zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2731) Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
Date Thu, 18 May 2017 21:29:04 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16016488#comment-16016488
] 

ASF GitHub Bot commented on ZOOKEEPER-2731:
-------------------------------------------

Github user afine commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/232#discussion_r117358635
  
    --- Diff: src/java/main/org/apache/jute/compiler/JType.java ---
    @@ -27,7 +27,7 @@
     	private String mCName;
         private String mCppName;
         private String mCsharpName;
    -    private String mJavaName;
    +    protected String mJavaName;
    --- End diff --
    
    @rakeshadr Apologies, I must not have been clear. There are no changes here that are for
the "sake" of performance. In fact, my concern is that my changes will negatively impact performance.

    
    After revisiting this change I think it makes more sense for us just to ignore the EI
and EI2 issues. I reverted the changes to the jute compiler and added org.apache.zookeeper.server.quorum.QuorumAuthPacket
to the findbugs exclusions file.
    



> Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
> -----------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2731
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2731
>             Project: ZooKeeper
>          Issue Type: Sub-task
>    Affects Versions: 3.4.9
>            Reporter: Rakesh R
>            Assignee: Abraham Fine
>             Fix For: 3.4.11
>
>
> Please refer the attached sheet in parent jira. Below is the details of findbug warnings.
> {code}
> MS	org.apache.zookeeper.Environment.JAAS_CONF_KEY isn't final but should be
> Bug type MS_SHOULD_BE_FINAL (click for details) 
> In class org.apache.zookeeper.Environment
> Field org.apache.zookeeper.Environment.JAAS_CONF_KEY
> At Environment.java:[line 34]
> MS	org.apache.zookeeper.server.ServerCnxn.cmd2String is a mutable collection which should
be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details) 
> In class org.apache.zookeeper.server.ServerCnxn
> Field org.apache.zookeeper.server.ServerCnxn.cmd2String
> At ServerCnxn.java:[line 230]
> MS	org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE is a mutable collection
> Bug type MS_MUTABLE_COLLECTION (click for details) 
> In class org.apache.zookeeper.ZooDefs$Ids
> Field org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE
> At ZooDefs.java:[line 100]
> MS	org.apache.zookeeper.ZooKeeperMain.commandMap is a mutable collection which should
be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details) 
> In class org.apache.zookeeper.ZooKeeperMain
> Field org.apache.zookeeper.ZooKeeperMain.commandMap
> At ZooKeeperMain.java:[line 53]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message