |
| <Method name="open" /> |
| <Bug code="SQL" /> |
| </Match> |
| <Match> |
| <!-- request.getQueryString() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.valves.rewrite.RewriteValve"/> |
| <Method name="invoke"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- request.getQueryString() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.catalina.valves.StuckThreadDetectionValve"/> |
| <Method name="invoke"/> |
| <Bug code="RCN"/> |
| </Match> |
| <Match> |
| <!-- Array contents is not mutated --> |
| <Class name="org.apache.catalina.webresources.CachedResource"/> |
| <Or> |
| <Field name="webResources"/> |
| <Field name="cachedContent"/> |
| </Or> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/> |
| </Match> |
| <Match> |
| <!-- Use of synchronisation is required to make a sequence of calls in --> |
| <!-- one method appear to be atomic. --> |
| <Class name="org.apache.coyote.AbstractProcessorLight"/> |
| <Or> |
| <Method name="addDispatch"/> |
| <Method name="getIteratorAndClearDispatches"/> |
| <Method name="clearDispatches"/> |
| </Or> |
| <Bug pattern="JLM_JSR166_UTILCONCURRENT_MONITORENTER" /> |
| </Match> |
| <Match> |
| <!-- This could be optimised but a) the code would be less clear and --> |
| <!-- b) SpotBugs still reports an error with the optimised code. --> |
| <Class name="org.apache.coyote.AbstractProtocol"/> |
| <Method name="startAsyncTimeout"/> |
| <Bug pattern="RpC_REPEATED_CONDITIONAL_TEST "/> |
| </Match> |
| <Match> |
| <!-- Correct behaviour does not assume sequential operations on concurrent |
| hash map are atomic. --> |
| <Class name="org.apache.coyote.AbstractProtocol$AbstractConnectionHandler" /> |
| <Method name="process" /> |
| <Bug pattern="AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION" /> |
| </Match> |
| <Match> |
| <!-- readChunk will not be null due to previous call to readBytes() --> |
| <Class name="org.apache.coyote.http11.filters.ChunkedInputFilter" /> |
| <Method name="parseHeader"/> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" /> |
| </Match> |
| <Match> |
| <!-- Locks are always released. Non-standard pattern is required because --> |
| <!-- of lock upgrade that is used. --> |
| <Class name="org.apache.coyote.http11.upgrade.AprServletInputStream" /> |
| <Method name="doRead"/> |
| <Bug code="UL" /> |
| </Match> |
| <Match> |
| <!-- Locks are always released. Non-standard pattern is required because --> |
| <!-- of lock upgrade that is used. --> |
| <Class name="org.apache.coyote.http11.upgrade.AprServletOutputStream" /> |
| <Method name="doWrite"/> |
| <Bug code="UL" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.coyote.http11.Http11Processor" /> |
| <Method name="service"/> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- Locks are always released. Non-standard pattern is required because --> |
| <!-- of lock upgrade that is used. --> |
| <Class name="org.apache.coyote.http11.InternalAprInputBuffer" /> |
| <Method name="doReadSocket"/> |
| <Bug code="UL" /> |
| </Match> |
| <Match> |
| <!-- Locks are always released. Non-standard pattern is required because --> |
| <!-- of lock upgrade that is used. --> |
| <Class name="org.apache.coyote.http11.InternalAprOutputBuffer" /> |
| <Method name="writeToSocket"/> |
| <Bug code="UL" /> |
| </Match> |
| <Match> |
| <!-- HpackDecoder is used by multiple streams but not concurrently. --> |
| <Class name="org.apache.coyote.http2.HpackDecoder" /> |
| <Method name="emitHeader" /> |
| <Bug pattern="VO_VOLATILE_INCREMENT" /> |
| </Match> |
| <Match> |
| <!-- Number being tested is unsigned. --> |
| <Class name="org.apache.coyote.http2.Http2UpgradeHandler" /> |
| <Method name="createRemoteStream" /> |
| <Bug pattern="IM_BAD_CHECK_FOR_ODD" /> |
| </Match> |
| <Match> |
| <!-- Loss of the occasional increment is acceptable. --> |
| <Class name="org.apache.coyote.http2.Http2UpgradeHandler" /> |
| <Method name="pruneClosedStreams" /> |
| <Bug pattern="VO_VOLATILE_INCREMENT" /> |
| </Match> |
| <Match> |
| <!-- Notify is correct. Condition changed outside of this method. --> |
| <Class name="org.apache.coyote.http2.Http2UpgradeHandler" /> |
| <Method name="incrementWindowSize" /> |
| <Or> |
| <Bug pattern="NN_NAKED_NOTIFY" /> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Return value is intentionally ignored. --> |
| <Class name="org.apache.coyote.http2.Http2UpgradeHandler$PingManager" /> |
| <Method name="receivePing" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED" /> |
| </Match> |
| <Match> |
| <!-- Notify is correct. Condition changed outside of this method. --> |
| <Class name="org.apache.coyote.http2.Stream" /> |
| <Or> |
| <Method name="cancelAllocationRequests" /> |
| <Method name="incrementWindowSize" /> |
| </Or> |
| <Or> |
| <Bug pattern="NN_NAKED_NOTIFY" /> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Monitor is used for a single condition. --> |
| <Class name="org.apache.coyote.http2.WindowAllocationManager" /> |
| <Method name="notify" /> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Match> |
| <Match> |
| <!-- Monitor is used for a single condition. --> |
| <Class name="org.apache.coyote.http2.WindowAllocationManager" /> |
| <Method name="waitFor" /> |
| <Bug pattern="WA_NOT_IN_LOOP" /> |
| </Match> |
| <Match> |
| <!-- Returning null is required by the EL specification --> |
| <Class name="org.apache.el.lang.ELSupport" /> |
| <Method name="coerceToBoolean"/> |
| <Bug pattern="NP_BOOLEAN_RETURN_NULL"/> |
| </Match> |
| <Match> |
| <!-- Result is negated because arguments have to be swapped --> |
| <Class name="org.apache.el.lang.ELSupport" /> |
| <Method name="compare"/> |
| <Bug pattern="RV_NEGATING_RESULT_OF_COMPARETO"/> |
| </Match> |
| <Match> |
| <!-- JspC will not be used under a security manager --> |
| <Class name="org.apache.jasper.JspC"/> |
| <Method name="initClassLoader"/> |
| <Bug code="DP" /> |
| </Match> |
| <Match> |
| <!-- Parser config is static so statics are appropriate --> |
| <Class name="org.apache.jasper.JspC"/> |
