Skip to content

Commit

Permalink
Merge pull request #368 from apache/add-spotbugs
Browse files Browse the repository at this point in the history 
Ad SpotBugs and FindSecBugs
  • Loading branch information
@bdemers
bdemers authored Sep 6, 2023
2 parents 5bfff65 + d50d390 commit 73cb365
Show file tree
Hide file tree
Showing 32 changed files with 228 additions and 114 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
cache: maven

- name: Build with Maven
run: ./mvnw verify -V -B --no-transfer-progress
run: ./mvnw verify -Pci -V -B --no-transfer-progress
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cron.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ jobs:
cache: maven

- name: Build with Maven
run: ./mvnw verify -Pci -V -B --no-transfer-progress
run: ./mvnw verify dependency-check:check -Pci -V -B --no-transfer-progress
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
34 changes: 30 additions & 4 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -619,6 +619,30 @@
<rulesets>
<ruleset>${session.executionRootDirectory}/src/pmd/ruleset.xml</ruleset>
</rulesets>
<excludeRoots>
<excludeRoot>${project.build.directory}/generated-sources/</excludeRoot>
</excludeRoots>
</configuration>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.7.3.5</version>
<configuration>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>1.12.0</version>
</plugin>
</plugins>
<effort>Max</effort>
<threshold>Medium</threshold>
<failOnError>true</failOnError>
<omitVisitors>CrlfLogInjectionDetector</omitVisitors>
<xmlOutput>true</xmlOutput>
<fork>false</fork>
<excludeFilterFile>${session.executionRootDirectory}/src/spotbugs/excludes.xml</excludeFilterFile>
</configuration>
</plugin>
</plugins>
Expand All @@ -631,19 +655,21 @@
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<executions>
<execution>
<id>scan</id>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<executions>
<execution>
<id>scan</id>
Expand Down
2 changes: 2 additions & 0 deletions scim-core/src/main/java/org/apache/directory/scim/core/json/ObjectMapperFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ public static ObjectMapper createObjectMapper(SchemaRegistry schemaRegistry) {

static class ScimResourceModule extends SimpleModule {

private static final long serialVersionUID = 6849840952304999849L;

private final SchemaRegistry schemaRegistry;

public ScimResourceModule(SchemaRegistry schemaRegistry) {
Expand Down
2 changes: 2 additions & 0 deletions scim-core/src/main/java/org/apache/directory/scim/core/json/ScimResourceDeserializer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@
import java.util.stream.StreamSupport;

public class ScimResourceDeserializer extends StdDeserializer<ScimResource> {

private static final long serialVersionUID = -2125441391108866034L;
private final SchemaRegistry schemaRegistry;

public ScimResourceDeserializer(SchemaRegistry schemaRegistry) {
Expand Down
6 changes: 3 additions & 3 deletions scim-core/src/main/java/org/apache/directory/scim/core/repository/PatchHandlerImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,7 @@ default <T extends ScimResource> void applyExtensionValue(final T source, Map<St
<T extends ScimResource> void applyMultiValue(final T source, Map<String, Object> sourceAsMap, Schema schema, Attribute attribute, ValuePathExpression valuePathExpression, Object value);
}

private class AddOperationHandler implements PatchOperationHandler {
private static class AddOperationHandler implements PatchOperationHandler {

@Override
public <T extends ScimResource> void applyExtensionValue(T source, Map<String, Object> sourceAsMap, Schema schema, Attribute attribute, ValuePathExpression valuePathExpression, String urn, Object value) {
Expand Down Expand Up @@ -314,7 +314,7 @@ public <T extends ScimResource> void applyMultiValue(T source, Map<String, Objec
}
}

private class ReplaceOperationHandler implements PatchOperationHandler {
private static class ReplaceOperationHandler implements PatchOperationHandler {

@Override
public void applySingleValue(Map<String, Object> sourceAsMap, Attribute attribute, AttributeReference attributeReference, Object value) {
Expand Down Expand Up @@ -366,7 +366,7 @@ public <T extends ScimResource> void applyMultiValue(T source, Map<String, Objec
}
}

private class RemoveOperationHandler implements PatchOperationHandler {
private static class RemoveOperationHandler implements PatchOperationHandler {

