2104 lines
72 KiB
XML
2104 lines
72 KiB
XML
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
<FindBugsFilter>
|
|
<!-- Considered to be false positives -->
|
|
<Match>
|
|
<!-- Only base null is handled by this resolver -->
|
|
<Class name="javax.el.BeanNameELResolver"/>
|
|
<Or>
|
|
<Method name="getType" />
|
|
<Method name="getValue" />
|
|
<Method name="isReadOnly" />
|
|
<Method name="setValue" />
|
|
</Or>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Ignoring IOException on InputStream close -->
|
|
<Class name="javax.el.ExpressionFactory" />
|
|
<Method name="getClassNameServices" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Only base null is handled by this resolver -->
|
|
<Class name="javax.servlet.jsp.el.ImplicitObjectELResolver"/>
|
|
<Or>
|
|
<Method name="getType" />
|
|
<Method name="getValue" />
|
|
<Method name="isReadOnly" />
|
|
<Method name="setValue" />
|
|
</Or>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Only base null is handled by this resolver -->
|
|
<Class name="javax.servlet.jsp.el.ScopedAttributeELResolver"/>
|
|
<Or>
|
|
<Method name="getType" />
|
|
<Method name="getValue" />
|
|
<Method name="isReadOnly" />
|
|
<Method name="setValue" />
|
|
</Or>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Ignore: Expected if not running on Tomcat. Not a problem since
|
|
this just allows a short-cut. -->
|
|
<Class name="javax.servlet.jsp.el.ScopedAttributeELResolver" />
|
|
<Method name="<clinit>" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Cannot do anything about this. API is fixed by the specification. -->
|
|
<Class name="javax.servlet.jsp.tagext.TagData"/>
|
|
<Bug code="CN" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="javax.servlet.jsp.el.ImplicitObjectELResolver$ScopeMap$ScopeEntry"/>
|
|
<Method name="equals"/>
|
|
<Bug code="Eq" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Yes the simple name is the same as the super class. Accept it. -->
|
|
<Class name="org.apache.catalina.Executor" />
|
|
<Bug code="Nm" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.ant.AbstractCatalinaTask"/>
|
|
<Method name="execute"/>
|
|
<Bug code="REC"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.ant.jmx.JMXAccessorConditionBase"/>
|
|
<Method name="accessJMXValue"/>
|
|
<Bug code="REC"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.authenticator.AuthenticatorBase"/>
|
|
<Field name="sessionIdGenerator"/>
|
|
<Bug code="IS"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getCoyoteRequest().getRemoteUser() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.authenticator.AuthenticatorBase"/>
|
|
<Method name="checkForCachedAuthentication"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getQueryString() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.authenticator.DigestAuthenticator$DigestInfo"/>
|
|
<Method name="validate"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Method is synchronized therefore not an issue -->
|
|
<Class name="org.apache.catalina.authenticator.DigestAuthenticator$NonceInfo"/>
|
|
<Bug code="VO"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getPathInfo(), request.getDecodedRequestURI() can return null
|
|
because o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.authenticator.FormAuthenticator"/>
|
|
<Or>
|
|
<Method name="authenticate"/>
|
|
<Method name="matchRequest"/>
|
|
</Or>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- False positive. It is lifecycle state that is being protected -->
|
|
<Class name="org.apache.catalina.authenticator.SingleSignOn" />
|
|
<Field name="engine" />
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- req.getRemoteUser(), req.getAuthType(), request.getQueryString() can
|
|
return null because o.a.t.util.buf.MessageBytes.toString() can return NULL
|
|
-->
|
|
<Class name="org.apache.catalina.connector.CoyoteAdapter"/>
|
|
<Or>
|
|
<Method name="doConnectorAuthenticationAuthorization"/>
|
|
<Method name="postParseRequest"/>
|
|
</Or>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.connector.CoyoteReader"/>
|
|
<Method name="readLine"/>
|
|
<Bug code="RR"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getPathInfo(), scookie.getDomain() can return null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.connector.Request"/>
|
|
<Or>
|
|
<Method name="getRequestDispatcher"/>
|
|
<Method name="getPathTranslated"/>
|
|
<Method name="convertCookies"/>
|
|
</Or>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is a fallback when calculating the
|
|
length of the string -->
|
|
<Class name="org.apache.catalina.connector.Request"/>
|
|
<Method name="parseParts"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- JNI library can only be loaded once so statics are appropriate -->
|
|
<Class name="org.apache.catalina.core.AprLifecycleListener" />
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getQueryString() can return null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.core.AsyncContextImpl"/>
|
|
<Method name="logDebug"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Exception caught deliberately -->
|
|
<Class name="org.apache.catalina.core.NamingContextListener" />
|
|
<Method name="constructEnvEntry" />
|
|
<Bug pattern="REC_CATCH_EXCEPTION" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Code uses same approach as CopyOnWriteArrayList -->
|
|
<Class name="org.apache.catalina.core.StandardContext" />
|
|
<Field name="constraints" />
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is for lifecycle state, not CookieProcessor -->
|
|
<Class name="org.apache.catalina.core.StandardContext" />
|
|
<Field name="cookieProcessor" />
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Calling sleep while holding a lock is deliberate -->
|
|
<Class name="org.apache.catalina.core.StandardContext" />
|
|
<Method name="stopInternal" />
|
|
<Bug pattern="SWL_SLEEP_WITH_LOCK_HELD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Have to trigger GC for leak detection to work. Clearly documented -->
|
|
<Class name="org.apache.catalina.core.StandardHost" />
|
|
<Method name="findReloadedContextMemoryLeaks" />
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync not targeting these fields -->
|
|
<Class name="org.apache.catalina.core.StandardWrapper" />
|
|
<Or>
|
|
<Field name="multipartConfigElement" />
|
|
<Field name="servletClass" />
|
|
<Field name="swallowOutput" />
|
|
<Field name="unloadDelay" />
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- There is only a single wait condition -->
|
|
<Class name="org.apache.catalina.core.StandardWrapper" />
|
|
<Method name="deallocate" />
|
|
<Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sleep is of short duration and lock is required -->
|
|
<Class name="org.apache.catalina.core.StandardWrapper" />
|
|
<Method name="unload" />
|
|
<Bug code="SWL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- null return value is documented -->
|
|
<Class name="org.apache.catalina.core.StandardWrapper" />
|
|
<Method name="isSingleThreadModel" />
|
|
<Bug pattern="NP_BOOLEAN_RETURN_NULL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The code is adding HTTP request headers, not parameters and the
|
|
header parsing on input will have removed any CR or LF characters. -->
|
|
<Class name="org.apache.catalina.filters.CorsFilter" />
|
|
<Method name="addStandardHeaders" />
|
|
<Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
|
|
</Match>
|
|
<Match>
|
|
<!-- ParseException is ignored in loop but handled afterwards if all formats failed -->
|
|
<Class name="org.apache.catalina.filters.RemoteIpFilter$XForwardedRequest" />
|
|
<Method name="getDateHeader" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- False positive. It is lifecycle state that is being protected -->
|
|
<Class name="org.apache.catalina.ha.authenticator.ClusterSingleSignOn" />
|
|
<Field name="cluster" />
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- shost will not be null in normal usage -->
|
|
<Class name="org.apache.catalina.ha.backend.CollectedInfo" />
|
|
<Method name="init" />
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Ignore IOException when closing input/output streams in cleanup -->
|
|
<Class name="org.apache.catalina.ha.deploy.FileMessageFactory" />
|
|
<Method name="cleanup" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Ignore exceptions from Thread.sleep() -->
|
|
<Class name="org.apache.catalina.ha.session.DeltaManager" />
|
|
<Or>
|
|
<Method name="handleGET_ALL_SESSIONS" />
|
|
<Method name="waitForSendAllSessions" />