| <Method name="setValidateXml"/> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <!-- If encoding is specified it will be used, |
| otherwise platform default encoding will be used --> |
| <Class name="org.apache.jasper.JspC"/> |
| <Or> |
| <Method name="openWebxmlReader"/> |
| <Method name="openWebxmlWriter"/> |
| </Or> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- Node constructors add node to parent. Local variable is used to |
| silence an Eclipse warning --> |
| <Class name="org.apache.jasper.compiler.ELFunctionMapper"/> |
| <Method name="map"/> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Sync is not protecting these fields --> |
| <Class name="org.apache.jasper.compiler.JspConfig"/> |
| <Or> |
| <Field name="defaultDeferedSyntaxAllowedAsLiteral" /> |
| <Field name="defaultIsELIgnored" /> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC"/> |
| </Match> |
| <Match> |
| <!-- NPE is not possible --> |
| <Class name="org.apache.jasper.compiler.JspConfig"/> |
| <Method name="selectProperty"/> |
| <Bug code="NP"/> |
| </Match> |
| <Match> |
| <!-- Yes this is a dead store. This is so the IDE warning can be suppressed. |
| The object creation has side-effects so the code is required. --> |
| <Class name="org.apache.jasper.compiler.JspDocumentParser" /> |
| <Or> |
| <Method name="comment"/> |
| <Method name="processChars"/> |
| </Or> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Returning null is intentional --> |
| <Class name="org.apache.jasper.compiler.JspReader"/> |
| <Method name="indexOf"/> |
| <Bug code="NP"/> |
| </Match> |
| <Match> |
| <!-- Node constructors add node to parent. Local variable is used to |
| silence an Eclipse warning --> |
| <Class name="org.apache.jasper.compiler.Parser"/> |
| <Bug code="DLS"/> |
| </Match> |
| <Match> |
| <!-- Use of == is deliberate --> |
| <Class name="org.apache.jasper.compiler.Parser"/> |
| <Method name="parseBody"/> |
| <Bug code="ES"/> |
| </Match> |
| <Match> |
| <!-- Only base null is handled by this resolver --> |
| <Class name="org.apache.jasper.el.ELResolverImpl"/> |
| <Or> |
| <Method name="getType" /> |
| <Method name="getValue" /> |
| <Method name="isReadOnly" /> |
| <Method name="setValue" /> |
| </Or> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Array contents are not mutated --> |
| <Class name="org.apache.jasper.el.JasperELResolver"/> |
| <Field name="resolvers" /> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- base null is handled by this resolver --> |
| <Class name="org.apache.jasper.el.JasperELResolver"/> |
| <Method name="getValue" /> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is a fallback --> |
| <Class name="org.apache.jasper.runtime.JspRuntimeLibrary"/> |
| <Method name="URLEncode"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- Use of == is deliberate, String.intern() is used --> |
| <Class name="org.apache.jasper.xmlparser.XMLEncodingDetector"/> |
| <Method name="scanXMLDeclOrTextDecl"/> |
| <Bug code="ES"/> |
| </Match> |
| <Match> |
| <!-- Stream is closed in o.a.juli.ClassLoaderLogManager.readConfiguration |
| (InputStream, ClassLoader) --> |
| <Class name="org.apache.juli.ClassLoaderLogManager"/> |
| <Method name="readConfiguration"/> |
| <Bug code="OBL"/> |
| </Match> |
| <Match> |
| <!-- If encoding is specified it will be used, |
| otherwise platform default encoding will be used --> |
| <Class name="org.apache.juli.FileHandler"/> |
| <Method name="openWriter"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- As per the comment, FileSystems.getDefault() does have a |
| side-effect. --> |
| <Class name="org.apache.juli.logging.LogFactory"/> |
| <Method name="<init>"/> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" /> |
| </Match> |
| <Match> |
| <!-- Reference.equals() implementation correctly handles sub-classes --> |
| <Class name="org.apache.naming.ServiceRef" /> |
| <Pattern code="EQ_DOESNT_OVERRIDE_EQUALS" /> |
| </Match> |
| <Match> |
| <!-- Simpler to catch Exception than to create dummy implementations of the |
| necessary exception hierarchy --> |
| <Class name="org.apache.naming.factory.SendMailFactory$1" /> |
| <Method name="run" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <!-- Simpler to catch Exception than to create dummy implementations of the |
| necessary exception hierarchy --> |
| <Class name="org.apache.naming.factory.webservices.ServiceProxy" /> |
| <Method name="<init>"/> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <!-- Class name needs to start with a lower case letter in this case --> |
| <Class name="org.apache.naming.java.javaURLContextFactory" /> |
| <Bug code="Nm" /> |
| </Match> |
| <Match> |
| <!-- Utility classes used to import/export l10n strings --> |
| <!-- This code does not need to be robust --> |
| <Or> |
| <Class name="org.apache.tomcat.buildutil.translate.Export"/> |
| <Class name="org.apache.tomcat.buildutil.translate.Import"/> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Return value is never used --> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.DelegatingConnection" /> |
| <Method name="prepareStatement" /> |
| <Bug pattern="NP_NONNULL_RETURN_VIOLATION" /> |
| </Match> |
| <Match> |
| <!-- SQL is from config so is considered safe --> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory" /> |
| <Method name="initializeConnection" /> |
| <Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" /> |
| </Match> |
| <Match> |
| <!-- SQL construction is safe for validation query --> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory" /> |
| <Method name="validateConnection" /> |
| <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" /> |
| </Match> |
| <Match> |
| <!-- SQL construction is necessary for pooled statements --> |
| <Or> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementSQL" /> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithAutoGeneratedKeys" /> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithColumnIndexes" /> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithColumnNames" /> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithResultSetConcurrency" /> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithResultSetHoldability" /> |
| </Or> |
| <Method name="createStatement" /> |
| <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" /> |
| </Match> |
| <Match> |
| <!-- SQL construction is necessary for pooled statements --> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.cpdsadapter.PooledConnectionImpl" /> |
| <Method name="makeObject" /> |
| <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" /> |
| </Match> |
| <Match> |
| <!-- SQL construction is safe for validation query --> |
| <Or> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.datasources.CPDSConnectionFactory" /> |
| <Class name="org.apache.tomcat.dbcp.dbcp2.datasources.KeyedCPDSConnectionFactory" /> |
| </Or> |
| <Method name="validateObject" /> |
| <Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" /> |
| </Match> |
| <Match> |
| <!-- Pooled objects can't be null so this is OK --> |
| <Class name="org.apache.tomcat.dbcp.pool2.impl.BaseGenericObjectPool$IdentityWrapper" /> |
| <Method name="equals" /> |
| <Bug pattern="NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT" /> |
| </Match> |
| <Match> |
| <!-- Natural ordering behaviour is documented in Javadoc --> |
| <Class name="org.apache.tomcat.dbcp.pool2.impl.DefaultPooledObject" /> |
| <Bug pattern="EQ_COMPARETO_USE_OBJECT_EQUALS" /> |
| </Match> |
| <Match> |
| <!-- Increment is in sync block so it is safe. Volatile is used so reading |
| thread sees latest value. --> |
| <Class name="org.apache.tomcat.dbcp.pool2.impl.DefaultPooledObject" /> |
| <Method name="allocate" /> |
| <Bug pattern="VO_VOLATILE_INCREMENT" /> |
| </Match> |
| <Match> |
| <!-- Fields do not need to be sync'd for toString() --> |
| <Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" /> |
| <Or> |
| <Field name="createCount"/> |
| <Field name="numActive"/> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- Public API is a design decision of Commons --> |
| <Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" /> |
| <Bug pattern="PS_PUBLIC_SEMAPHORES" /> |
| </Match> |
| <Match> |
| <!-- Return value is ignored but a null result will trigger an exception --> |
| <Class name="org.apache.tomcat.jdbc.pool.ConnectionPool$ConnectionFuture" /> |
| <Method name="get" /> |
| <Bug code="RV" /> |
| </Match> |
| <Match> |
| <!-- Name shadowing is deliberate --> |
| <Or> |
| <Class name="org.apache.tomcat.jdbc.pool.DataSource" /> |
| <Class name="org.apache.tomcat.jdbc.pool.XADataSource" /> |
| </Or> |
| <Bug pattern="NM_SAME_SIMPLE_NAME_AS_INTERFACE" /> |
| </Match> |
| <Match> |
| <!-- Lock is released --> |
| <Class name="org.apache.tomcat.jdbc.pool.FairBlockingQueue" /> |
| <Method name="poll" /> |
| <Bug code="UL" /> |
| </Match> |
| <Match> |
| <!-- Use of == is deliberate --> |
| <Class name="org.apache.tomcat.jdbc.pool.JdbcInterceptor" /> |
| <Method name="compare" /> |
| <Bug code="ES" /> |
| </Match> |
| <Match> |
| <!-- Lock is released --> |
| <Class name="org.apache.tomcat.jdbc.pool.MultiLockFairBlockingQueue" /> |
| <Method name="poll" /> |
| <Bug code="UL" /> |
| </Match> |
| <Match> |
| <!-- SQL is from config so is considered safe --> |
| <Class name="org.apache.tomcat.jdbc.pool.PooledConnection" /> |
| <Method name="validate" /> |
| <Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" /> |
| </Match> |
| <Match> |
| <!-- Array elements are not mutated --> |
| <Class name="org.apache.tomcat.jdbc.pool.PoolProperties" /> |
| <Field name="interceptors" /> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- The name isn't great but it is part of the public API now --> |
| <Class name="org.apache.tomcat.jdbc.pool.TrapException" /> |
| <Bug pattern="NM_CLASS_NOT_EXCEPTION" /> |
| </Match> |
| <Match> |
| <!-- Lack of thread-safety is accepted in return for better performance. --> |
| <Class name="org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats" /> |
| <Or> |
| <Method name="add" /> |
| <Method name="failure" /> |
| <Method name="prepare" /> |
| </Or> |
| <Bug code="VO" /> |
| </Match> |
| <Match> |
| <!-- Fields are used by native code. Tomcat doesn't use them but they are |
| part of the public API. --> |
| <Class name="org.apache.tomcat.jni.Sockaddr" /> |
| <Bug pattern="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD" /> |
| </Match> |
| <Match> |
| <!-- Field is populated by JNI code --> |
| <Class name="org.apache.tomcat.jni.Sockaddr" /> |
| <Bug pattern="UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.IntrospectionUtils" /> |
| <Method name="findMethod"/> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Class name is appropriate --> |
| <Class name="org.apache.tomcat.util.bcel.classfile.CodeException"/> |
| <Bug code="Nm" /> |
| </Match> |
| <Match> |
| <!-- Field by field copy is fine for clone in this case --> |
| <Class name="org.apache.tomcat.util.bcel.classfile.StackMapType"/> |
| <Bug code="CN" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.tomcat.util.bcel.classfile.Utility"/> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- Handled by abstract base class --> |
| <Or> |
| <Class name="org.apache.tomcat.util.buf.ByteChunk"/> |
| <Class name="org.apache.tomcat.util.buf.CharChunk"/> |
| </Or> |
| <Bug pattern="HE_EQUALS_NO_HASHCODE" /> |
| </Match> |
| <Match> |
| <!-- Returning null here is fine --> |
| <Or> |
| <Class name="org.apache.tomcat.util.buf.ByteChunk"/> |
| <Class name="org.apache.tomcat.util.buf.CharChunk"/> |
| </Or> |
| <Method name="toString"/> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Returning null here is fine --> |
| <Class name="org.apache.tomcat.util.buf.MessageBytes"/> |
| <Method name="toString"/> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Whilst cache is global there may be multiple instances (one per --> |
| <!-- server so statics are appropriate --> |
| <Class name="org.apache.tomcat.util.buf.StringCache"/> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <!-- Array is only ever updated as a whole, not element by element --> |
