zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2731) Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
Date Mon, 22 May 2017 04:07:05 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019126#comment-16019126
] 

ASF GitHub Bot commented on ZOOKEEPER-2731:
-------------------------------------------

Github user rakeshadr commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/232#discussion_r117658774
  
    --- Diff: src/java/main/org/apache/zookeeper/ZooDefs.java ---
    @@ -96,21 +97,20 @@
             /**
              * This is a completely open ACL .
              */
    -        public final ArrayList<ACL> OPEN_ACL_UNSAFE = new ArrayList<ACL>(
    -                Collections.singletonList(new ACL(Perms.ALL, ANYONE_ID_UNSAFE)));
    +        public final List<ACL> OPEN_ACL_UNSAFE =
    +                Collections.singletonList(new ACL(Perms.ALL, ANYONE_ID_UNSAFE));
     
             /**
              * This ACL gives the creators authentication id's all permissions.
              */
    -        public final ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList<ACL>(
    -                Collections.singletonList(new ACL(Perms.ALL, AUTH_IDS)));
    +        public final List<ACL> CREATOR_ALL_ACL =
    --- End diff --
    
    Same as above, typically we won't modify the exposed APIs in 3.4.* releases. Its OK to
exclude this case as well.


> Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
> -----------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2731
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2731
>             Project: ZooKeeper
>          Issue Type: Sub-task
>    Affects Versions: 3.4.9
>            Reporter: Rakesh R
>            Assignee: Abraham Fine
>             Fix For: 3.4.11
>
>
> Please refer the attached sheet in parent jira. Below is the details of findbug warnings.
> {code}
> MS	org.apache.zookeeper.Environment.JAAS_CONF_KEY isn't final but should be
> Bug type MS_SHOULD_BE_FINAL (click for details) 
> In class org.apache.zookeeper.Environment
> Field org.apache.zookeeper.Environment.JAAS_CONF_KEY
> At Environment.java:[line 34]
> MS	org.apache.zookeeper.server.ServerCnxn.cmd2String is a mutable collection which should
be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details) 
> In class org.apache.zookeeper.server.ServerCnxn
> Field org.apache.zookeeper.server.ServerCnxn.cmd2String
> At ServerCnxn.java:[line 230]
> MS	org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE is a mutable collection
> Bug type MS_MUTABLE_COLLECTION (click for details) 
> In class org.apache.zookeeper.ZooDefs$Ids
> Field org.apache.zookeeper.ZooDefs$Ids.OPEN_ACL_UNSAFE
> At ZooDefs.java:[line 100]
> MS	org.apache.zookeeper.ZooKeeperMain.commandMap is a mutable collection which should
be package protected
> Bug type MS_MUTABLE_COLLECTION_PKGPROTECT (click for details) 
> In class org.apache.zookeeper.ZooKeeperMain
> Field org.apache.zookeeper.ZooKeeperMain.commandMap
> At ZooKeeperMain.java:[line 53]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message