Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

JCRVLT-702 Enable forbiddenapis in Maven build #287

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

JCRVLT-702 Enable forbiddenapis in Maven build #287

wants to merge 1 commit into from

Conversation

kwin
Copy link
Member

@kwin kwin commented Apr 5, 2023

The detects issues like JCRVLT-702

@kwin
Copy link
Member Author

kwin commented Apr 5, 2023
edited
Loading

@reschke 59 issues to fix. Do you have capacity to take this over?

@kwin kwin force-pushed the feature/enable-forbiddenapis branch from 8f9bab5 to 7e41907 Compare April 5, 2023 16:08
@reschke
Copy link
Contributor

reschke commented Apr 5, 2023

Yes. But not before next week.

@kwin kwin force-pushed the feature/enable-forbiddenapis branch from 7e41907 to 0091efa Compare April 11, 2023 17:45
@kwin
Copy link
Member Author

kwin commented May 4, 2023 

[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.MD5 (MD5.java:100)
[ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses default charset]
[ERROR]   in org.apache.jackrabbit.vault.util.LineOutputStream (LineOutputStream.java:36)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrWorkspaceFilter (JcrWorkspaceFilter.java:71)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrWorkspaceFilter (JcrWorkspaceFilter.java:72)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrWorkspaceFilter (JcrWorkspaceFilter.java:184)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.Importer (Importer.java:1141)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.Importer (Importer.java:1144)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.Importer (Importer.java:1172)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.NodeNameComparator (NodeNameComparator.java:35)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.NodeNameComparator (NodeNameComparator.java:36)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:243)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:506)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:540)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:569)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:593)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:973)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:503)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:780)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:794)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:802)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:826)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.spi.impl.jcr20.JackrabbitUserManagement (JackrabbitUserManagement.java:67)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.config.DefaultWorkspaceFilter (DefaultWorkspaceFilter.java:428)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.config.DefaultWorkspaceFilter (DefaultWorkspaceFilter.java:534)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSInstallStateCache (FSInstallStateCache.java:158)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl (JcrPackageManagerImpl.java:335)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl (JcrPackageManagerImpl.java:412)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl (JcrPackageManagerImpl.java:431)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.ExecutionPlanBuilderImpl (ExecutionPlanBuilderImpl.java:115)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.ExecutionPlanBuilderImpl (ExecutionPlanBuilderImpl.java:175)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.impl.io.FileArtifactHandler (FileArtifactHandler.java:344)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.DefaultPackageInfo (DefaultPackageInfo.java:140)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.SubPackageHandling (SubPackageHandling.java:149)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.SubPackageHandling (SubPackageHandling.java:200)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.config.ConfigHelper (ConfigHelper.java:128)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.api.DumpContext (DumpContext.java:49)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.AutoSave (AutoSave.java:172)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.impl.io.CompressionUtil (CompressionUtil.java:116)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.AbstractExporter (AbstractExporter.java:225)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.AbstractExporter (AbstractExporter.java:243)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.SHA1 (SHA1.java:113)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.RepositoryCopier (RepositoryCopier.java:593)
[ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses default charset]
[ERROR]   in org.apache.jackrabbit.vault.util.LineInputStream (LineInputStream.java:34)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.PackagePropertiesImpl (PackagePropertiesImpl.java:156)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.PackagePropertiesImpl (PackagePropertiesImpl.java:281)
[ERROR] Forbidden method invocation: java.time.format.DateTimeFormatter#ofPattern(java.lang.String) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.PackagePropertiesImpl (PackagePropertiesImpl.java:53)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSInstallState (FSInstallState.java:210)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSInstallState (FSInstallState.java:342)
[ERROR] Forbidden method invocation: java.io.PrintWriter#<init>(java.io.OutputStream) [Uses default charset]
[ERROR]   in org.apache.jackrabbit.vault.util.DefaultProgressListener (DefaultProgressListener.java:32)
[ERROR] Forbidden method invocation: java.io.PrintWriter#printf(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.DefaultProgressListener (DefaultProgressListener.java:44)
[ERROR] Forbidden method invocation: java.io.PrintWriter#printf(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.DefaultProgressListener (DefaultProgressListener.java:53)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.impl.io.DocViewImporter (DocViewImporter.java:698)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.JcrPackageRegistry (JcrPackageRegistry.java:620)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.JcrExporter (JcrExporter.java:143)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.JcrExporter (JcrExporter.java:166)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.ActivityLog (ActivityLog.java:53)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.ActivityLog (ActivityLog.java:55)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.ActivityLog (ActivityLog.java:63)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSRegisteredPackage (FSRegisteredPackage.java:100)
[ERROR] Scanned 402 class file(s) for forbidden API invocations (in 1.07s), 59 error(s).

reschke
reschke approved these changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@reschke reschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kwin
Copy link
Member Author

kwin commented Dec 19, 2024

This will break the build, it needs fixing in the same PR. Do you want to pick it up?

@kwin
Copy link
Member Author

kwin commented Dec 22, 2024

One can use @SuppressForbidden for false positives (policeman-tools/forbidden-apis#251).

@kwin kwin force-pushed the feature/enable-forbiddenapis branch from 0091efa to 7ee799b Compare January 3, 2025 16:33
@kwin kwin changed the title Enable forbiddenapis in Maven build JCRVLT-702 Enable forbiddenapis in Maven build Jan 3, 2025
@kwin kwin marked this pull request as ready for review January 3, 2025 16:34
@kwin kwin force-pushed the feature/enable-forbiddenapis branch from 7ee799b to c4cb04e Compare January 3, 2025 16:36
@kwin
Copy link
Member Author

kwin commented Jan 3, 2025

I now refactored all methods relying on the default charset/locale/timezone. Please check again @reschke.

@kwin kwin requested a review from reschke January 3, 2025 16:37
@kwin kwin force-pushed the feature/enable-forbiddenapis branch from c4cb04e to be60864 Compare January 3, 2025 16:57
reschke
reschke reviewed Jan 3, 2025
View reviewed changes
Copy link
Contributor

@reschke reschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we don't need this for String.format, maybe except when formatting floating point numbers?

@kwin
Copy link
Member Author

kwin commented Jan 3, 2025

It is easier to always set it than to exclude some checks. Some other format specifiers are locale specific as well (integer)

@reschke
Copy link
Contributor

reschke commented Jan 3, 2025

Consistency is good, but I also dislike verbosity :-)

@reschke reschke self-requested a review January 3, 2025 18:20
@kwin kwin force-pushed the feature/enable-forbiddenapis branch from be60864 to df446f3 Compare January 3, 2025 19:37
@kwin kwin marked this pull request as draft January 3, 2025 20:36
@kwin kwin force-pushed the feature/enable-forbiddenapis branch from df446f3 to 3720483 Compare January 3, 2025 20:36
@kwin kwin force-pushed the feature/enable-forbiddenapis branch from 3720483 to ba6a927 Compare January 6, 2025 16:14
@kwin kwin marked this pull request as ready for review January 6, 2025 17:04
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@reschke reschke Awaiting requested review from reschke

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kwin @reschke