| <Class name="org.apache.tomcat.util.buf.StringCache"/> |
| <Or> |
| <Field name="bcCache"/> |
| <Field name="ccCache"/> |
| </Or> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/> |
| </Match> |
| <Match> |
| <!-- mb.toString() can be null because |
| o.a.t.util.buf.MessageBytes.toString() can return NULL --> |
| <Class name="org.apache.tomcat.util.buf.UDecoder"/> |
| <Method name="convert"/> |
| <Bug code="RCN" /> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is a fallback --> |
| <Class name="org.apache.tomcat.util.buf.UDecoder"/> |
| <Method name="URLDecode"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- URLs used are always provided by the container so would normally be --> |
| <!-- file URLs. --> |
| <Class name="org.apache.tomcat.util.descriptor.tld.TldResourcePath" /> |
| <Or> |
| <Method name="equals" /> |
| <Method name="hashCode" /> |
| </Or> |
| <Bug pattern="DMI_BLOCKING_METHODS_ON_URL" /> |
| </Match> |
| <Match> |
| <!-- NPE is desired as it indicates an error condition --> |
| <Class name="org.apache.tomcat.util.digester.CallMethodRule"/> |
| <Method name="end"/> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <!-- Test really is for the same object rather than equality --> |
| <Class name="org.apache.tomcat.util.digester.Digester"/> |
| <Or> |
| <Method name="updateBodyText"/> |
| <Method name="updateAttributes"/> |
| </Or> |
| <Bug code="ES" /> |
| </Match> |
| <Match> |
| <!-- Write to static field is intentional --> |
| <Class name="org.apache.tomcat.util.digester.Digester"/> |
| <Method name="<init>"/> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.tomcat.util.http.LegacyCookieProcessor" /> |
| <Method name="processCookieHeader"/> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is a fallback --> |
| <Class name="org.apache.tomcat.util.http.fileupload.MultipartStream"/> |
| <Method name="readHeaders"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- Deletion failure should never happen --> |
| <Class name="org.apache.tomcat.util.http.fileupload.disk.DiskFileItem"/> |
| <Or> |
| <Method name="delete"/> |
| <Method name="finalize"/> |
| </Or> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" /> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is a fallback --> |
| <Class name="org.apache.tomcat.util.http.fileupload.disk.DiskFileItem"/> |
| <Method name="getString"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- the platform default encoding is deliberate --> |
| <Class name="org.apache.tomcat.util.http.fileupload.util.Streams"/> |
| <Method name="asString"/> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.tomcat.util.http.parser.Cookie" /> |
| <Or> |
| <Method name="logInvalidHeader"/> |
| <Method name="logInvalidVersion"/> |
| </Or> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- Reader instance always accepts -ve skip values and there is --> |
| <!-- always enough space to skip back the requested amount. --> |
| <Class name="org.apache.tomcat.util.http.parser.HttpParser" /> |
| <Or> |
| <Method name="skipConstant" /> |
| <Method name="readToken" /> |
| <Method name="readQuotedToken" /> |
| <Method name="readLhex" /> |
| </Or> |
| <Bug pattern="SR_NOT_CHECKED" /> |
| </Match> |
| <Match> |
| <!-- Generated code --> |
| <Or> |
| <Class name="org.apache.tomcat.util.json.JSONParser"/> |
| <Class name="org.apache.tomcat.util.json.JSONParserTokenManager"/> |
| <Class name="org.apache.tomcat.util.json.ParseException"/> |
| <Class name="org.apache.tomcat.util.json.TokenMgrError"/> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Hiding of field in superclass is deliberate --> |
| <Class name="org.apache.tomcat.util.modeler.NotificationInfo"/> |
| <Field name="info" /> |
| <Bug code="MF" /> |
| </Match> |
| <Match> |
| <!-- See wait() call in destroy() --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/> |
| <Method name="run"/> |
| <Bug code="NN" /> |
| </Match> |
| <Match> |
| <!-- There is only a single wait in run() when the poller is idle --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/> |
| <Or> |
| <Method name="add"/> |
| <Method name="close"/> |
| <Method name="stop"/> |
| </Or> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$Sendfile"/> |
| <Method name="run"/> |
| <Or> |
| <!-- see wait() call in destroy() --> |
| <Bug code="NN" /> |
| <!-- notify() is called from add() --> |
| <Bug code="UW" /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- There is only a single wait in run() when the poller is idle --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$Sendfile"/> |
| <Or> |
| <Method name="add"/> |
| <Method name="stop"/> |
| </Or> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Match> |
| <Match> |
| <!-- Sync is there to protect referenced object not field --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$SocketEventProcessor"/> |
| <Method name="run"/> |
| <Bug code="ML" /> |
| </Match> |
| <Match> |
| <!-- Modifications to SocketLists are always protected by syncs --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$SocketList"/> |
| <Or> |
| <Method name="add"/> |
| <Method name="remove"/> |
| </Or> |
| <Bug pattern="VO_VOLATILE_INCREMENT"/> |
| </Match> |
| <Match> |
| <!-- Object is only ever set to null, sync therefore is still valid --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$SocketProcessor"/> |
| <Method name="run"/> |
| <Bug code="ML"/> |
| </Match> |
| <Match> |
| <!-- Sync is there to protect referenced object not field --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor"/> |
| <Method name="run"/> |
| <Bug code="ML" /> |
| </Match> |
| <Match> |
| <!-- Sync is on closed to ensure that actions taken because the socket --> |
| <!-- open remain valid until the action is completed. --> |
| <Class name="org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper"/> |
| <Field name="closed"/> |
| <Bug pattern="JLM_JSR166_UTILCONCURRENT_MONITORENTER"/> |
| </Match> |
| <Match> |
| <!-- Return value is ignored at this point but logic further up call --> |