|
|
</Or>
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- False positive caused by additional method syncs -->
|
|
<Class name="org.apache.catalina.ha.session.DeltaManager" />
|
|
<Field name="receiverQueue" />
|
|
<Pattern code="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- False positive caused by method syncs -->
|
|
<Class name="org.apache.catalina.ha.session.JvmRouteBinderValve" />
|
|
<Field name="cluster" />
|
|
<Pattern code="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Design choice to reduce need for syncs -->
|
|
<Class name="org.apache.catalina.ha.tcp.ReplicationValve" />
|
|
<Or>
|
|
<Field name="nrOfCrossContextSendRequests" />
|
|
<Field name="nrOfFilterRequests" />
|
|
<Field name="nrOfRequests" />
|
|
<Field name="nrOfSendRequests" />
|
|
</Or>
|
|
<Pattern code="VO_VOLATILE_INCREMENT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Field is only modified during Servlet load -->
|
|
<Class name="org.apache.catalina.manager.host.HostManagerServlet" />
|
|
<Bug code="MSF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Catching exception is simpler than handling all the individual ones -->
|
|
<Class name="org.apache.catalina.manager.util.SessionUtils" />
|
|
<Method name="guessLocaleFromSession" />
|
|
<Bug code="REC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The fields are only set in setWrapper() which Tomcat calls once during
|
|
initialisation. All other accesses are reads. -->
|
|
<Class name="org.apache.catalina.manager.ManagerServlet" />
|
|
<Or>
|
|
<Field name="context" />
|
|
<Field name="host" />
|
|
<Field name="mBeanServer" />
|
|
<Field name="oname" />
|
|
<Field name="wrapper" />
|
|
</Or>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The array contents is never mutated. -->
|
|
<Class name="org.apache.catalina.mapper.Mapper" />
|
|
<Field name="hosts" />
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The array contents is never mutated. -->
|
|
<Class name="org.apache.catalina.mapper.Mapper$MappedContext" />
|
|
<Field name="versions" />
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Object is used via side-effect of creation. -->
|
|
<Class name="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" />
|
|
<Method name="createServer" />
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL construction is safe since it is from trusted config -->
|
|
<Or>
|
|
<Class name="org.apache.catalina.realm.DataSourceRealm" />
|
|
<Class name="org.apache.catalina.realm.JDBCRealm" />
|
|
</Or>
|
|
<Or>
|
|
<Method name="credentials" />
|
|
<Method name="getPassword" />
|
|
<Method name="getRoles" />
|
|
<Method name="roles" />
|
|
</Or>
|
|
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.realm.JDBCRealm" />
|
|
<Field name="containerLog" />
|
|
<Bug code="IS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is protecting preparedRoles, not these fields -->
|
|
<Class name="org.apache.catalina.realm.JDBCRealm" />
|
|
<Or>
|
|
<Field name="roleNameCol" />
|
|
<Field name="userRoleTable" />
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC " />
|
|
</Match>
|
|
<Match>
|
|
<!-- roles will be initialized in addAttributeValues -->
|
|
<Class name="org.apache.catalina.realm.JNDIRealm" />
|
|
<Or>
|
|
<Method name="getUserByPattern" />
|
|
<Method name="getUserBySearch" />
|
|
</Or>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is protecting authenticate90, not this field -->
|
|
<Class name="org.apache.catalina.realm.JNDIRealm" />
|
|
<Field name="userPatternFormatArray" />
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC " />
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getRequestPathMB(), request.getQueryString() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.realm.RealmBase"/>
|
|
<Or>
|
|
<Method name="findSecurityConstraints"/>
|
|
<Method name="hasUserDataPermission"/>
|
|
</Or>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.realm.RealmBase"/>
|
|
<Method name="Digest"/>
|
|
<Or>
|
|
<!-- If encoding is specified it will be used,
|
|
otherwise platform default encoding will be used -->
|
|
<Bug code="Dm" />
|
|
<!-- Method has been deprecated -->
|
|
<Bug pattern="NM_METHOD_NAMING_CONVENTION" />
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<!-- Name shadowing is intentional -->
|
|
<Or>
|
|
<Class name="org.apache.catalina.servlet4preview.AsyncContext"/>
|
|
<Class name="org.apache.catalina.servlet4preview.RequestDispatcher"/>
|
|
<Class name="org.apache.catalina.servlet4preview.ServletContext"/>
|
|
<Class name="org.apache.catalina.servlet4preview.http.HttpServletRequest"/>
|
|
</Or>
|
|
<Bug pattern="NM_SAME_SIMPLE_NAME_AS_INTERFACE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Name shadowing is intentional -->
|
|
<Class name="org.apache.catalina.servlet4preview.http.HttpServletRequestWrapper"/>
|
|
<Bug pattern="NM_SAME_SIMPLE_NAME_AS_SUPERCLASS"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- The header value is safe -->
|
|
<Class name="org.apache.catalina.servlets.DefaultServlet" />
|
|
<Method name="doDirectoryRedirect" />
|
|
<Bug pattern="HRS_REQUEST_PARAMETER_TO_HTTP_HEADER" />
|
|
</Match>
|
|
<Match>
|
|
<!-- If encoding is specified it will be used,
|
|
otherwise platform default encoding will be used -->
|
|
<Class name="org.apache.catalina.servlets.DefaultServlet"/>
|
|
<Or>
|
|
<Method name="copy"/>
|
|
<Method name="getReadme"/>
|
|
</Or>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The use of != with a String is a deliberate hack -->
|
|
<Class name="org.apache.catalina.servlets.DefaultServlet" />
|
|
<Method name="serveResource" />
|
|
<Bug pattern="ES_COMPARING_STRINGS_WITH_EQ" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Non-constant strings are configuration settings rather than client
|
|
supplied -->
|
|
<Class name="org.apache.catalina.session.JDBCStore" />
|
|
<Or>
|
|
<Method name="clear" />
|
|
<Method name="getSize" />
|
|
<Method name="keys" />
|
|
<Method name="load" />
|
|
<Method name="remove" />
|
|
<Method name="save" />
|
|
</Or>
|
|
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Syncs aren't intended to protect these fields -->
|
|
<Class name="org.apache.catalina.session.JDBCStore" />
|
|
<Or>
|
|
<Field name="dataSourceName" />
|
|
<Field name="sessionAppCol" />
|
|
<Field name="sessionIdCol" />
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- We can live with the threading issue. See code comment for details. -->
|
|
<Class name="org.apache.catalina.session.ManagerBase" />
|
|
<Method name="generateSessionId" />
|
|
<Bug code="VO" />
|
|
</Match>
|
|
<Match>
|
|
<!-- These fields should not be serialized with the session -->
|
|
<Class name="org.apache.catalina.session.StandardSession" />
|
|
<Or>
|
|
<Field name="listeners" />
|
|
<Field name="notes" />
|
|
<Field name="support" />
|
|
</Or>
|
|
<Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of null is deliberate -->
|
|
<Class name="org.apache.catalina.ssi.ExpressionParseTree" />
|
|
<Method name="pushOpp" />
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- If encoding is specified it will be used,
|
|
otherwise platform default encoding will be used -->
|
|
<Class name="org.apache.catalina.ssi.SSIServlet"/>
|
|
<Method name="processSSI"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- If encoding is specified it will be used,
|
|
otherwise platform default encoding will be used -->
|
|
<Class name="org.apache.catalina.ssi.SSIServletExternalResolver"/>
|
|
<Method name="getFileText"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Dead store is deliberate to test URL validity -->
|
|
<Class name="org.apache.catalina.startup.Bootstrap" />
|
|
<Method name="createClassLoader" />
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Failure at this point is fatal -->
|
|
<Class name="org.apache.catalina.startup.Bootstrap" />
|
|
<Method name="initClassLoaders" />
|
|
<Bug pattern="DM_EXIT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Catalina isn't used when embedding -->
|
|
<Class name="org.apache.catalina.startup.Catalina" />
|
|
<Method name="stopServer" />
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The stream is closed in WebXmlParser.parseWebXml -->
|
|
<Class name="org.apache.catalina.startup.ContextConfig" />
|
|
<Or>
|
|
<Method name="getContextWebXmlSource" />
|
|
<Method name="getWebXmlSource" />
|
|
</Or>
|
|
<Bug code="OBL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Method checks result and logs error later -->
|
|
