Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2093

Fix spotbugs reported errors

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.3.0.Alpha1, 2.3.0.Final
    • None
    • None
    • None
    • Hide

      Use JDK11 or JDK17 to reproduce this.

      mvn clean verify -DskipTests --show-version --no-transfer-progress -Dmaven.test.failure.ignore=true -Dmaven.javadoc.skip=true -Denforcer.skip -Dfindbugs
      Show
      Use JDK11 or JDK17 to reproduce this. mvn clean verify -DskipTests --show-version --no-transfer-progress -Dmaven.test.failure.ignore= true -Dmaven.javadoc.skip= true -Denforcer.skip -Dfindbugs

    Description

      There is a set of errors detected by `spotbugs-maven-plugin` both with JDK11 and JDK17:

      core
      [INFO] --- spotbugs-maven-plugin:4.6.0.0:check (find-bugs) @ undertow-core ---
[INFO] BugInstance size is 22
[INFO] Error size is 0
[INFO] Total bugs: 22
[ERROR] Medium: Nullcheck of arrayPooled at line 488 of value previously dereferenced in io.undertow.conduits.DeflatingStreamSinkConduit.deflateData(boolean) [io.undertow.conduits.DeflatingStreamSinkConduit, io.undertow.conduits.DeflatingStreamSinkConduit] At DeflatingStreamSinkConduit.java:[line 488]Redundant null check at DeflatingStreamSinkConduit.java:[line 519] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 225 of value previously dereferenced in io.undertow.io.BlockingReceiverImpl.receiveFullBytes(Receiver$FullBytesCallback, Receiver$ErrorCallback) [io.undertow.io.BlockingReceiverImpl, io.undertow.io.BlockingReceiverImpl] At BlockingReceiverImpl.java:[line 225]Redundant null check at BlockingReceiverImpl.java:[line 229] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 124 of value previously dereferenced in io.undertow.io.BlockingReceiverImpl.receiveFullString(Receiver$FullStringCallback, Receiver$ErrorCallback, Charset) [io.undertow.io.BlockingReceiverImpl, io.undertow.io.BlockingReceiverImpl] At BlockingReceiverImpl.java:[line 124]Redundant null check at BlockingReceiverImpl.java:[line 128] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 272 of value previously dereferenced in io.undertow.io.BlockingReceiverImpl.receivePartialBytes(Receiver$PartialBytesCallback, Receiver$ErrorCallback) [io.undertow.io.BlockingReceiverImpl, io.undertow.io.BlockingReceiverImpl] At BlockingReceiverImpl.java:[line 272]Redundant null check at BlockingReceiverImpl.java:[line 278] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 172 of value previously dereferenced in io.undertow.io.BlockingReceiverImpl.receivePartialString(Receiver$PartialStringCallback, Receiver$ErrorCallback, Charset) [io.undertow.io.BlockingReceiverImpl, io.undertow.io.BlockingReceiverImpl] At BlockingReceiverImpl.java:[line 172]Redundant null check at BlockingReceiverImpl.java:[line 179] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 199 of value previously dereferenced in io.undertow.io.BlockingSenderImpl.performTransfer(FileChannel, IoCallback) [io.undertow.io.BlockingSenderImpl, io.undertow.io.BlockingSenderImpl] At BlockingSenderImpl.java:[line 199]Redundant null check at BlockingSenderImpl.java:[line 216] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 263 of value previously dereferenced in io.undertow.io.BlockingSenderImpl.writeBuffer(ByteBuffer[], IoCallback) [io.undertow.io.BlockingSenderImpl, io.undertow.io.BlockingSenderImpl] At BlockingSenderImpl.java:[line 263]Redundant null check at BlockingSenderImpl.java:[line 272] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Static field "io.undertow.protocols.alpn.OpenSSLAlpnProvider.getOpenSSLAlpnMethods()" is modified by an instance level io.undertow.protocols.alpn.OpenSSLAlpnProvider.getOpenSSLAlpnMethods(). [io.undertow.protocols.alpn.OpenSSLAlpnProvider] At OpenSSLAlpnProvider.java:[line 105] SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA
[ERROR] Medium: Static field "io.undertow.protocols.alpn.OpenSSLAlpnProvider.getOpenSSLAlpnMethods()" is modified by an instance level io.undertow.protocols.alpn.OpenSSLAlpnProvider.getOpenSSLAlpnMethods(). [io.undertow.protocols.alpn.OpenSSLAlpnProvider] At OpenSSLAlpnProvider.java:[line 90] SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA
[ERROR] Medium: Static field "io.undertow.protocols.ssl.SslConduit.doWrap(ByteBuffer[], int, int)" is modified by an instance level io.undertow.protocols.ssl.SslConduit.doWrap(ByteBuffer[], int, int). [io.undertow.protocols.ssl.SslConduit] At SslConduit.java:[line 934] SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA
[ERROR] Medium: Increment of volatile field io.undertow.protocols.ssl.SslConduit.outstandingTasks in io.undertow.protocols.ssl.SslConduit$5.run() [io.undertow.protocols.ssl.SslConduit$5] At SslConduit.java:[line 1144] VO_VOLATILE_INCREMENT
[ERROR] Medium: Increment of volatile field io.undertow.protocols.ssl.SslConduit.outstandingTasks in io.undertow.protocols.ssl.SslConduit$5$1.run() [io.undertow.protocols.ssl.SslConduit$5$1] At SslConduit.java:[line 1127] VO_VOLATILE_INCREMENT
[ERROR] High: Random object created and used only once in new io.undertow.security.impl.SimpleNonceManager(String) [io.undertow.security.impl.SimpleNonceManager] At SimpleNonceManager.java:[line 133] DMI_RANDOM_USED_ONLY_ONCE
[ERROR] Medium: Load of known null value in io.undertow.security.impl.SingleSignOnAuthenticationMechanism.authenticate(HttpServerExchange, SecurityContext) [io.undertow.security.impl.SingleSignOnAuthenticationMechanism] At SingleSignOnAuthenticationMechanism.java:[line 124] NP_LOAD_OF_KNOWN_NULL_VALUE
[ERROR] Medium: Redundant nullcheck of sso which is known to be null in io.undertow.security.impl.SingleSignOnAuthenticationMechanism.authenticate(HttpServerExchange, SecurityContext) [io.undertow.security.impl.SingleSignOnAuthenticationMechanism] Redundant null check at SingleSignOnAuthenticationMechanism.java:[line 124] RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
[ERROR] Medium: Nullcheck of sso at line 172 of value previously dereferenced in io.undertow.security.impl.SingleSignOnAuthenticationMechanism$ResponseListener.wrap(ConduitFactory, HttpServerExchange) [io.undertow.security.impl.SingleSignOnAuthenticationMechanism$ResponseListener, io.undertow.security.impl.SingleSignOnAuthenticationMechanism$ResponseListener] At SingleSignOnAuthenticationMechanism.java:[line 172]Redundant null check at SingleSignOnAuthenticationMechanism.java:[line 174] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of pooled at line 223 of value previously dereferenced in io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler.parseBlocking() [io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler, io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler] At MultiPartParserDefinition.java:[line 223]Redundant null check at MultiPartParserDefinition.java:[line 239] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of stream at line 96 of value previously dereferenced in io.undertow.server.handlers.resource.PathResource.list() [io.undertow.server.handlers.resource.PathResource, io.undertow.server.handlers.resource.PathResource] At PathResource.java:[line 96]Redundant null check at PathResource.java:[line 99] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of stream at line 153 of value previously dereferenced in io.undertow.server.handlers.resource.URLResource.list() [io.undertow.server.handlers.resource.URLResource, io.undertow.server.handlers.resource.URLResource] At URLResource.java:[line 153]Redundant null check at URLResource.java:[line 156] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Static field "io.undertow.server.protocol.framed.ShutdownFallbackExecutor.execute(Runnable)" is modified by an instance level io.undertow.server.protocol.framed.ShutdownFallbackExecutor.execute(Runnable). [io.undertow.server.protocol.framed.ShutdownFallbackExecutor] At ShutdownFallbackExecutor.java:[line 42] SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA
[ERROR] High: Increment of volatile field io.undertow.server.session.InMemorySessionManager.expiredSessionCount in io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(HttpServerExchange, SessionListener$SessionDestroyedReason) [io.undertow.server.session.InMemorySessionManager$SessionImpl] At InMemorySessionManager.java:[line 624] VO_VOLATILE_INCREMENT
[ERROR] High: Random object created and used only once in io.undertow.websockets.client.WebSocket13ClientHandshake.createSecKey() [io.undertow.websockets.client.WebSocket13ClientHandshake] At WebSocket13ClientHandshake.java:[line 148] DMI_RANDOM_USED_ONLY_ONCE
      servlet
      [INFO] --- spotbugs-maven-plugin:4.6.0.0:check (find-bugs) @ undertow-servlet ---
[INFO] BugInstance size is 2
[INFO] Error size is 0
[INFO] Total bugs: 2
[ERROR] Medium: Public static io.undertow.servlet.Servlets.defaultContainer() may expose internal representation by returning Servlets.container [io.undertow.servlet.Servlets, io.undertow.servlet.Servlets] At Servlets.java:[line 56]Another occurrence at Servlets.java:[line 60] MS_EXPOSE_REP