| <!-- stack will ensure that a SocketTimeoutException is thrown --> |
| <Class name="org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper"/> |
| <Method name="awaitLatch"/> |
| <Bug code="RV"/> |
| </Match> |
| <Match> |
| <!-- Object is only ever set to null, sync therefore is still valid --> |
| <Or> |
| <Class name="org.apache.tomcat.util.net.NioEndpoint$SocketProcessor"/> |
| <Class name="org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor"/> |
| </Or> |
| <Method name="run"/> |
| <Bug code="ML"/> |
| </Match> |
| <Match> |
| <!-- Single condition so no need for wait to be in loop --> |
| <Class name="org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper"/> |
| <Or> |
| <Method name="read"/> |
| <Method name="write"/> |
| </Or> |
| <Bug pattern="WA_NOT_IN_LOOP" /> |
| </Match> |
| <Match> |
| <!-- Single wait so no need for notifyAll() --> |
| <Class name="org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler"/> |
| <Or> |
| <Method name="completed"/> |
| <Method name="failed"/> |
| </Or> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL " /> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.net.SecureNioChannel"/> |
| <Method name="rehandshake"/> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.tomcat.util.net.SecureNioChannel" /> |
| <Method name="processSNI"/> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.tomcat.util.net.SecureNio2Channel" /> |
| <Method name="processSNI"/> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- Single condition so fine --> |
| <Class name="org.apache.tomcat.util.net.SocketWrapperBase" /> |
| <Method name="vectoredOperation"/> |
| <Bug pattern="WA_NOT_IN_LOOP" /> |
| </Match> |
| <Match> |
| <!-- Single condition so notify is fine --> |
| <Class name="org.apache.tomcat.util.net.SocketWrapperBase$VectoredIOCompletionHandler" /> |
| <Or> |
| <Method name="completed"/> |
| <Method name="failed"/> |
| </Or> |
| <Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" /> |
| </Match> |
| <Match> |
| <!-- Stream will be closed --> |
| <Class name="org.apache.tomcat.util.net.jsse.PEMFile" /> |
| <Method name="<init>" /> |
| <Pattern name="OS_OPEN_STREAM" /> |
| </Match> |
| <Match> |
| <!-- Array elements are not modified after assignment --> |
| <Class name="org.apache.tomcat.util.net.openssl.OpenSSLEngine" /> |
| <Or> |
| <Field name="peerCerts"/> |
| <Field name="x509PeerCerts"/> |
| </Or> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| <Match> |
| <!-- No performance issue as there is no DNS resolution --> |
| <Class name="org.apache.tomcat.util.scan.StandardJarScanner" /> |
| <Bug pattern="DMI_COLLECTION_OF_URLS" /> |
| </Match> |
| <Match> |
| <!-- Yes the simple name is the same as the super class. Accept it. --> |
| <Class name="org.apache.tomcat.util.threads.ThreadPoolExecutor" /> |
| <Bug code="Nm" /> |
| </Match> |
| <Match> |
| <!-- Monitor is used for a single condition. No need for loop. --> |
| <Class name="org.apache.tomcat.util.threads.InlineExecutorService" /> |
| <Method name="awaitTermination" /> |
| <Bug pattern="WA_NOT_IN_LOOP" /> |
| </Match> |
| <Match> |
| <!-- Object creation will trigger input processing. --> |
| <Class name="org.apache.tomcat.websocket.WsWebSocketContainer" /> |
| <Method name="connectToServer" /> |
| <Bug code="DLS" /> |
| </Match> |
| <Match> |
| <!-- Fall-through expected --> |
| <Class name="org.apache.tomcat.websocket.server.WsHttpUpgradeHandler" /> |
| <Method name="upgradeDispatch"/> |
| <Bug code="SF" /> |
| </Match> |
| <Match> |
| <!-- The array contents is never mutated. --> |
| <Class name="org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer" /> |
| <Field name="buffers" /> |
| <Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" /> |
| </Match> |
| |
| <!-- Example code --> |
| <Match> |
| <!-- FindBugs assumes the container uses the values as is. Tomcat validates |
| them and escapes them as necessary to ensure they are safe. --> |
| <Class name="CookieExample" /> |
| <Method name="doGet" /> |
| <Bug code="HRS" /> |
| </Match> |
| <Match> |
| <!-- Not really unused as it registers itself during construction --> |
| <Class name="nonblocking.ByteCounter" /> |
| <Method name="doPost" /> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE" /> |
| </Match> |
| <Match> |
| <!-- Not really unused as it registers itself during construction --> |
| <Class name="nonblocking.NumberWriter" /> |
| <Method name="doGet" /> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE" /> |
| </Match> |
| |
| |
| <!-- Generated code --> |
| <Match> |
| <Or> |
| <Class name="org.apache.el.parser.AstFloatingPoint" /> |
| <Class name="org.apache.el.parser.AstFunction" /> |
| <Class name="org.apache.el.parser.AstInteger" /> |
| <Class name="org.apache.el.parser.AstNegative" /> |
| <Class name="org.apache.el.parser.AstValue" /> |
| <Class name="org.apache.el.parser.ELParser" /> |
| <Class name="org.apache.el.parser.ELParserConstants" /> |
| <Class name="org.apache.el.parser.ELParserTokenManager" /> |
| <Class name="org.apache.el.parser.ELParserTreeConstants" /> |
| <Class name="org.apache.el.parser.ParseException" /> |
| <Class name="org.apache.el.parser.SimpleCharStream" /> |
| <Class name="org.apache.el.parser.TokenMgrError" /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- fCurrentEntity may be null after endEntity() call --> |
| <Class name="org.apache.jasper.xmlparser.XMLEncodingDetector" /> |
| <Method name="load" /> |
| <Bug code="RCN" /> |
| </Match> |
| |
| |
| <!-- Test code --> |
| <Match> |
| <!-- Code is deliberately unused --> |
| <Class name="javax.el.TestImportHandler" /> |
| <Method name="testImportPackage01_57574"/> |
| <Bug pattern="UC_USELESS_OBJECT"/> |
| </Match> |
| <Match> |
| <!-- Code is deliberately unused --> |
| <Or> |
| <Class name="javax.servlet.http.TestCookie" /> |
| <Class name="javax.servlet.http.TestCookieStrict" /> |
| </Or> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Name is consistent in context --> |