@Override
public void applySingleValue(Map<String, Object> sourceAsMap, Attribute attribute, AttributeReference attributeReference, Object value) {
Expand Down
6 changes: 4 additions & 2 deletions ...re/src/main/java/org/apache/directory/scim/core/repository/PrioritySortingComparator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,16 @@

package org.apache.directory.scim.core.repository;

import java.io.Serializable;
import java.util.Comparator;
import java.util.Set;

import org.apache.directory.scim.spec.resources.TypedAttribute;

class PrioritySortingComparator implements Comparator<Object> {
class PrioritySortingComparator implements Comparator<Object>, Serializable {

private Set<Object> priorities;
private static final long serialVersionUID = -8759531575215428525L;
private final Set<Object> priorities;

public PrioritySortingComparator(Set<Object> priorities) {
this.priorities = priorities;
Expand Down
2 changes: 1 addition & 1 deletion scim-core/src/main/java/org/apache/directory/scim/core/repository/UpdateRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,7 @@ List<PatchOperation> convertToPatchOperations(JsonNode node) throws IllegalArgum
private List<PatchOperation> convertNodeToPatchOperations(String operationNode, String diffPath, JsonNode valueNode) throws IllegalArgumentException, IllegalAccessException, JsonProcessingException {
log.debug("convertNodeToPatchOperations: {} , {}", operationNode, diffPath);
List<PatchOperation> operations = new ArrayList<>();
PatchOperation.Type patchOpType = PatchOperation.Type.valueOf(operationNode.toUpperCase());
PatchOperation.Type patchOpType = PatchOperation.Type.valueOf(operationNode.toUpperCase(Locale.ROOT));

if (diffPath != null && diffPath.length() >= 1) {
ParseData parseData = new ParseData(diffPath);
Expand Down
4 changes: 3 additions & 1 deletion scim-core/src/main/java/org/apache/directory/scim/core/schema/SchemaRegistry.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

package org.apache.directory.scim.core.schema;

import java.io.Serializable;
import java.util.*;

import org.apache.directory.scim.spec.annotation.ScimExtensionType;
Expand All @@ -33,8 +34,9 @@
import org.apache.directory.scim.spec.schema.Schemas;

@Slf4j
public class SchemaRegistry {
public class SchemaRegistry implements Serializable {

private static final long serialVersionUID = 2644269305703474835L;
private final Map<String, Schema> schemaMap = new HashMap<>();

private final Map<String, Class<? extends ScimResource>> schemaUrnToScimResourceClass = new HashMap<>();
Expand Down
2 changes: 1 addition & 1 deletion ...rver-jersey/src/main/java/org/apache/directory/scim/example/jersey/JerseyApplication.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ public static void main(String[] args) {
.thenAccept(instance -> instance.stopOnShutdown(stopResult -> container.close()));
URI uri = UriBuilder.fromUri("http://localhost/").port(8080).build();

System.out.printf("Application started: %s\nStop the application using CTRL+C%n", uri.toString());
System.out.printf("Application started: %s%nStop the application using CTRL+C%n", uri.toString());

// block and wait shut down signal, like CTRL+C
Thread.currentThread().join();
Expand Down
26 changes: 7 additions & 19 deletions scim-server/src/main/java/org/apache/directory/scim/server/rest/AttributeUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@

package org.apache.directory.scim.server.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.directory.scim.core.json.ObjectMapperFactory;
import org.apache.directory.scim.server.exception.AttributeDoesNotExistException;
import org.apache.directory.scim.server.exception.AttributeException;
import org.apache.directory.scim.spec.filter.attribute.AttributeReference;
Expand All @@ -35,11 +37,6 @@
import org.apache.directory.scim.spec.schema.Schema.Attribute.Type;
import org.apache.directory.scim.core.schema.SchemaRegistry;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
Expand All @@ -53,8 +50,11 @@ class AttributeUtil {

SchemaRegistry schemaRegistry;

private final ObjectMapper objectMapper;

AttributeUtil(SchemaRegistry schemaRegistry) {
this.schemaRegistry = schemaRegistry;
this.objectMapper = ObjectMapperFactory.createObjectMapper(schemaRegistry);
}

public <T extends ScimResource> T keepAlwaysAttributesForDisplay(T resource) throws AttributeException {
Expand Down Expand Up @@ -165,20 +165,8 @@ public <T extends ScimResource> T setExcludedAttributesForDisplay(T resource, Se
}

@SuppressWarnings("unchecked")
private <T extends ScimResource> T cloneScimResource(T original) throws AttributeException {
try {
ByteArrayOutputStream boas = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(boas);
oos.writeObject(original);