<Class name="org.apache.catalina.startup.ExpandWar" />
|
|
<Method name="deleteDir" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sleep is short, needs to keep lock -->
|
|
<Class name="org.apache.catalina.startup.HostConfig" />
|
|
<Method name="checkResources" />
|
|
<Bug code="SWL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- context is never null -->
|
|
<Class name="org.apache.catalina.startup.HostConfig" />
|
|
<Or>
|
|
<Method name="deployDescriptor" />
|
|
<Method name="deployDirectory" />
|
|
<Method name="deployWAR" />
|
|
</Or>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Deployer instance may implement Listener -->
|
|
<Class name="org.apache.catalina.storeconfig.CatalinaClusterSF" />
|
|
<Method name="storeChildren" />
|
|
<Bug pattern="EC_UNRELATED_TYPES_USING_POINTER_EQUALITY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- If old -> save worked, assume save -> old will to -->
|
|
<Class name="org.apache.catalina.storeconfig.StoreFileMover" />
|
|
<Method name="move" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Monitor only used for election -->
|
|
<Class name="org.apache.catalina.tribes.group.interceptors.NonBlockingCoordinator"/>
|
|
<Method name="startElection"/>
|
|
<Bug pattern="WA_NOT_IN_LOOP"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
|
|
<Method name="memberAlive"/>
|
|
<Bug code="DE"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.group.ChannelCoordinator"/>
|
|
<Field name="membershipService"/>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.group.RpcChannel"/>
|
|
<Method name="send"/>
|
|
<Bug pattern="WA_NOT_IN_LOOP"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.membership.McastServiceImpl"/>
|
|
<Method name="stop"/>
|
|
<Bug code="DE"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.membership.McastServiceImpl$ReceiverThread"/>
|
|
<Method name="run"/>
|
|
<Bug code="DE"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.membership.McastServiceImpl$RecoveryThread"/>
|
|
<Method name="run"/>
|
|
<Bug code="NS"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is to protect construction of data not individual fields -->
|
|
<Class name="org.apache.catalina.tribes.membership.MemberImpl"/>
|
|
<Or>
|
|
<Method name="getCommand"/>
|
|
<Method name="getDomain"/>
|
|
<Method name="getHost"/>
|
|
<Method name="getPayload"/>
|
|
<Method name="getPort"/>
|
|
<Method name="getSecurePort"/>
|
|
<Method name="getUdpPort"/>
|
|
<Method name="getUniqueId"/>
|
|
</Or>
|
|
<Bug pattern="UG_SYNC_SET_UNSYNC_GET"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.membership.MemberImpl"/>
|
|
<Field name="dataPkg"/>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Byte arrays contents are not mutated -->
|
|
<Class name="org.apache.catalina.tribes.membership.MemberImpl"/>
|
|
<Or>
|
|
<Field name="command"/>
|
|
<Field name="domain"/>
|
|
<Field name="host"/>
|
|
<Field name="payload"/>
|
|
<Field name="uniqueId"/>
|
|
</Or>
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- lock is in clone so this is safe -->
|
|
<Class name="org.apache.catalina.tribes.membership.Membership" />
|
|
<Method name="clone" />
|
|
<Bug pattern="ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Byte arrays contents are not mutated -->
|
|
<Class name="org.apache.catalina.tribes.membership.Membership" />
|
|
<Field name="members"/>
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Fields are always recalculated on access -->
|
|
<Class name="org.apache.catalina.tribes.tipis.AbstractReplicatedMap$MapMessage" />
|
|
<Or>
|
|
<Field name="key" />
|
|
<Field name="value" />
|
|
</Or>
|
|
<Bug pattern="SE_TRANSIENT_FIELD_NOT_RESTORED" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is not intended to protect access to this field -->
|
|
<Class name="org.apache.catalina.tribes.transport.ReplicationTransmitter"/>
|
|
<Field name="oname"/>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Intentional in case thread is waiting -->
|
|
<Class name="org.apache.catalina.tribes.transport.RxTaskPool"/>
|
|
<Method name="returnWorker"/>
|
|
<Bug code="NN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is to protect multiple against calls to connect() -->
|
|
<Class name="org.apache.catalina.tribes.transport.nio.NioSender"/>
|
|
<Or>
|
|
<Field name="dataChannel"/>
|
|
<Field name="socketChannel"/>
|
|
<Field name="writebuf"/>
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Byte arrays contents are not mutated -->
|
|
<Class name="org.apache.catalina.tribes.transport.nio.NioSender"/>
|
|
<Field name="current"/>
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.util.LifecycleBase" />
|
|
<Method name="getState"/>
|
|
<Bug code="UG" />
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is a fallback -->
|
|
<Class name="org.apache.catalina.util.URLEncoder"/>
|
|
<Method name="encode"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getRemoteHost() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.valves.AbstractAccessLogValve$HostElement"/>
|
|
<Method name="addElement"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getMethod() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.valves.AbstractAccessLogValve$RequestElement"/>
|
|
<Method name="addElement"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Non-constant strings are configuration settings rather than client
|
|
supplied -->
|
|
<Class name="org.apache.catalina.valves.JDBCAccessLogValve" />
|
|
<Method name="open" />
|
|
<Bug code="SQL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getQueryString() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.valves.rewrite.RewriteValve"/>
|
|
<Method name="invoke"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- request.getQueryString() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.catalina.valves.StuckThreadDetectionValve"/>
|
|
<Method name="invoke"/>
|
|
<Bug code="RCN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Array contents is not mutated -->
|
|
<Class name="org.apache.catalina.webresources.CachedResource"/>
|
|
<Or>
|
|
<Field name="webResources"/>
|
|
<Field name="cachedContent"/>
|
|
</Or>
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of synchronisation is required to make a sequence of calls in -->
|
|
<!-- one method appear to be atomic. -->
|
|
<Class name="org.apache.coyote.AbstractProcessorLight"/>
|
|
<Or>
|
|
<Method name="addDispatch"/>
|
|
<Method name="getIteratorAndClearDispatches"/>
|
|
<Method name="clearDispatches"/>
|
|
</Or>
|
|
<Bug pattern="JLM_JSR166_UTILCONCURRENT_MONITORENTER" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Correct behaviour does not assume sequential operations on concurrent
|
|
hash map are atomic. -->
|
|
<Class name="org.apache.coyote.AbstractProtocol$AbstractConnectionHandler" />
|
|
<Method name="process" />
|
|
<Bug pattern="AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION" />
|
|
</Match>
|
|
<Match>
|
|
<!-- readChunk will not be null due to previous call to readBytes() -->
|
|
<Class name="org.apache.coyote.http11.filters.ChunkedInputFilter" />
|
|
<Method name="parseHeader"/>
|
|
<Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Locks are always released. Non-standard pattern is required because -->
|
|
<!-- of lock upgrade that is used. -->
|
|
<Class name="org.apache.coyote.http11.upgrade.AprServletInputStream" />
|
|
<Method name="doRead"/>
|
|
<Bug code="UL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Locks are always released. Non-standard pattern is required because -->
|
|
<!-- of lock upgrade that is used. -->
|
|
<Class name="org.apache.coyote.http11.upgrade.AprServletOutputStream" />
|
|
<Method name="doWrite"/>
|
|
<Bug code="UL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.coyote.http11.Http11Processor" />
|
|
<Method name="service"/>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Locks are always released. Non-standard pattern is required because -->
|
|
<!-- of lock upgrade that is used. -->
|
|
<Class name="org.apache.coyote.http11.InternalAprInputBuffer" />
|
|
<Method name="doReadSocket"/>
|
|
<Bug code="UL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Locks are always released. Non-standard pattern is required because -->
|
|
<!-- of lock upgrade that is used. -->
|
|
<Class name="org.apache.coyote.http11.InternalAprOutputBuffer" />
|
|
<Method name="writeToSocket"/>
|
|
<Bug code="UL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- HpackDecoder is used by multiple streams but not concurrently. -->
|
|
<Class name="org.apache.coyote.http2.HpackDecoder" />