| <Class name="javax.servlet.http.TestHttpServletResponseSendError$ErrorServletStaticException" /> |
| <Bug pattern="NM_CLASS_NOT_EXCEPTION"/> |
| </Match> |
| <Match> |
| <!-- Code is intentionally unused --> |
| <Class name="org.apache.catalina.authenticator.TestBasicAuthParser"/> |
| <Or> |
| <Method name="testAuthMethodBadMethod"/> |
| <Method name="testBadBase64Char"/> |
| <Method name="testBadBase64InlineEquals"/> |
| </Or> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.connector.TestCoyoteAdapter$AsyncServlet"/> |
| <Field name="t"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Container handles close --> |
| <Class name="org.apache.catalina.connector.TestOutputBuffer$WritingServlet"/> |
| <Method name="doGet"/> |
| <Bug pattern="OS_OPEN_STREAM"/> |
| </Match> |
| <Match> |
| <!-- ByteChunk.toString() can return null --> |
| <Class name="org.apache.catalina.connector.TestRequest"/> |
| <Method name="doBug56501"/> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/> |
| </Match> |
| <Match> |
| <!-- Return value of latch is intentionally ignored --> |
| <Class name="org.apache.catalina.connector.TestSendFile"/> |
| <Method name="testBug60409"/> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.core.TestApplicationSessionCookieConfig$CustomContext" /> |
| <Method name="getState"/> |
| <Bug code="UG" /> |
| </Match> |
| <Match> |
| <!-- Dead store is deliberate --> |
| <Or> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$AsyncDispatchUrlWithSpacesServlet"/> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$ForwardDispatchUrlWithSpacesServlet"/> |
| </Or> |
| <Method name="doGet"/> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Or> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$Bug49528Servlet"/> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$Bug49567Servlet"/> |
| </Or> |
| <Field name="result"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$Bug53843ServletA"/> |
| <Field name="isAsyncWhenExpected"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$AsyncIoEndServlet"/> |
| <Field name="asyncIoEndWriteListener"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.core.TestAsyncContextImpl$AsyncISEServlet"/> |
| <Field name="asyncContext"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate use of run() for the purposes of the test --> |
| <Class name="org.apache.catalina.core.TestAsyncContextStateChanges$AsyncServlet"/> |
| <Method name="doGet"/> |
| <Bug pattern="RU_INVOKE_RUN"/> |
| </Match> |
| <Match> |
| <!-- Hard-coded absolute path is intentional --> |
| <Class name="org.apache.catalina.core.TestStandardContext"/> |
| <Method name="testBug57556b"/> |
| <Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.core.TestStandardContext$Bug51376Servlet"/> |
| <Field name="destroyOk"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- ByteChunk.toString() can return null --> |
| <Class name="org.apache.catalina.core.TestStandardContextAliases"/> |
| <Method name="testDirContextAliases"/> |
| <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.filters.TestRemoteIpFilter$MockHttpServlet"/> |
| <Field name="request"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Return value of latch is intentionally ignored --> |
| <Class name="org.apache.catalina.nonblocking.TestNonBlockingAPI"/> |
| <Method name="testDelayedNBWrite"/> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.nonblocking.TestNonBlockingAPI$NBReadServlet"/> |
| <Filed name="listener"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Return value of read is intentionally ignored --> |
| <Class name="org.apache.catalina.nonblocking.TestNonBlockingAPI$NBReadWithDispatchServlet$1"/> |
| <Method name="onDataAvailable"/> |
| <Bug pattern="RR_NOT_CHECKED"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.startup.TesterServletWithAnnotations"/> |
| <Or> |
| <Field name="envEntry2"/> |
| <Field name="envEntry3"/> |
| <Field name="envEntry4"/> |
| <Field name="envEntry6"/> |
| </Or> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.startup.TesterServletWithLifeCycleMethods"/> |
| <Field name="result"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <Or> |
| <Class name="org.apache.catalina.startup.TestListener$SCL" /> |
| <Class name="org.apache.catalina.startup.TestListener$SCL3" /> |
| </Or> |
| <Method name="contextInitialized" /> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.startup.TestTomcatClassLoader$ClassLoaderReport"/> |
| <Bug code="Se"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.startup.TestTomcat$CustomContextConfig"/> |
| <Field name="used"/> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/> |
| </Match> |
| <Match> |
| <!-- Test code - array is safe --> |
| <Class name="org.apache.catalina.startup.TomcatBaseTest"/> |
| <Field name="booleans"/> |
| <Bug pattern="MS_MUTABLE_ARRAY"/> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.EchoRpcTest" /> |
| <Method name="run"/> |
| <Bug code="REC" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.EchoRpcTest$SystemExit" /> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.IntrospectionUtils" /> |
| <Method name="findMethod"/> |
| <Bug code="NP" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.LoadTest" /> |
| <Method name="memberAdded"/> |
| <Bug code="NN" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.LoadTest" /> |
| <Method name="run"/> |
| <Or> |
| <Bug code="REC" /> |
| <Bug code="UW" /> |
| </Or> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.LoadTest$SystemExit" /> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.demos.MapDemo$SystemExit" /> |
| <Bug code="Dm" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.channel.TestChannelOptionFlag" /> |
| <Method name="tearDown" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.channel.TestChannelStartStop" /> |
| <Method name="tearDown" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.channel.TestChannelStartStop" /> |
| <Method name="testDoublePartialStart" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.channel.TestChannelStartStop" /> |