ByteArrayInputStream bais = new ByteArrayInputStream(boas.toByteArray());
ObjectInputStream ois = new ObjectInputStream(bais);
return (T) ois.readObject();
} catch (ClassNotFoundException e) {
throw new IllegalStateException(e);
} catch (IOException e) {
throw new AttributeException(e);
}
private <T extends ScimResource> T cloneScimResource(T original) {
return (T) this.objectMapper.convertValue(original, original.getClass());
}

private void removeAttributesOfType(Object object, AttributeContainer attributeContainer, Returned returned) throws AttributeException {
Expand Down
12 changes: 0 additions & 12 deletions scim-server/src/main/java/org/apache/directory/scim/server/rest/ScimResourceHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,18 +72,6 @@ private ScimResourceHelper() {
// Make this a utility class
}

/**
* Provides a set of JAX-RS annotated classes for the basic SCIM protocol
* functionality.
*
* @return the JAX-RS annotated classes.
* @deprecated use {@link ScimResourceHelper#scimpleFeatureAndResourceClasses}
*/
@Deprecated
public static Set<Class<?>> getScimClassesToLoad() {
return SCIMPLE_CLASSES;
}

public static Set<Class<?>> scimpleFeatureAndResourceClasses() {
Set<Class<?>> classes = new HashSet<>(RESOURCE_CLASSES);
classes.add(ScimpleFeature.class);
Expand Down
13 changes: 2 additions & 11 deletions scim-server/src/test/java/org/apache/directory/scim/server/rest/AttributeUtilTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,19 +64,10 @@ public class AttributeUtilTest {

@BeforeEach
public void setup() {
schemaRegistry = Mockito.mock(SchemaRegistry.class);
schemaRegistry = new SchemaRegistry();
schemaRegistry.addSchema(ScimUser.class, List.of(EnterpriseExtension.class, ExampleObjectExtension.class));

attributeUtil = new AttributeUtil(schemaRegistry);
Schema scimUserSchema = Schemas.schemaFor(ScimUser.class);
Schema scimEnterpriseUserSchema = Schemas.schemaForExtension(EnterpriseExtension.class);
Schema scimExampleSchema = Schemas.schemaForExtension(ExampleObjectExtension.class);

Mockito.when(schemaRegistry.getBaseSchemaOfResourceType(ScimUser.RESOURCE_NAME)).thenReturn(scimUserSchema);
Mockito.when(schemaRegistry.getSchema(ScimUser.SCHEMA_URI)).thenReturn(scimUserSchema);
Mockito.when(schemaRegistry.getSchema(EnterpriseExtension.URN)).thenReturn(scimEnterpriseUserSchema);
Mockito.when(schemaRegistry.getSchema(ExampleObjectExtension.URN)).thenReturn(scimExampleSchema);
Mockito.when(schemaRegistry.getAllSchemas()).thenReturn(Arrays.asList(scimUserSchema, scimEnterpriseUserSchema, scimExampleSchema));
Mockito.when(schemaRegistry.getAllSchemaUrns()).thenReturn(new HashSet<>(Arrays.asList(ScimUser.SCHEMA_URI, EnterpriseExtension.URN, ExampleObjectExtension.URN)));
}

@Test
Expand Down
12 changes: 9 additions & 3 deletions ...im-spec-protocol/src/main/java/org/apache/directory/scim/protocol/data/BulkOperation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,14 @@
import lombok.AllArgsConstructor;
import lombok.Data;

import java.io.Serializable;

@Data
@XmlType(propOrder = {"method","path","bulkId","data"})
@XmlAccessorType(XmlAccessType.NONE)
public class BulkOperation {
public class BulkOperation implements Serializable {

private static final long serialVersionUID = 6528874816710788132L;

public enum Method {
@XmlEnumValue("POST") POST,
Expand All @@ -47,8 +51,10 @@ public enum Method {
@Data
@AllArgsConstructor
@XmlAccessorType(XmlAccessType.NONE)
public static class StatusWrapper {

public static class StatusWrapper implements Serializable {

private static final long serialVersionUID = 1544738718748608248L;

public static StatusWrapper wrap(Status code) {
return new StatusWrapper(code);
}
Expand Down
4 changes: 3 additions & 1 deletion ...scim-spec-protocol/src/main/java/org/apache/directory/scim/protocol/data/BulkRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@
public class BulkRequest extends BaseResource<BulkRequest> {

public static final String SCHEMA_URI = "urn:ietf:params:scim:api:messages:2.0:BulkRequest";


private static final long serialVersionUID = -296570866318702047L;

@XmlElement
Integer failOnErrors;

Expand Down
2 changes: 1 addition & 1 deletion ...im-spec-protocol/src/main/java/org/apache/directory/scim/protocol/data/ErrorResponse.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public class ErrorResponse extends BaseResource<ErrorResponse> {

private static final long serialVersionUID = 9045421198080348116L;

public static String SCHEMA_URI = "urn:ietf:params:scim:api:messages:2.0:Error";
public static final String SCHEMA_URI = "urn:ietf:params:scim:api:messages:2.0:Error";

@XmlElement(nillable = true)
private String detail;
Expand Down
2 changes: 1 addition & 1 deletion ...im-spec-protocol/src/main/java/org/apache/directory/scim/protocol/data/StatusAdapter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public Status unmarshal(String v) throws Exception {
}

for (Status status : Status.values()) {
if (status.getStatusCode() == Integer.valueOf(v)) {
if (status.getStatusCode() == Integer.parseInt(v)) {
return status;
}
}
Expand Down
1 change: 1 addition & 0 deletions ...ma/src/main/java/org/apache/directory/scim/spec/filter/AttributeComparisonExpression.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

@Value
public class AttributeComparisonExpression implements FilterExpression, ValueFilterExpression {
private static final long serialVersionUID = -2865840428089850575L;
AttributeReference attributePath;
CompareOperator operation;
Object compareValue;
Expand Down
1 change: 1 addition & 0 deletions ...chema/src/main/java/org/apache/directory/scim/spec/filter/AttributePresentExpression.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

@Value
public class AttributePresentExpression implements FilterExpression, ValueFilterExpression {
private static final long serialVersionUID = -4491412651236977273L;
AttributeReference attributePath;

@Override
Expand Down
9 changes: 5 additions & 4 deletions ...chema/src/main/java/org/apache/directory/scim/spec/filter/ExpressionBuildingListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import java.util.ArrayDeque;
import java.util.Deque;
import java.util.Locale;

import org.apache.commons.lang3.StringEscapeUtils;
import org.slf4j.Logger;
Expand Down Expand Up @@ -92,7 +93,7 @@ public void exitFilterAttributeCompareExpression(FilterAttributeCompareExpressio
AttributeComparisonExpression attributeComparisonExpression;
String attributePathText = ctx.attributePath.getText();
AttributeReference attributePath = new AttributeReference(attributePathText);
CompareOperator compareOperator = CompareOperator.valueOf(ctx.op.getText().toUpperCase());
CompareOperator compareOperator = CompareOperator.valueOf(ctx.op.getText().toUpperCase(Locale.ROOT));
String compareValueText = ctx.compareValue.getText();
Object compareValue = parseJsonType(compareValueText);
attributeComparisonExpression = new AttributeComparisonExpression(attributePath, compareOperator, compareValue);
Expand All @@ -102,7 +103,7 @@ public void exitFilterAttributeCompareExpression(FilterAttributeCompareExpressio

@Override
public void exitFilterLogicExpression(FilterLogicExpressionContext ctx) {
String op = ctx.op.getText().toUpperCase();
String op = ctx.op.getText().toUpperCase(Locale.ROOT);
LogicalOperator logicalOperator = LogicalOperator.valueOf(op);
FilterExpression right = expressionStack.pop();
FilterExpression left = expressionStack.pop();
Expand All @@ -113,7 +114,7 @@ public void exitFilterLogicExpression(FilterLogicExpressionContext ctx) {

@Override
public void exitAttributeLogicExpression(AttributeLogicExpressionContext ctx) {
String op = ctx.op.getText().toUpperCase();
String op = ctx.op.getText().toUpperCase(Locale.ROOT);
LogicalOperator logicalOperator = LogicalOperator.valueOf(op);
FilterExpression right = expressionStack.pop();
FilterExpression left = expressionStack.pop();
Expand All @@ -134,7 +135,7 @@ public void exitAttributeGroupExpression(AttributeGroupExpressionContext ctx) {
@Override
public void exitAttributeCompareExpression(AttributeCompareExpressionContext ctx) {
String attributeName = ctx.attributeName.getText();
CompareOperator compareOperator = CompareOperator.valueOf(ctx.op.getText().toUpperCase());
CompareOperator compareOperator = CompareOperator.valueOf(ctx.op.getText().toUpperCase(Locale.ROOT));
Object value = parseJsonType(ctx.compareValue.getText());
AttributeReference attributeReference = new AttributeReference(attributeName);
AttributeComparisonExpression expression = new AttributeComparisonExpression(attributeReference, compareOperator, value);
Expand Down
Loading

0 comments on commit 73cb365

Please sign in to comment.