|
|
<Method name="emitHeader" />
|
|
<Bug pattern="VO_VOLATILE_INCREMENT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Number being tested is unsigned. -->
|
|
<Class name="org.apache.coyote.http2.Http2UpgradeHandler" />
|
|
<Method name="createRemoteStream" />
|
|
<Bug pattern="IM_BAD_CHECK_FOR_ODD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Loss of the occasional increment is acceptable. -->
|
|
<Class name="org.apache.coyote.http2.Http2UpgradeHandler" />
|
|
<Method name="pruneClosedStreams" />
|
|
<Bug pattern="VO_VOLATILE_INCREMENT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Notify is correct. Condition changed outside of this method. -->
|
|
<Class name="org.apache.coyote.http2.Http2UpgradeHandler" />
|
|
<Method name="incrementWindowSize" />
|
|
<Bug pattern="NN_NAKED_NOTIFY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value is intentionally ignored. -->
|
|
<Class name="org.apache.coyote.http2.Http2UpgradeHandler$PingManager" />
|
|
<Method name="receivePing" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Notify is correct. Condition changed outside of this method. -->
|
|
<Class name="org.apache.coyote.http2.Stream" />
|
|
<Or>
|
|
<Method name="incrementWindowSize" />
|
|
<Method name="receiveReset" />
|
|
</Or>
|
|
<Bug pattern="NN_NAKED_NOTIFY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Monitor is used for a single condition. -->
|
|
<Class name="org.apache.coyote.http2.WindowAllocationManager" />
|
|
<Method name="notify" />
|
|
<Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Monitor is used for a single condition. -->
|
|
<Class name="org.apache.coyote.http2.WindowAllocationManager" />
|
|
<Method name="waitFor" />
|
|
<Bug pattern="WA_NOT_IN_LOOP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Returning null is required by the EL specification -->
|
|
<Class name="org.apache.el.lang.ELSupport" />
|
|
<Method name="coerceToBoolean"/>
|
|
<Bug pattern="NP_BOOLEAN_RETURN_NULL"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Result is negated because arguments have to be swapped -->
|
|
<Class name="org.apache.el.lang.ELSupport" />
|
|
<Method name="compare"/>
|
|
<Bug pattern="RV_NEGATING_RESULT_OF_COMPARETO"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- JspC will not be used under a security manager -->
|
|
<Class name="org.apache.jasper.JspC"/>
|
|
<Method name="initClassLoader"/>
|
|
<Bug code="DP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Parser config is static so statics are appropriate -->
|
|
<Class name="org.apache.jasper.JspC"/>
|
|
<Method name="setValidateXml"/>
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<!-- If encoding is specified it will be used,
|
|
otherwise platform default encoding will be used -->
|
|
<Class name="org.apache.jasper.JspC"/>
|
|
<Or>
|
|
<Method name="openWebxmlReader"/>
|
|
<Method name="openWebxmlWriter"/>
|
|
</Or>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Node constructors add node to parent. Local variable is used to
|
|
silence an Eclipse warning -->
|
|
<Class name="org.apache.jasper.compiler.ELFunctionMapper"/>
|
|
<Method name="map"/>
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is not protecting these fields -->
|
|
<Class name="org.apache.jasper.compiler.JspConfig"/>
|
|
<Or>
|
|
<Field name="defaultDeferedSyntaxAllowedAsLiteral" />
|
|
<Field name="defaultIsELIgnored" />
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- NPE is not possible -->
|
|
<Class name="org.apache.jasper.compiler.JspConfig"/>
|
|
<Method name="selectProperty"/>
|
|
<Bug code="NP"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- NPE is not possible -->
|
|
<Class name="org.apache.jasper.compiler.JspConfig"/>
|
|
<Method name="selectProperty"/>
|
|
<Bug code="NP"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Yes this is a dead store. This is so the IDE warning can be suppressed.
|
|
The object creation has side-effects so the code is required. -->
|
|
<Class name="org.apache.jasper.compiler.JspDocumentParser" />
|
|
<Or>
|
|
<Method name="comment"/>
|
|
<Method name="processChars"/>
|
|
</Or>
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Returning null is intentional -->
|
|
<Class name="org.apache.jasper.compiler.JspReader"/>
|
|
<Method name="indexOf"/>
|
|
<Bug code="NP"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Node constructors add node to parent. Local variable is used to
|
|
silence an Eclipse warning -->
|
|
<Class name="org.apache.jasper.compiler.Parser"/>
|
|
<Bug code="DLS"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of == is deliberate -->
|
|
<Class name="org.apache.jasper.compiler.Parser"/>
|
|
<Method name="parseBody"/>
|
|
<Bug code="ES"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is not protecting this field -->
|
|
<Class name="org.apache.jasper.compiler.SmapGenerator"/>
|
|
<Field name="doEmbedded" />
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Only base null is handled by this resolver -->
|
|
<Class name="org.apache.jasper.el.ELResolverImpl"/>
|
|
<Or>
|
|
<Method name="getType" />
|
|
<Method name="getValue" />
|
|
<Method name="isReadOnly" />
|
|
<Method name="setValue" />
|
|
</Or>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Array contents are not mutated -->
|
|
<Class name="org.apache.jasper.el.JasperELResolver"/>
|
|
<Field name="resolvers" />
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- base null is handled by this resolver -->
|
|
<Class name="org.apache.jasper.el.JasperELResolver"/>
|
|
<Method name="getValue" />
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is a fallback -->
|
|
<Class name="org.apache.jasper.runtime.JspRuntimeLibrary"/>
|
|
<Method name="URLEncode"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of == is deliberate, String.intern() is used -->
|
|
<Class name="org.apache.jasper.xmlparser.XMLEncodingDetector"/>
|
|
<Method name="scanXMLDeclOrTextDecl"/>
|
|
<Bug code="ES"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Stream is closed in o.a.juli.ClassLoaderLogManager.readConfiguration
|
|
(InputStream, ClassLoader) -->
|
|
<Class name="org.apache.juli.ClassLoaderLogManager"/>
|
|
<Method name="readConfiguration"/>
|
|
<Bug code="OBL"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- If encoding is specified it will be used,
|
|
otherwise platform default encoding will be used -->
|
|
<Class name="org.apache.juli.FileHandler"/>
|
|
<Method name="openWriter"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- As per the comment, FileSystems.getDefault() does have a
|
|
side-effect. -->
|
|
<Class name="org.apache.juli.logging.LogFactory"/>
|
|
<Method name="<init>"/>
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Reference.equals() implementation correctly handles sub-classes -->
|
|
<Class name="org.apache.naming.ServiceRef" />
|
|
<Pattern code="EQ_DOESNT_OVERRIDE_EQUALS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Simpler to catch Exception than to create dummy implementations of the
|
|
necessary exception hierarchy -->
|
|
<Class name="org.apache.naming.factory.SendMailFactory$1" />
|
|
<Method name="run" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Simpler to catch Exception than to create dummy implementations of the
|
|
necessary exception hierarchy -->
|
|
<Class name="org.apache.naming.factory.webservices.ServiceProxy" />
|
|
<Method name="<init>"/>
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Class name needs to start with a lower case letter in this case -->
|
|
<Class name="org.apache.naming.java.javaURLContextFactory" />
|
|
<Bug code="Nm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Utility classes used to import/export l10n strings -->
|
|
<!-- This code does not need to be robust -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.buildutil.translate.Export"/>
|
|
<Class name="org.apache.tomcat.buildutil.translate.Import"/>
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value is never used -->
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.DelegatingConnection" />
|
|
<Method name="prepareStatement" />
|
|
<Bug pattern="NP_NONNULL_RETURN_VIOLATION" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL is from config so is considered safe -->
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory" />
|
|
<Method name="initializeConnection" />
|
|
<Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL construction is safe for validation query -->
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory" />
|
|
