skylab/MasterPassword
2
0
Fork 0
Code Releases Activity

Consistent SpotBugs configuration & warning fixes.

Browse Source
This commit is contained in:
Maarten Billemont
2019-09-24 11:19:21 -04:00
parent d0dc393d70
commit 36692ac10d
12 changed files with 62 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
build.gradle
View File

@@ -1,38 +1,43 @@
allprojects {
apply plugin: 'findbugs'
group = 'com.lyndir.masterpassword'
version = '2.7.10'
tasks.withType( JavaCompile ) {
options.encoding = 'UTF-8'
sourceCompatibility = '1.8'
targetCompatibility = '1.8'
}
tasks.withType( FindBugs ) {
reports {
xml.enabled = false
html.enabled = true
}
}
}
buildscript {
repositories {
google()
jcenter()
gradlePluginPortal()
}
dependencies {
classpath group: 'com.android.tools.build', name: 'gradle', version: '3.5.0'
classpath group: 'gradle.plugin.com.github.spotbugs', name: 'spotbugs-gradle-plugin', version: '2.0.0'
}
}
allprojects {
group = 'com.lyndir.masterpassword'
version = '2.7.10'
}
subprojects {
apply plugin: 'com.github.spotbugs'
repositories {
google()
jcenter()
mavenCentral()
maven { url 'https://maven.lyndir.com' }
}
dependencies {
spotbugsPlugins group: 'com.h3xstream.findsecbugs', name: 'findsecbugs-plugin', version: '1.9.0'
}
tasks.withType( JavaCompile ) {
options.encoding = 'UTF-8'
sourceCompatibility = '1.8'
targetCompatibility = '1.8'
}
tasks.withType( com.github.spotbugs.SpotBugsTask ) {
reports {
xml.enabled = false
html.enabled = true
}
}
}

1
platform-android/build.gradle
View File

@@ -1,6 +1,5 @@
plugins {
id 'com.android.application'
id 'com.github.spotbugs' version '2.0.0'
}
android {

2
platform-independent/java/algorithm/build.gradle
View File

@@ -1,6 +1,5 @@
plugins {
id 'java-library'
id 'com.github.spotbugs' version '2.0.0'
}
description = 'Master Password Algorithm Implementation'
@@ -16,6 +15,7 @@ configurations {
dependencies {
implementation group: 'com.lyndir.lhunath.opal', name: 'opal-system', version: '1.7-p2'
implementation group: 'com.github.spotbugs', name: 'spotbugs-annotations', version: '4.0.0-beta4'
api group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: '2.9.8'
api group: 'org.jetbrains', name: 'annotations', version: '16.0.2'

2
platform-independent/java/algorithm/src/main/java/com/lyndir/masterpassword/impl/Native.java
View File

@@ -23,6 +23,7 @@ import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.ByteStreams;
import com.lyndir.lhunath.opal.system.logging.Logger;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.*;
import java.util.*;
import java.util.function.Predicate;
@@ -42,6 +43,7 @@ public final class Native {
private static final char EXTENSION_SEPARATOR = '.';
private static final String NATIVES_PATH = "lib";
@SuppressFBWarnings("PATH_TRAVERSAL_IN")
@SuppressWarnings({ "HardcodedFileSeparator", "LoadLibraryWithNonConstantString" })
public static boolean load(final Class<?> context, final String name) {

2
platform-independent/java/gui/build.gradle
View File

@@ -1,7 +1,6 @@
plugins {
id 'java'
id 'application'
id 'com.github.spotbugs' version '2.0.0'
id 'com.github.johnrengelman.shadow' version '5.1.0'
}
@@ -13,6 +12,7 @@ dependencies {
implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.1.2'
implementation group: 'com.yuvimasory', name: 'orange-extensions', version: '1.3.0'
implementation group: 'com.github.tulskiy', name: 'jkeymaster', version: '1.2'
implementation group: 'com.github.spotbugs', name: 'spotbugs-annotations', version: '4.0.0-beta4'
compile project( ':masterpassword-model' )
}

2
platform-independent/java/gui/src/main/java/com/lyndir/masterpassword/gui/util/Res.java
View File

@@ -24,6 +24,7 @@ import com.google.common.io.Resources;
import com.google.common.util.concurrent.*;
import com.lyndir.lhunath.opal.system.logging.Logger;
import com.lyndir.masterpassword.MPIdenticon;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.awt.*;
import java.io.IOException;
import java.util.concurrent.*;
@@ -232,6 +233,7 @@ public abstract class Res {
return new Font( fontName, style, size );
}
@SuppressFBWarnings("URLCONNECTION_SSRF_FD")
private void register() {
try {
Font font = Font.createFont( Font.TRUETYPE_FONT, Resources.getResource( resourceName ).openStream() );

3
platform-independent/java/gui/src/main/java/com/lyndir/masterpassword/gui/view/UserContentPanel.java
View File

@@ -23,6 +23,7 @@ import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.security.SecureRandom;
import java.util.*;
import java.util.Optional;
import java.util.concurrent.Future;
@@ -42,7 +43,7 @@ import javax.swing.text.PlainDocument;
@SuppressWarnings("SerializableStoresNonSerializable")
public class UserContentPanel extends JPanel implements MasterPassword.Listener, MPUser.Listener {
private static final Random random = new Random();
private static final Random random = new SecureRandom();
private static final int SIZE_RESULT = 48;
private static final Logger logger = Logger.get( UserContentPanel.class );
private static final JButton iconButton = Components.button( Res.icons().user(), null, null );

3
platform-independent/java/model/build.gradle
View File

@@ -1,6 +1,5 @@
plugins {
id 'java-library'
id 'com.github.spotbugs' version '2.0.0'
}
description = 'Master Password Site Model'
@@ -8,7 +7,7 @@ description = 'Master Password Site Model'
dependencies {
implementation group: 'com.lyndir.lhunath.opal', name: 'opal-system', version: '1.7-p2'
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.9.8'
implementation 'com.github.spotbugs:spotbugs-annotations:4.0.0-beta4'
implementation group: 'com.github.spotbugs', name: 'spotbugs-annotations', version: '4.0.0-beta4'
api project( ':masterpassword-algorithm' )
api group: 'joda-time', name: 'joda-time', version: '2.10'

3
platform-independent/java/model/src/main/java/com/lyndir/masterpassword/model/impl/MPFileUser.java
View File

@@ -21,6 +21,7 @@ package com.lyndir.masterpassword.model.impl;
import com.lyndir.lhunath.opal.system.logging.Logger;
import com.lyndir.masterpassword.*;
import com.lyndir.masterpassword.model.*;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.IOException;
import javax.annotation.Nonnull;
@@ -66,6 +67,7 @@ public class MPFileUser extends MPBasicUser<MPFileSite> {
MPMarshaller.ContentMode.PROTECTED, MPMarshalFormat.DEFAULT, location );
}
@SuppressFBWarnings("PATH_TRAVERSAL_IN")
public MPFileUser(final String fullName, @Nullable final byte[] keyID, final MPAlgorithm algorithm, final int avatar,
@Nullable final MPResultType defaultType, final ReadableInstant lastUsed, final boolean hidePasswords,
final MPMarshaller.ContentMode contentMode, final MPMarshalFormat format, final File location) {
@@ -169,6 +171,7 @@ public class MPFileUser extends MPBasicUser<MPFileSite> {
* The user's old file is either moved to the new or deleted. If the user's file was already at the destination, it doesn't change.
* If a file already exists at the destination, it is overwritten.
*/
@SuppressFBWarnings("PATH_TRAVERSAL_IN")
public void migrateTo(final File path, final MPMarshalFormat newFormat) {
MPMarshalFormat oldFormat = format;
File oldFile = file, newFile = new File( path, getFullName() + newFormat.fileSuffix() );

2
platform-independent/java/tests/build.gradle
View File

@@ -1,6 +1,5 @@
plugins {
id 'java'
id 'com.github.spotbugs' version '2.0.0'
}
description = 'Master Password Test Suite'
@@ -8,6 +7,7 @@ description = 'Master Password Test Suite'
dependencies {
implementation group: 'com.lyndir.lhunath.opal', name: 'opal-system', version: '1.7-p2'
implementation group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
implementation group: 'com.github.spotbugs', name: 'spotbugs-annotations', version: '4.0.0-beta4'
implementation project( ':masterpassword-algorithm' )
implementation project( ':masterpassword-model' )

26
platform-independent/java/tests/src/main/java/com/lyndir/masterpassword/MPTestSuite.java
View File

@@ -23,13 +23,15 @@ import com.google.common.collect.Lists;
import com.google.common.primitives.UnsignedInteger;
import com.lyndir.lhunath.opal.system.logging.Logger;
import com.lyndir.lhunath.opal.system.util.ConversionUtils;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.*;
import java.util.concurrent.Callable;
import javax.xml.XMLConstants;
import javax.xml.parsers.*;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.*;
import org.xml.sax.ext.DefaultHandler2;
@@ -42,6 +44,16 @@ public class MPTestSuite implements Callable<Boolean> {
@SuppressWarnings("UnusedDeclaration")
private static final Logger logger = Logger.get( MPTestSuite.class );
private static final String DEFAULT_RESOURCE_NAME = "mpw_tests.xml";
private static final SAXParserFactory factory = SAXParserFactory.newInstance();
static {
try {
factory.setFeature( XMLConstants.FEATURE_SECURE_PROCESSING, true );
}
catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
throw new UnsupportedOperationException( e );
}
}
private final MPTests tests;
private Listener listener;
@@ -51,14 +63,18 @@ public class MPTestSuite implements Callable<Boolean> {
this( DEFAULT_RESOURCE_NAME );
}
@SuppressFBWarnings("XXE_SAXPARSER")
public MPTestSuite(final String resourceName)
throws UnavailableException {
try {
tests = new MPTests();
tests.cases = Lists.newLinkedList();
SAXParser parser = SAXParserFactory.newInstance().newSAXParser();
Enumeration<URL> resources = Thread.currentThread().getContextClassLoader().getResources( "." );
parser.parse( Thread.currentThread().getContextClassLoader().getResourceAsStream( resourceName ), new DefaultHandler2() {
SAXParser parser = factory.newSAXParser();
InputStream resourceStream = Thread.currentThread().getContextClassLoader().getResourceAsStream( resourceName );
if (resourceStream == null)
throw new UnavailableException( new NullPointerException( "Missing resource: " + resourceName ) );
parser.parse( resourceStream, new DefaultHandler2() {
private final Deque<String> currentTags = Lists.newLinkedList();
private final Deque<StringBuilder> currentTexts = Lists.newLinkedList();
private MPTests.Case currentCase;

3
platform-independent/java/tests/src/test/java/com/lyndir/masterpassword/MPMasterKeyTest.java
View File

@@ -22,6 +22,7 @@ import static org.testng.Assert.*;
import com.lyndir.lhunath.opal.system.CodeUtils;
import com.lyndir.lhunath.opal.system.logging.Logger;
import java.security.SecureRandom;
import java.util.Random;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
@@ -31,6 +32,7 @@ public class MPMasterKeyTest {
@SuppressWarnings("UnusedDeclaration")
private static final Logger logger = Logger.get( MPMasterKeyTest.class );
private static final Random random = new SecureRandom();
private MPTestSuite testSuite;
@@ -121,7 +123,6 @@ public class MPMasterKeyTest {
}
private static String randomString(int length) {
Random random = new Random();
StringBuilder builder = new StringBuilder();
while (length > 0) {