[ERROR] Medium: Public static io.undertow.servlet.core.ServletExtensionHolder.getServletExtensions() may expose internal representation by returning ServletExtensionHolder.extensions [io.undertow.servlet.core.ServletExtensionHolder] At ServletExtensionHolder.java:[line 36] MS_EXPOSE_REP
      websockets-jsr
      [INFO] --- spotbugs-maven-plugin:4.6.0.0:check (find-bugs) @ undertow-websockets-jsr ---
[INFO] BugInstance size is 2
[INFO] Error size is 0
[INFO] Total bugs: 2
[ERROR] Medium: Public method io.undertow.websockets.jsr.DefaultContainerConfigurator.getEndpointInstance(Class) uses reflection to create a class it gets in its parameter which could increase the accessibility of any class [io.undertow.websockets.jsr.DefaultContainerConfigurator] At DefaultContainerConfigurator.java:[line 92] REFLC_REFLECTION_MAY_INCREASE_ACCESSIBILITY_OF_CLASS
[ERROR] Medium: Static field "io.undertow.websockets.jsr.UndertowContainerProvider.getDefaultContainer()" is modified by an instance level io.undertow.websockets.jsr.UndertowContainerProvider.getDefaultContainer(). [io.undertow.websockets.jsr.UndertowContainerProvider] At UndertowContainerProvider.java:[line 94] SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA
      benchmarks
      [INFO] --- spotbugs-maven-plugin:4.6.0.0:check (find-bugs) @ undertow-benchmarks ---
[INFO] BugInstance size is 4
[INFO] Error size is 0
[INFO] Total bugs: 4
[ERROR] Medium: Nullcheck of response at line 56 of value previously dereferenced in io.undertow.benchmarks.SimpleBenchmarks.benchmarkBlockingEmptyGet(SimpleBenchmarkState) [io.undertow.benchmarks.SimpleBenchmarks, io.undertow.benchmarks.SimpleBenchmarks] At SimpleBenchmarks.java:[line 56]Redundant null check at SimpleBenchmarks.java:[line 57] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of response at line 72 of value previously dereferenced in io.undertow.benchmarks.SimpleBenchmarks.benchmarkBlockingEmptyPost(SimpleBenchmarkState) [io.undertow.benchmarks.SimpleBenchmarks, io.undertow.benchmarks.SimpleBenchmarks] At SimpleBenchmarks.java:[line 72]Redundant null check at SimpleBenchmarks.java:[line 76] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of response at line 64 of value previously dereferenced in io.undertow.benchmarks.SimpleBenchmarks.benchmarkBlockingLargeGet(SimpleBenchmarkState) [io.undertow.benchmarks.SimpleBenchmarks, io.undertow.benchmarks.SimpleBenchmarks] At SimpleBenchmarks.java:[line 64]Redundant null check at SimpleBenchmarks.java:[line 65] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
[ERROR] Medium: Nullcheck of response at line 84 of value previously dereferenced in io.undertow.benchmarks.SimpleBenchmarks.benchmarkBlockingLargePost(SimpleBenchmarkState) [io.undertow.benchmarks.SimpleBenchmarks, io.undertow.benchmarks.SimpleBenchmarks] At SimpleBenchmarks.java:[line 84]Redundant null check at SimpleBenchmarks.java:[line 88] RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE

      We should investigate these reported errors and either fix or exclude them via spotbugs-exclude.xml.

      Note for the broader historic context: at the moment the build with spotbugs check enabled passes just fine even with these errors detected because we have following lines in the `spotbugs-maven-plugin` profile configuration defined:

                              <configuration>
                            <failOnError>false</failOnError>
                        </configuration>

      These were added for JDK11 only in the past (see this PR) because of this issue. By that time there was also JDK8 run, so any real spotbugs issues have been detected there at least. Since Undertow moved to JDK11+ recently (this commit) we shall try to remove this workaround so we don't miss any new possible real issue.

      We configured the spotbugs maven plugin to

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFCORE-6057 Upgrade Undertow to 2.3.0.Final (CVE-2022-2764)

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-2097 DMI_RANDOM_USED_ONLY_ONCE error reported by spotbugs

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-2091 spotbugs-maven-plugin needs to be updated to work with JDK17

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) UNDERTOW-2263 Enhance and detail further the spotbugs exclude files

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              flaviarnn Flavia Rainone
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: