More Spotbugs fixes

Author: vy

log4j-api-test/src/main/java/org/apache/logging/log4j/test/TestLogger.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.test;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.util.ArrayList;
@@ -58,6 +59,7 @@ public void logMessage(
     }
 
     @Override
+    @SuppressFBWarnings("INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE")
     protected void log(
             final Level level,
             final Marker marker,

log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/DirectoryCleaner.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.test.junit;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
@@ -29,6 +30,7 @@
 
 class DirectoryCleaner extends AbstractFileCleaner {
     @Override
+    @SuppressFBWarnings("PATH_TRAVERSAL_IN")
     Collection<Path> getPathsForTest(final ExtensionContext context) {
         final Collection<Path> paths = new HashSet<>();
         final CleanUpDirectories testClassAnnotation =

log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/FileCleaner.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.test.junit;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -26,6 +27,7 @@
 
 class FileCleaner extends AbstractFileCleaner {
     @Override
+    @SuppressFBWarnings("PATH_TRAVERSAL_IN")
     Collection<Path> getPathsForTest(final ExtensionContext context) {
         final Collection<Path> paths = new HashSet<>();
         final CleanUpFiles testClassAnnotation = context.getRequiredTestClass().getAnnotation(CleanUpFiles.class);

log4j-api-test/src/main/java/org/apache/logging/log4j/test/junit/SerialUtil.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.test.junit;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.ObjectInputStream;
@@ -54,6 +55,7 @@ public static byte[] serialize(final Serializable obj) {
      * @return the deserialized object
      */
     @SuppressWarnings("unchecked")
+    @SuppressFBWarnings("OBJECT_DESERIALIZATION")
     public static <T> T deserialize(final byte[] data) {
         try {
             final ByteArrayInputStream bas = new ByteArrayInputStream(data);

log4j-core-its/pom.xml

@@ -31,6 +31,7 @@
     <bnd.baseline.skip>true</bnd.baseline.skip>
     <maven.deploy.skip>true</maven.deploy.skip>
     <maven.install.skip>true</maven.install.skip>
+    <spotbugs.skip>true</spotbugs.skip>
   </properties>
   <dependencies>
     <dependency>

log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/AvailablePortFinder.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.core.test;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.net.DatagramSocket;
 import java.net.ServerSocket;
@@ -28,6 +29,7 @@
 /**
  * Finds currently available server ports.
  */
+@SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET")
 public final class AvailablePortFinder {
 
     /**

log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/GcFreeLoggingTestUtil.java

@@ -22,6 +22,7 @@
 
 import com.google.monitoring.runtime.instrumentation.AllocationRecorder;
 import com.google.monitoring.runtime.instrumentation.Sampler;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.File;
 import java.net.URL;
 import java.nio.charset.Charset;
@@ -206,6 +207,7 @@ private static void singleLoggingIteration(
         logger.fatal(mapMessage); // LOG4J2-1683
     }
 
+    @SuppressFBWarnings("COMMAND_INJECTION")
     public static void runTest(final Class<?> cls) throws Exception {
         final String javaHome = System.getProperty("java.home");
         final String javaBin = javaHome + File.separator + "bin" + File.separator + "java";

log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/appender/db/jdbc/JdbcH2TestHelper.java

@@ -24,6 +24,7 @@
 import org.apache.logging.log4j.core.appender.db.jdbc.AbstractConnectionSource;
 import org.apache.logging.log4j.core.appender.db.jdbc.ConnectionSource;
 
+@SuppressFBWarnings("HARD_CODE_PASSWORD")
 public class JdbcH2TestHelper {
 
     /**

log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/AbstractExternalFileCleaner.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.core.test.junit;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintStream;
@@ -181,6 +182,7 @@ protected void println(final String msg) {
         }
     }
 
+    @SuppressFBWarnings("INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE")
     protected void printStackTrace(final Throwable t) {
         if (printStream != null) {
             t.printStackTrace(printStream);

log4j-core-test/src/main/java/org/apache/logging/log4j/core/test/junit/JdbcRule.java

@@ -16,6 +16,7 @@
  */
 package org.apache.logging.log4j.core.test.junit;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.sql.Statement;
@@ -33,6 +34,7 @@
  *
  * @since 2.8
  */
+@SuppressFBWarnings("SQL_INJECTION_JDBC")
 public class JdbcRule implements TestRule {
 
     private final ConnectionSource connectionSource;