<Method name="validateConnection" />
|
|
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL construction is necessary for pooled statements -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementSQL" />
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithAutoGeneratedKeys" />
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithColumnIndexes" />
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithColumnNames" />
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithResultSetConcurrency" />
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.PStmtKey$PreparedStatementWithResultSetHoldability" />
|
|
</Or>
|
|
<Method name="createStatement" />
|
|
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL construction is necessary for pooled statements -->
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.cpdsadapter.PooledConnectionImpl" />
|
|
<Method name="makeObject" />
|
|
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL construction is safe for validation query -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.datasources.CPDSConnectionFactory" />
|
|
<Class name="org.apache.tomcat.dbcp.dbcp2.datasources.KeyedCPDSConnectionFactory" />
|
|
</Or>
|
|
<Method name="validateObject" />
|
|
<Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Pooled objects can't be null so this is OK -->
|
|
<Class name="org.apache.tomcat.dbcp.pool2.impl.BaseGenericObjectPool$IdentityWrapper" />
|
|
<Method name="equals" />
|
|
<Bug pattern="NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Natural ordering behaviour is docuemented in Javadoc -->
|
|
<Class name="org.apache.tomcat.dbcp.pool2.impl.DefaultPooledObject" />
|
|
<Bug pattern="EQ_COMPARETO_USE_OBJECT_EQUALS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Increment is in sync block so it is safe. Volatile is used so reading
|
|
thread sees latest value. -->
|
|
<Class name="org.apache.tomcat.dbcp.pool2.impl.DefaultPooledObject" />
|
|
<Method name="allocate" />
|
|
<Bug pattern="VO_VOLATILE_INCREMENT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fields do not need to be sync'd for toString() -->
|
|
<Class name="org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool" />
|
|
<Or>
|
|
<Field name="createCount"/>
|
|
<Field name="numActive"/>
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value is ignored but a null result will trigger an exception -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.ConnectionPool$ConnectionFuture" />
|
|
<Method name="get" />
|
|
<Bug code="RV" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Name shadowing is deliberate -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.jdbc.pool.DataSource" />
|
|
<Class name="org.apache.tomcat.jdbc.pool.XADataSource" />
|
|
</Or>
|
|
<Bug pattern="NM_SAME_SIMPLE_NAME_AS_INTERFACE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Lock is released -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.FairBlockingQueue" />
|
|
<Method name="poll" />
|
|
<Bug code="UL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of == is deliberate -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.JdbcInterceptor" />
|
|
<Method name="compare" />
|
|
<Bug code="ES" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Lock is released -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.MultiLockFairBlockingQueue" />
|
|
<Method name="poll" />
|
|
<Bug code="UL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL is from config so is considered safe -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.PooledConnection" />
|
|
<Method name="validate" />
|
|
<Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Array elements are not mutated -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.PoolProperties" />
|
|
<Field name="interceptors" />
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The name isn't great but it is part of the public API now -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.TrapException" />
|
|
<Bug pattern="NM_CLASS_NOT_EXCEPTION" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Lack of thread-safety is accepted in return for better performance. -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats" />
|
|
<Or>
|
|
<Method name="add" />
|
|
<Method name="failure" />
|
|
<Method name="prepare" />
|
|
</Or>
|
|
<Bug code="VO" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fields are used by native code. Tomcat doesn't use them but they are
|
|
part of the public API. -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.jni.FileInfo" />
|
|
<Class name="org.apache.tomcat.jni.Sockaddr" />
|
|
</Or>
|
|
<Bug pattern="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Field is populated by JNI code -->
|
|
<Class name="org.apache.tomcat.jni.Sockaddr" />
|
|
<Bug pattern="UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.IntrospectionUtils" />
|
|
<Method name="findMethod"/>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Class name is appropriate -->
|
|
<Class name="org.apache.tomcat.util.bcel.classfile.CodeException"/>
|
|
<Bug code="Nm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Field by field copy is fine for clone in this case -->
|
|
<Class name="org.apache.tomcat.util.bcel.classfile.StackMapType"/>
|
|
<Bug code="CN" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.tomcat.util.bcel.classfile.Utility"/>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Handled by abstract base class -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.util.buf.ByteChunk"/>
|
|
<Class name="org.apache.tomcat.util.buf.CharChunk"/>
|
|
</Or>
|
|
<Bug pattern="HE_EQUALS_NO_HASHCODE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Returning null here is fine -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.util.buf.ByteChunk"/>
|
|
<Class name="org.apache.tomcat.util.buf.CharChunk"/>
|
|
</Or>
|
|
<Method name="toString"/>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Returning null here is fine -->
|
|
<Class name="org.apache.tomcat.util.buf.MessageBytes"/>
|
|
<Method name="toString"/>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Whilst cache is global there may be multiple instances (one per -->
|
|
<!-- server so statics are appropriate -->
|
|
<Class name="org.apache.tomcat.util.buf.StringCache"/>
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Array is only ever updated as a whole, not element by element -->
|
|
<Class name="org.apache.tomcat.util.buf.StringCache"/>
|
|
<Or>
|
|
<Field name="bcCache"/>
|
|
<Field name="ccCache"/>
|
|
</Or>
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- mb.toString() can be null because
|
|
o.a.t.util.buf.MessageBytes.toString() can return NULL -->
|
|
<Class name="org.apache.tomcat.util.buf.UDecoder"/>
|
|
<Method name="convert"/>
|
|
<Bug code="RCN" />
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is a fallback -->
|
|
<Class name="org.apache.tomcat.util.buf.UDecoder"/>
|
|
<Method name="URLDecode"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- URLs used are always provided by the container so would normally be -->
|
|
<!-- file URLs. -->
|
|
<Class name="org.apache.tomcat.util.descriptor.tld.TldResourcePath" />
|
|
<Or>
|
|
<Method name="equals" />
|
|
<Method name="hashCode" />
|
|
</Or>
|
|
<Bug pattern="DMI_BLOCKING_METHODS_ON_URL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- NPE is desired as it indicates an error condition -->
|
|
<Class name="org.apache.tomcat.util.digester.CallMethodRule"/>
|
|
<Method name="end"/>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Test really is for the same object rather than equality -->
|
|
<Class name="org.apache.tomcat.util.digester.Digester"/>
|
|
<Or>
|
|
<Method name="updateBodyText"/>
|
|
<Method name="updateAttributes"/>
|
|
</Or>
|
|
<Bug code="ES" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Write to static field is intentional -->
|
|
<Class name="org.apache.tomcat.util.digester.Digester"/>
|
|
<Method name="<init>"/>
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.tomcat.util.http.LegacyCookieProcessor" />
|
|
<Method name="processCookieHeader"/>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is a fallback -->
|
|
<Class name="org.apache.tomcat.util.http.fileupload.MultipartStream"/>
|
|
<Method name="readHeaders"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Deletion failure should never happen -->
|
|
<Class name="org.apache.tomcat.util.http.fileupload.disk.DiskFileItem"/>
|
|
<Or>
|
|
<Method name="delete"/>
|
|
<Method name="finalize"/>
|
|
</Or>