| <Method name="testFalseOption" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.channel.TestRemoteProcessException" /> |
| <Bug code="Nm" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.interceptors.TestNonBlockingCoordinator" /> |
| <Method name="testCoord1" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.membership.TestTcpFailureDetector" /> |
| <Method name="tearDown" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.transport.SocketReceive$1" /> |
| <Method name="run" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.transport.SocketTribesReceive$1" /> |
| <Method name="run" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.transport.SocketTribesReceive" /> |
| <Method name="main" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.catalina.tribes.test.transport.SocketValidateReceive$1" /> |
| <Method name="run" /> |
| <Bug code="DE" /> |
| </Match> |
| <Match> |
| <!-- Concrete Map type not affected --> |
| <Class name="org.apache.catalina.util.TestParameterMap" /> |
| <Method name="testEntrySetImmutabilityAfterLocked" /> |
| <Bug pattern="DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS" /> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.catalina.valves.TestStuckThreadDetectionValve$StickingServlet"/> |
| <Field name="wasInterrupted"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Code is deliberately unused --> |
| <Or> |
| <Class name="org.apache.catalina.webresources.AbstractTestFileResourceSet" /> |
| <Class name="org.apache.catalina.webresources.TestDirResourceSet" /> |
| <Class name="org.apache.catalina.webresources.TestJarResourceSet" /> |
| <Class name="org.apache.catalina.webresources.TestJarResourceSetInternal" /> |
| </Or> |
| <Method name="testNoArgConstructor" /> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Return value ignored as this is a performance test --> |
| <Class name="org.apache.catalina.webresources.TestAbstractFileResourceSetPerformance" /> |
| <Method name="testFileNameFiltering" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"/> |
| </Match> |
| <Match> |
| <!-- Use of hard-coded path is deliberate --> |
| <Class name="org.apache.catalina.webresources.TestStandardRoot" /> |
| <Method name="<clinit>" /> |
| <Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.coyote.http11.filters.TestChunkedInputFilter$BodyReadServlet"/> |
| <Or> |
| <Field name="countRead"/> |
| <Field name="exceptionDuringRead"/> |
| </Or> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.coyote.http11.filters.TestChunkedInputFilter$EchoHeaderServlet"/> |
| <Field name="exceptionDuringRead"/> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.coyote.http11.TestHttp11Processor"/> |
| <Field name="bug55772IsSecondRequest"/> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/> |
| </Match> |
| <Match> |
| <!-- Latch isn't essential so no need to check return --> |
| <Class name="org.apache.coyote.http2.TestAsyncTimeout"/> |
| <Method name="testTimeout"/> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED"/> |
| </Match> |
| <Match> |
| <!-- Result is negated to compare result when order is reversed --> |
| <Class name="org.apache.el.TestELEvaluation" /> |
| <Method name="compareBoth" /> |
| <Bug pattern="RV_NEGATING_RESULT_OF_COMPARETO" /> |
| </Match> |
| <Match> |
| <!-- Performance test so results ignored --> |
| <Class name="org.apache.jasper.compiler.TesterValidator" /> |
| <Method name="doTestBug53867" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" /> |
| </Match> |
| <Match> |
| <!-- Test is single threaded. Syncs not required. --> |
| <Class name="org.apache.jasper.util.FastRemovalDequeue" /> |
| <Or> |
| <Field name="first" /> |
| <Field name="last" /> |
| </Or> |
| <Bug pattern="IS2_INCONSISTENT_SYNC" /> |
| </Match> |
| <Match> |
| <!-- Field set via injection--> |
| <Class name="org.apache.naming.TesterInjectionServlet" /> |
| <Or> |
| <Field name="property1" /> |
| <Field name="property3" /> |
| </Or> |
| <Bug pattern="UWF_NULL_FIELD" /> |
| </Match> |
| <Match> |
| <!-- Deliberate hack for the purposes of the test --> |
| <Class name="org.apache.naming.TesterInjectionServlet" /> |
| <Or> |
| <Field name="property2"/> |
| <Field name="property2a"/> |
| </Or> |
| <Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/> |
| </Match> |
| <Match> |
| <!-- Use of statics is unavoidable in all cases --> |
| <!-- Better to use it consistently rather than only where necessary --> |
| <Class name="org.apache.tomcat.jdbc.pool.interceptor.TestInterceptor" /> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <!-- The name shadowing is deliberate --> |
| <Or> |
| <Class name="org.apache.tomcat.jdbc.test.driver.Connection" /> |
| <Class name="org.apache.tomcat.jdbc.test.driver.Driver" /> |
| <Class name="org.apache.tomcat.jdbc.test.driver.ResultSet" /> |
| </Or> |
| <Bug pattern="NM_SAME_SIMPLE_NAME_AS_INTERFACE" /> |
| </Match> |
| <Match> |
| <!-- The call with the ignored return value is used to ensure the pool --> |
| <!-- thinks the connection is being used. --> |
| <Class name="org.apache.tomcat.jdbc.test.AbandonPercentageTest" /> |
| <Method name="testResetConnection" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED" /> |
| </Match> |
| <Match> |
| <!-- A number of the tests incude performance tests --> |
| <Class name="org.apache.tomcat.jdbc.test.DefaultTestCase" /> |
| <Method name="tearDown" /> |
| <Bug pattern="DM_GC" /> |
| </Match> |
| <Match> |
| <!-- Test does not explicitly close statement deliberately --> |
| <Class name="org.apache.tomcat.jdbc.test.StatementFinalizerTest" /> |
| <Method name="testStatementFinalization" /> |
| <Bug pattern="ODR_OPEN_DATABASE_RESOURCE"/> |
| </Match> |
| <Match> |
| <!-- Choice of name is deliberate --> |
| <Class name="org.apache.tomcat.jdbc.test.TestException" /> |
| <Bug pattern="NM_CLASS_NOT_EXCEPTION" /> |
| </Match> |
| <Match> |
| <!-- Testing auto-close so connections not explicitly closed --> |
| <Class name="org.apache.tomcat.jdbc.test.TestGCClose" /> |
| <Or> |
| <Method name="testGCStop" /> |