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_BAD_PRACTICE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is a fallback -->
|
|
<Class name="org.apache.tomcat.util.http.fileupload.disk.DiskFileItem"/>
|
|
<Method name="getString"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- the platform default encoding is deliberate -->
|
|
<Class name="org.apache.tomcat.util.http.fileupload.util.Streams"/>
|
|
<Method name="asString"/>
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.tomcat.util.http.parser.Cookie" />
|
|
<Or>
|
|
<Method name="logInvalidHeader"/>
|
|
<Method name="logInvalidVersion"/>
|
|
</Or>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Hiding of field in superclass is deliberate -->
|
|
<Class name="org.apache.tomcat.util.modeler.NotificationInfo"/>
|
|
<Field name="info" />
|
|
<Bug code="MF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- JSSE vs APR attribute names. More confusing to change one of them -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint"/>
|
|
<Or>
|
|
<Method name="getSSLProtocol"/>
|
|
<Method name="setSSLProtocol"/>
|
|
</Or>
|
|
<Bug code="Nm"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- See wait() call in destroy() -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/>
|
|
<Method name="run"/>
|
|
<Bug code="NN" />
|
|
</Match>
|
|
<Match>
|
|
<!-- There is only a single wait in run() when the poller is idle -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/>
|
|
<Or>
|
|
<Method name="add"/>
|
|
<Method name="close"/>
|
|
<Method name="destroy"/>
|
|
</Or>
|
|
<Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Single condition. No interupts. -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Poller"/>
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Sendfile"/>
|
|
</Or>
|
|
<Method name="destroy"/>
|
|
<Bug pattern="WA_NOT_IN_LOOP" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Sendfile"/>
|
|
<Method name="run"/>
|
|
<Or>
|
|
<!-- see wait() call in destroy() -->
|
|
<Bug code="NN" />
|
|
<!-- notify() is called from add() -->
|
|
<Bug code="UW" />
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<!-- There is only a single wait in run() when the poller is idle -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Sendfile"/>
|
|
<Or>
|
|
<Method name="add"/>
|
|
<Method name="destroy"/>
|
|
</Or>
|
|
<Bug pattern="NO_NOTIFY_NOT_NOTIFYALL" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Simpler to wait a pollTime than test each Poller thread -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$Sendfile"/>
|
|
<Method name="destroy"/>
|
|
<Bug pattern="UW_UNCOND_WAIT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is there to protect referenced object not field -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$SocketEventProcessor"/>
|
|
<Method name="run"/>
|
|
<Bug code="ML" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Modifications to SocketLists are always protected by syncs -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$SocketList"/>
|
|
<Or>
|
|
<Method name="add"/>
|
|
<Method name="remove"/>
|
|
</Or>
|
|
<Bug pattern="VO_VOLATILE_INCREMENT"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Object is only ever set to null, sync therefore is still valid -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$SocketProcessor"/>
|
|
<Method name="run"/>
|
|
<Bug code="ML"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Sync is there to protect referenced object not field -->
|
|
<Class name="org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor"/>
|
|
<Method name="run"/>
|
|
<Bug code="ML" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value is ignored at this point but logic further up call -->
|
|
<!-- stack will ensure that a SocketTimeoutException is thrown -->
|
|
<Class name="org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper"/>
|
|
<Method name="awaitLatch"/>
|
|
<Bug code="RV"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Object is only ever set to null, sync therefore is still valid -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.util.net.NioEndpoint$SocketProcessor"/>
|
|
<Class name="org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor"/>
|
|
</Or>
|
|
<Method name="run"/>
|
|
<Bug code="ML"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Single condition so no need for wait to be in loop -->
|
|
<Class name="org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper"/>
|
|
<Or>
|
|
<Method name="read"/>
|
|
<Method name="write"/>
|
|
</Or>
|
|
<Bug pattern="WA_NOT_IN_LOOP" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Single wait so no need for notifyAll() -->
|
|
<Class name="org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler"/>
|
|
<Or>
|
|
<Method name="completed"/>
|
|
<Method name="failed"/>
|
|
</Or>
|
|
<Bug pattern="NO_NOTIFY_NOT_NOTIFYALL " />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.net.SecureNioChannel"/>
|
|
<Method name="rehandshake"/>
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.tomcat.util.net.SecureNioChannel" />
|
|
<Method name="processSNI"/>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.tomcat.util.net.SecureNio2Channel" />
|
|
<Method name="processSNI"/>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Stream will be closed -->
|
|
<Class name="org.apache.tomcat.util.net.jsse.PEMFile" />
|
|
<Method name="<init>" />
|
|
<Pattern name="OS_OPEN_STREAM" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Array elements are not modified after assignment -->
|
|
<Class name="org.apache.tomcat.util.net.openssl.OpenSSLEngine" />
|
|
<Or>
|
|
<Field name="peerCerts"/>
|
|
<Field name="x509PeerCerts"/>
|
|
</Or>
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
<Match>
|
|
<!-- No performance issue as there is no DNS resolution -->
|
|
<Class name="org.apache.tomcat.util.scan.StandardJarScanner" />
|
|
<Bug pattern="DMI_COLLECTION_OF_URLS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Yes the simple name is the same as the super class. Accept it. -->
|
|
<Class name="org.apache.tomcat.util.threads.ThreadPoolExecutor" />
|
|
<Bug code="Nm" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Object creation will trigger input processing. -->
|
|
<Class name="org.apache.tomcat.websocket.WsWebSocketContainer" />
|
|
<Method name="connectToServer" />
|
|
<Bug code="DLS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Fall-through expected -->
|
|
<Class name="org.apache.tomcat.websocket.server.WsHttpUpgradeHandler" />
|
|
<Method name="upgradeDispatch"/>
|
|
<Bug code="SF" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The array contents is never mutated. -->
|
|
<Class name="org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer" />
|
|
<Field name="buffers" />
|
|
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
|
|
</Match>
|
|
|
|
<!-- Example code -->
|
|
<Match>
|
|
<!-- FindBugs assumes the container uses the values as is. Tomcat validates
|
|
them and escapes them as necessary to ensure they are safe. -->
|
|
<Class name="CookieExample" />
|
|
<Method name="doGet" />
|
|
<Bug code="HRS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Not really unused as it registers itself during construction -->
|
|
<Class name="nonblocking.ByteCounter" />
|
|
<Method name="doPost" />
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Not really unused as it registers itself during construction -->
|
|
<Class name="nonblocking.NumberWriter" />
|
|
<Method name="doGet" />
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE" />
|
|
</Match>
|
|
|
|
|
|
<!-- Generated code -->
|
|
<Match>
|
|
<Or>
|
|
<Class name="org.apache.el.parser.AstFloatingPoint" />
|
|
<Class name="org.apache.el.parser.AstFunction" />
|
|
<Class name="org.apache.el.parser.AstInteger" />
|
|
<Class name="org.apache.el.parser.AstNegative" />
|
|
<Class name="org.apache.el.parser.AstValue" />
|
|
<Class name="org.apache.el.parser.ELParser" />
|
|
<Class name="org.apache.el.parser.ELParserConstants" />
|
|
<Class name="org.apache.el.parser.ELParserTokenManager" />
|
|
<Class name="org.apache.el.parser.ELParserTreeConstants" />
|
|
<Class name="org.apache.el.parser.ParseException" />
|
|
<Class name="org.apache.el.parser.SimpleCharStream" />
|
|
<Class name="org.apache.el.parser.TokenMgrError" />
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<!-- fCurrentEntity may be null after endEntity() call -->
|
|
<Class name="org.apache.jasper.xmlparser.XMLEncodingDetector" />
|
|
<Method name="load" />
|
|
<Bug code="RCN" />
|
|
</Match>
|
|
|
|
|
|
<!-- Test code -->
|
|
<Match>
|
|
<!-- Code is deliberately unused -->
|
|
<Class name="javax.el.TestImportHandler" />
|
|
<Method name="testImportPackage01_57574"/>
|
|
<Bug pattern="UC_USELESS_OBJECT"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Code is deliberately unused -->
|
|
<Or>
|
|
<Class name="javax.servlet.http.TestCookie" />
|
|
<Class name="javax.servlet.http.TestCookieStrict" />
|
|
</Or>
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Name is consistent in context -->
|
|
<Class name="javax.servlet.http.TestHttpServletResponseSendError$ErrorServletStaticException" />
|
|
<Bug pattern="NM_CLASS_NOT_EXCEPTION"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Code is intentionally unused -->
|
|
<Class name="org.apache.catalina.authenticator.TestBasicAuthParser"/>
|
|
<Or>
|
|
<Method name="testAuthMethodBadMethod"/>
|
|
<Method name="testBadBase64Char"/>
|
|
</Or>
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.connector.TestCoyoteAdapter$AsyncServlet"/>
|
|
<Field name="t"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.core.TestApplicationSessionCookieConfig$CustomContext" />
|
|
<Method name="getState"/>
|
|
<Bug code="UG" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value of latch is intentionally ignored -->
|
|
<Class name="org.apache.catalina.connector.TestSendFile"/>
|
|
<Method name="testBug60409"/>
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Dead store is deliberate -->
|
|
<Or>
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$AsyncDispatchUrlWithSpacesServlet"/>
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$ForwardDispatchUrlWithSpacesServlet"/>
|
|
</Or>
|
|
<Method name="doGet"/>
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Or>
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$Bug49528Servlet"/>
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$Bug49567Servlet"/>
|
|
</Or>
|
|
<Field name="result"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$Bug53843ServletA"/>
|
|
<Field name="isAsyncWhenExpected"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$AsyncIoEndServlet"/>
|
|
<Field name="asyncIoEndWriteListener"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.core.TestAsyncContextImpl$AsyncISEServlet"/>
|
|
<Field name="asyncContext"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate use of run() for the purposes of the test -->
|
|
<Class name="org.apache.catalina.core.TestAsyncContextStateChanges$AsyncServlet"/>
|
|
<Method name="doGet"/>
|
|
<Bug pattern="RU_INVOKE_RUN"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Hard-coded absolute path is intentional -->
|
|
<Class name="org.apache.catalina.core.TestStandardContext"/>
|
|
<Method name="testBug57556b"/>
|
|
<Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.core.TestStandardContext$Bug51376Servlet"/>
|
|
<Field name="destroyOk"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.filters.TestRemoteIpFilter$MockHttpServlet"/>
|
|
<Field name="request"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value of latch is intentionally ignored -->
|
|
<Class name="org.apache.catalina.nonblocking.TestNonBlockingAPI"/>
|
|
<Method name="testDelayedNBWrite"/>
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.nonblocking.TestNonBlockingAPI$NBReadServlet"/>
|
|
<Filed name="listener"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value of read is intentionally ignored -->
|
|
<Class name="org.apache.catalina.nonblocking.TestNonBlockingAPI$NBReadWithDispatchServlet$1"/>
|
|
<Method name="onDataAvailable"/>
|
|
<Bug pattern="RR_NOT_CHECKED"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.startup.TesterServletWithAnnotations"/>
|
|
<Or>
|
|
<Field name="envEntry2"/>
|
|
<Field name="envEntry3"/>
|
|
<Field name="envEntry4"/>
|
|
<Field name="envEntry6"/>
|
|
</Or>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.startup.TesterServletWithLifeCycleMethods"/>
|
|
<Field name="result"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<Or>
|
|
<Class name="org.apache.catalina.startup.TestListener$SCL" />
|
|
<Class name="org.apache.catalina.startup.TestListener$SCL3" />
|
|
</Or>
|
|
<Method name="contextInitialized" />
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.startup.TestTomcatClassLoader$ClassLoaderReport"/>
|
|
<Bug code="Se"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.startup.TestTomcat$CustomContextConfig"/>
|
|
<Field name="used"/>
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Test code - array is safe -->
|
|
<Class name="org.apache.catalina.startup.TomcatBaseTest"/>
|
|
<Field name="booleans"/>
|
|
<Bug pattern="MS_MUTABLE_ARRAY"/>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.EchoRpcTest" />
|
|
<Method name="run"/>
|
|
<Bug code="REC" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.EchoRpcTest$SystemExit" />
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.IntrospectionUtils" />
|
|
<Method name="findMethod"/>
|
|
<Bug code="NP" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.LoadTest" />
|
|
<Method name="memberAdded"/>
|
|
<Bug code="NN" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.LoadTest" />
|
|
<Method name="run"/>
|
|
<Or>
|
|
<Bug code="REC" />
|
|
<Bug code="UW" />
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.LoadTest$SystemExit" />
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.demos.MapDemo$SystemExit" />
|
|
<Bug code="Dm" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.channel.TestChannelOptionFlag" />
|
|
<Method name="tearDown" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.channel.TestChannelStartStop" />
|
|
<Method name="tearDown" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.channel.TestChannelStartStop" />
|
|
<Method name="testDoublePartialStart" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.channel.TestChannelStartStop" />
|
|
<Method name="testFalseOption" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.channel.TestRemoteProcessException" />
|
|
<Bug code="Nm" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.interceptors.TestNonBlockingCoordinator" />
|
|
<Method name="testCoord1" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.membership.TestTcpFailureDetector" />
|
|
<Method name="tearDown" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.transport.SocketReceive$1" />
|
|
<Method name="run" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.transport.SocketTribesReceive$1" />
|
|
<Method name="run" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.transport.SocketTribesReceive" />
|
|
<Method name="main" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.catalina.tribes.test.transport.SocketValidateReceive$1" />
|
|
<Method name="run" />
|
|
<Bug code="DE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Concrete Map type not affected -->
|
|
<Class name="org.apache.catalina.util.TestParameterMap" />
|
|
<Method name="testEntrySetImmutabilityAfterLocked" />
|
|
<Bug pattern="DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.catalina.valves.TestStuckThreadDetectionValve$StickingServlet"/>
|
|
<Field name="wasInterrupted"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Code is deliberately unused -->
|
|
<Or>
|
|
<Class name="org.apache.catalina.webresources.AbstractTestFileResourceSet" />
|
|
<Class name="org.apache.catalina.webresources.TestDirResourceSet" />
|
|
<Class name="org.apache.catalina.webresources.TestJarResourceSet" />
|
|
<Class name="org.apache.catalina.webresources.TestJarResourceSetInternal" />
|
|
</Or>
|
|
<Method name="testNoArgConstructor" />
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value ignored as this is a performance test -->
|
|
<Class name="org.apache.catalina.webresources.TestAbstractFileResourceSetPerformance" />
|
|
<Method name="testFileNameFiltering" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of hard-coded path is deliberate -->
|
|
<Class name="org.apache.catalina.webresources.TestStandardRoot" />
|
|
<Method name="<clinit>" />
|
|
<Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.coyote.http11.filters.TestChunkedInputFilter$BodyReadServlet"/>
|
|
<Or>
|
|
<Field name="countRead"/>
|
|
<Field name="exceptionDuringRead"/>
|
|
</Or>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.coyote.http11.filters.TestChunkedInputFilter$EchoHeaderServlet"/>
|
|
<Field name="exceptionDuringRead"/>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.coyote.http11.TestHttp11Processor"/>
|
|
<Field name="bug55772IsSecondRequest"/>