| <Method name="testClose" /> |
| </Or> |
| <Bug pattern="ODR_OPEN_DATABASE_RESOURCE" /> |
| </Match> |
| <Match> |
| <!-- SQL is from config so is considered safe --> |
| <Class name="org.apache.tomcat.jdbc.test.TestSlowQueryReport" /> |
| <Method name="testFastSql" /> |
| <Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" /> |
| </Match> |
| <Match> |
| <!-- Use of static is unavoidable --> |
| <Class name="org.apache.tomcat.jdbc.test.TestStatementCache" /> |
| <Method name="tearDown" /> |
| <Bug code="ST" /> |
| </Match> |
| <Match> |
| <!-- SQL is from generated in test code so is considered safe --> |
| <Class name="org.apache.tomcat.jdbc.test.TestStatementCache" /> |
| <Method name="testMaxCacheSize" /> |
| <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" /> |
| </Match> |
| <Match> |
| <!-- Tests throw exceptions so connections are never created --> |
| <Class name="org.apache.tomcat.jdbc.test.TestValidationQueryTimeout" /> |
| <Or> |
| <Method name="testValidationQueryTimeoutOnConnection" /> |
| <Method name="testValidationInvalidOnConnection" /> |
| <Method name="testValidationQueryTimeoutOnBorrow" /> |
| </Or> |
| <Bug pattern="ODR_OPEN_DATABASE_RESOURCE" /> |
| </Match> |
| <Match> |
| <!-- Statics used to work around API limitations --> |
| <Class name="org.apache.tomcat.jdbc.test.TestValidationQueryTimeout" /> |
| <Field name="isTimeoutSet" /> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.jdbc.test.TwoDataSources" /> |
| <Method name="testTwoDataSources" /> |
| <Or> |
| <!-- The object creation should fail --> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED" /> |
| <!-- The connection should be close by the pool --> |
| <Bug pattern="ODR_OPEN_DATABASE_RESOURCE" /> |
| </Or> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.http.TestCookieParsing$EchoCookieHeader"/> |
| <Method name="service"/> |
| <Bug pattern="XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER"/> |
| </Match> |
| <Match> |
| <!-- No performance issue as there is no DNS resolution --> |
| <Class name="org.apache.tomcat.util.bcel.TesterPerformance" /> |
| <Method name="testClassParserPerformance" /> |
| <Bug pattern="DMI_COLLECTION_OF_URLS" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.net.TestSsl" /> |
| <Or> |
| <Method name="testRenegotiateFail" /> |
| <Method name="testRenegotiateWorks" /> |
| </Or> |
| <Bug code="RR" /> |
| </Match> |
| <Match> |
| <!-- Path is designed to test edge cases and does not have to exist--> |
| <Class name="org.apache.tomcat.util.buf.TesterUriUtilBase" /> |
| <Or> |
| <Method name="testBuildJarUrl01"/> |
| <Method name="testBuildJarUrl02"/> |
| <Method name="testBuildJarUrl03"/> |
| <Method name="performanceTestBuildJarUrl"/> |
| </Or> |
| <Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/> |
| </Match> |
| <Match> |
| <!-- Return value ignored as this is a performance test --> |
| <Class name="org.apache.tomcat.util.http.parser.TesterParserPerformance" /> |
| <Or> |
| <Method name="doLookupTest" /> |
| <Method name="doLookupTestCheck" /> |
| </Or> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" /> |
| </Match> |
| <Match> |
| <!-- Object not used as this is a performance test --> |
| <Class name="org.apache.tomcat.util.http.TesterParametersPerformance" /> |
| <Method name="doCreateString" /> |
| <Bug pattern="UC_USELESS_OBJECT" /> |
| </Match> |
| <Match> |
| <!-- Return value ignored because an exception is expected --> |
| <Class name="org.apache.tomcat.util.net.TestTLSClientHelloExtractor" /> |
| <Method name="doTestInputMalformed" /> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" /> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.threads.TestLimitLatch" /> |
| <Or> |
| <Method name="waitForThreadToStop" /> |
| <Method name="testTenWait" /> |
| </Or> |
| <Bug pattern="NN_NAKED_NOTIFY " /> |
| </Match> |
| <Match> |
| <Class name="org.apache.tomcat.util.threads.TestLimitLatch$TestThread" /> |
| <Method name="run" /> |
| <Or> |
| <Bug pattern="WA_NOT_IN_LOOP" /> |
| <Bug pattern="UW_UNCOND_WAIT " /> |
| </Or> |
| </Match> |
| <Match> |
| <!-- Return value of latch is intentionally ignored --> |
| <Or> |
| <Class name="org.apache.tomcat.websocket.TestWebSocketFrameClient"/> |
| <Class name="org.apache.tomcat.websocket.TestWebSocketFrameClientSSL"/> |
| </Or> |
| <Method name="testConnectToServerEndpoint"/> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED"/> |
| </Match> |
| <Match> |
| <!-- Statics are used deliberately as they are simpler --> |
| <Class name="org.apache.tomcat.websocket.server.TestClose" /> |
| <Method name="setUp" /> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/> |
| </Match> |
| <Match> |
| <!-- Statics are used deliberately as they are simpler --> |
| <Class name="org.apache.tomcat.websocket.TestWsSubprotocols$SubProtocolsEndpoint" /> |
| <Field name="subprotocols" /> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/> |
| </Match> |
| <Match> |
| <!-- Statics are used deliberately as they are simpler --> |
| <Class name="org.apache.tomcat.websocket.TestWsWebSocketContainer$ConstantTxEndpoint" /> |
| <Or> |
| <Field name="exception" /> |
| <Field name="running" /> |
| <Field name="timeout" /> |
| </Or> |
| <Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/> |
| </Match> |
| <Match> |
| <!-- Code is deliberately unused --> |
| <Class name="org.apache.tomcat.websocket.server.TestUriTemplate" /> |
| <Or> |
| <Method name="testBasicPrefix" /> |
| <Method name="testDuplicate01" /> |
| <Method name="testEgMailingList04" /> |
| <Method name="testEgMailingList05" /> |
| <Method name="testQuote2" /> |
| </Or> |
| <Bug pattern="DLS_DEAD_LOCAL_STORE"/> |
| </Match> |
| <Match> |
| <!-- Exception thrown so return value ignored --> |
| <Class name="org.apache.tomcat.websocket.server.TestUriTemplate" /> |
| <Or> |
| <Method name="testPrefixOneOfTwo" /> |
| <Method name="testPrefixTwoOfTwo" /> |
| <Method name="testQuote1" /> |
| </Or> |
| <Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"/> |
| </Match> |
| </FindBugsFilter> |