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Result is negated to compare result when order is reversed -->
|
|
<Class name="org.apache.el.TestELEvaluation" />
|
|
<Method name="compareBoth" />
|
|
<Bug pattern="RV_NEGATING_RESULT_OF_COMPARETO" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Performance test so results ignored -->
|
|
<Class name="org.apache.jasper.compiler.TesterValidator" />
|
|
<Method name="doTestBug53867" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Test is single threaded. Syncs not required. -->
|
|
<Class name="org.apache.jasper.util.FastRemovalDequeue" />
|
|
<Or>
|
|
<Field name="first" />
|
|
<Field name="last" />
|
|
</Or>
|
|
<Bug pattern="IS2_INCONSISTENT_SYNC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Field set via injection-->
|
|
<Class name="org.apache.naming.TesterInjectionServlet" />
|
|
<Or>
|
|
<Field name="property1" />
|
|
<Field name="property3" />
|
|
</Or>
|
|
<Bug pattern="UWF_NULL_FIELD" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Deliberate hack for the purposes of the test -->
|
|
<Class name="org.apache.naming.TesterInjectionServlet" />
|
|
<Or>
|
|
<Field name="property2"/>
|
|
<Field name="property2a"/>
|
|
</Or>
|
|
<Bug pattern="MSF_MUTABLE_SERVLET_FIELD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of statics is unavoidable in all cases -->
|
|
<!-- Better to use it consistently rather than only where necessary -->
|
|
<Class name="org.apache.tomcat.jdbc.pool.interceptor.TestInterceptor" />
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The name shadowing is deliberate -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.jdbc.test.driver.Connection" />
|
|
<Class name="org.apache.tomcat.jdbc.test.driver.Driver" />
|
|
<Class name="org.apache.tomcat.jdbc.test.driver.ResultSet" />
|
|
</Or>
|
|
<Bug pattern="NM_SAME_SIMPLE_NAME_AS_INTERFACE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- The call with the ignored return value is used to ensure the pool -->
|
|
<!-- thinks the connection is being used. -->
|
|
<Class name="org.apache.tomcat.jdbc.test.AbandonPercentageTest" />
|
|
<Method name="testResetConnection" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED" />
|
|
</Match>
|
|
<Match>
|
|
<!-- A number of the tests incude performance tests -->
|
|
<Class name="org.apache.tomcat.jdbc.test.DefaultTestCase" />
|
|
<Method name="tearDown" />
|
|
<Bug pattern="DM_GC" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Test does not explicitly close statement deliberately -->
|
|
<Class name="org.apache.tomcat.jdbc.test.StatementFinalizerTest" />
|
|
<Method name="testStatementFinalization" />
|
|
<Bug pattern="ODR_OPEN_DATABASE_RESOURCE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Choice of name is deliberate -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestException" />
|
|
<Bug pattern="NM_CLASS_NOT_EXCEPTION" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Testing auto-close so connections not explicitly closed -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestGCClose" />
|
|
<Or>
|
|
<Method name="testGCStop" />
|
|
<Method name="testClose" />
|
|
</Or>
|
|
<Bug pattern="ODR_OPEN_DATABASE_RESOURCE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL is from config so is considered safe -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestSlowQueryReport" />
|
|
<Method name="testFastSql" />
|
|
<Bug pattern="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Use of static is unavoidable -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestStatementCache" />
|
|
<Method name="tearDown" />
|
|
<Bug code="ST" />
|
|
</Match>
|
|
<Match>
|
|
<!-- SQL is from generated in test code so is considered safe -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestStatementCache" />
|
|
<Method name="testMaxCacheSize" />
|
|
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Tests throw exceptions so connections are never created -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestValidationQueryTimeout" />
|
|
<Or>
|
|
<Method name="testValidationQueryTimeoutOnConnection" />
|
|
<Method name="testValidationInvalidOnConnection" />
|
|
<Method name="testValidationQueryTimeoutOnBorrow" />
|
|
</Or>
|
|
<Bug pattern="ODR_OPEN_DATABASE_RESOURCE" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Statics used to work around API limitations -->
|
|
<Class name="org.apache.tomcat.jdbc.test.TestValidationQueryTimeout" />
|
|
<Field name="isTimeoutSet" />
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.jdbc.test.TwoDataSources" />
|
|
<Method name="testTwoDataSources" />
|
|
<Or>
|
|
<!-- The object creation should fail -->
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED" />
|
|
<!-- The connection should be close by the pool -->
|
|
<Bug pattern="ODR_OPEN_DATABASE_RESOURCE" />
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.http.TestCookieParsing$EchoCookieHeader"/>
|
|
<Method name="service"/>
|
|
<Bug pattern="XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- No performance issue as there is no DNS resolution -->
|
|
<Class name="org.apache.tomcat.util.bcel.TesterPerformance" />
|
|
<Method name="testClassParserPerformance" />
|
|
<Bug pattern="DMI_COLLECTION_OF_URLS" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.net.TestSsl" />
|
|
<Or>
|
|
<Method name="testRenegotiateFail" />
|
|
<Method name="testRenegotiateWorks" />
|
|
</Or>
|
|
<Bug code="RR" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Path is designed to test edge cases and does not have to exist-->
|
|
<Class name="org.apache.tomcat.util.buf.TesterUriUtilBase" />
|
|
<Or>
|
|
<Method name="testBuildJarUrl01"/>
|
|
<Method name="testBuildJarUrl02"/>
|
|
<Method name="testBuildJarUrl03"/>
|
|
<Method name="performanceTestBuildJarUrl"/>
|
|
</Or>
|
|
<Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Object not used as this is a performance test -->
|
|
<Class name="org.apache.tomcat.util.http.TesterParametersPerformance" />
|
|
<Method name="doCreateString" />
|
|
<Bug pattern="UC_USELESS_OBJECT" />
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value ignored because an exception is expected -->
|
|
<Class name="org.apache.tomcat.util.net.TestTLSClientHelloExtractor" />
|
|
<Method name="doTestInputMalformed" />
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.threads.TestLimitLatch" />
|
|
<Or>
|
|
<Method name="waitForThreadToStop" />
|
|
<Method name="testTenWait" />
|
|
</Or>
|
|
<Bug pattern="NN_NAKED_NOTIFY " />
|
|
</Match>
|
|
<Match>
|
|
<Class name="org.apache.tomcat.util.threads.TestLimitLatch$TestThread" />
|
|
<Method name="run" />
|
|
<Or>
|
|
<Bug pattern="WA_NOT_IN_LOOP" />
|
|
<Bug pattern="UW_UNCOND_WAIT " />
|
|
</Or>
|
|
</Match>
|
|
<Match>
|
|
<!-- Return value of latch is intentionally ignored -->
|
|
<Or>
|
|
<Class name="org.apache.tomcat.websocket.TestWebSocketFrameClient"/>
|
|
<Class name="org.apache.tomcat.websocket.TestWebSocketFrameClientSSL"/>
|
|
</Or>
|
|
<Method name="testConnectToServerEndpoint"/>
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Statics are used deliberately as they are simpler -->
|
|
<Class name="org.apache.tomcat.websocket.server.TestClose" />
|
|
<Method name="setUp" />
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Statics are used deliberately as they are simpler -->
|
|
<Class name="org.apache.tomcat.websocket.TestWsSubprotocols$SubProtocolsEndpoint" />
|
|
<Field name="subprotocols" />
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Statics are used deliberately as they are simpler -->
|
|
<Class name="org.apache.tomcat.websocket.TestWsWebSocketContainer$ConstantTxEndpoint" />
|
|
<Or>
|
|
<Field name="exception" />
|
|
<Field name="running" />
|
|
<Field name="timeout" />
|
|
</Or>
|
|
<Bug pattern="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Code is deliberately unused -->
|
|
<Class name="org.apache.tomcat.websocket.server.TestUriTemplate" />
|
|
<Or>
|
|
<Method name="testBasicPrefix" />
|
|
<Method name="testDuplicate01" />
|
|
<Method name="testEgMailingList04" />
|
|
<Method name="testEgMailingList05" />
|
|
<Method name="testQuote2" />
|
|
</Or>
|
|
<Bug pattern="DLS_DEAD_LOCAL_STORE"/>
|
|
</Match>
|
|
<Match>
|
|
<!-- Exception thrown so return value ignored -->
|
|
<Class name="org.apache.tomcat.websocket.server.TestUriTemplate" />
|
|
<Or>
|
|
<Method name="testPrefixOneOfTwo" />
|
|
<Method name="testPrefixTwoOfTwo" />
|
|
<Method name="testQuote1" />
|
|
</Or>
|
|
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"/>
|
|
</Match>
|
|
</FindBugsFilter>
|