Moved from findbugs to spotbugs (#120) and addresse new issue discovered by spotbugs

sapessi · sapessi · commit da248d9f9a24 · 2018-02-09T13:29:20.000-08:00
diff --git a/aws-serverless-java-container-core/pom.xml b/aws-serverless-java-container-core/pom.xml
@@ -65,42 +65,12 @@
         </dependency>
     </dependencies>
 
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
-                <configuration>
-                    <!--
-                        Enables analysis which takes more memory but finds more bugs.
-                        If you run out of memory, changes the value of the effort element
-                        to 'low'.
-                    -->
-                    <effort>Max</effort>
-                    <!-- Reports all bugs (other values are medium and max) -->
-                    <threshold>Low</threshold>
-                    <!-- Produces XML report -->
-                    <xmlOutput>true</xmlOutput>
-
-                    <plugins>
-                        <plugin>
-                            <groupId>com.h3xstream.findsecbugs</groupId>
-                            <artifactId>findsecbugs-plugin</artifactId>
-                            <version>1.7.1</version>
-                        </plugin>
-                    </plugins>
-                </configuration>
-            </plugin>
-        </plugins>
-    </reporting>
-
     <build>
         <plugins>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>3.1.1</version>
                 <configuration>
                     <!--
                         Enables analysis which takes more memory but finds more bugs.
@@ -113,7 +83,7 @@
                     <!-- Produces XML report -->
                     <xmlOutput>true</xmlOutput>
                     <!-- Configures the directory in which the XML report is created -->
-                    <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
+                    <spotbugsXmlOutputDirectory>${project.build.directory}/spotbugs</spotbugsXmlOutputDirectory>
 
                     <plugins>
                         <plugin>
@@ -125,7 +95,7 @@
                 </configuration>
                 <executions>
                     <!--
-                        Ensures that FindBugs inspects source code when project is compiled.
+                        Ensures that SpotBug inspects source code when project is compiled.
                     -->
                     <execution>
                         <id>analyze-compile</id>
diff --git a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java
@@ -275,7 +275,7 @@ protected Cookie[] parseCookieHeaderValue(String headerValue) {
 
         return parsedHeaders.stream()
                             .filter(e -> e.getKey() != null)
-                            .map(e -> new Cookie(e.getKey(), e.getValue()))
+                            .map(e -> new Cookie(SecurityUtils.crlf(e.getKey()), SecurityUtils.crlf(e.getValue())))
                             .toArray(Cookie[]::new);
     }
 
@@ -304,7 +304,7 @@ protected String generateQueryString(Map<String, String> parameters) {
                             newValue = URLEncoder.encode(newValue, StandardCharsets.UTF_8.name());
                         }
                     } catch (UnsupportedEncodingException e) {
-                        log.error("Could not URLEncode: " + newKey, e);
+                        log.error(SecurityUtils.crlf("Could not URLEncode: " + newKey), e);
 
                     }
                     return newKey + "=" + newValue;
diff --git a/aws-serverless-java-container-jersey/pom.xml b/aws-serverless-java-container-jersey/pom.xml
@@ -70,42 +70,12 @@
 
     </dependencies>
 
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
-                <configuration>
-                    <!--
-                        Enables analysis which takes more memory but finds more bugs.
-                        If you run out of memory, changes the value of the effort element
-                        to 'low'.
-                    -->
-                    <effort>Max</effort>
-                    <!-- Reports all bugs (other values are medium and max) -->
-                    <threshold>Low</threshold>
-                    <!-- Produces XML report -->
-                    <xmlOutput>true</xmlOutput>
-
-                    <plugins>
-                        <plugin>
-                            <groupId>com.h3xstream.findsecbugs</groupId>
-                            <artifactId>findsecbugs-plugin</artifactId>
-                            <version>1.7.1</version>
-                        </plugin>
-                    </plugins>
-                </configuration>
-            </plugin>
-        </plugins>
-    </reporting>
-
     <build>
         <plugins>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>3.1.1</version>
                 <configuration>
                     <!--
                         Enables analysis which takes more memory but finds more bugs.
@@ -118,7 +88,7 @@
                     <!-- Produces XML report -->
                     <xmlOutput>true</xmlOutput>
                     <!-- Configures the directory in which the XML report is created -->
-                    <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
+                    <spotbugsXmlOutputDirectory>${project.build.directory}/spotbugs</spotbugsXmlOutputDirectory>
 
                     <plugins>
                         <plugin>
@@ -130,7 +100,7 @@
                 </configuration>
                 <executions>
                     <!--
-                        Ensures that FindBugs inspects source code when project is compiled.
+                        Ensures that SpotBug inspects source code when project is compiled.
                     -->
                     <execution>
                         <id>analyze-compile</id>
diff --git a/aws-serverless-java-container-spark/pom.xml b/aws-serverless-java-container-spark/pom.xml
@@ -41,36 +41,6 @@
         </dependency>
     </dependencies>
 
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
-                <configuration>
-                    <!--
-                        Enables analysis which takes more memory but finds more bugs.
-                        If you run out of memory, changes the value of the effort element
-                        to 'low'.
-                    -->
-                    <effort>Max</effort>
-                    <!-- Reports all bugs (other values are medium and max) -->
-                    <threshold>Low</threshold>
-                    <!-- Produces XML report -->
-                    <xmlOutput>true</xmlOutput>
-
-                    <plugins>
-                        <plugin>
-                            <groupId>com.h3xstream.findsecbugs</groupId>
-                            <artifactId>findsecbugs-plugin</artifactId>
-                            <version>1.7.1</version>
-                        </plugin>
-                    </plugins>
-                </configuration>
-            </plugin>
-        </plugins>
-    </reporting>
-
     <build>
         <plugins>
             <!-- fork JVM before each spring test to make sure we have a clean context -->
@@ -83,9 +53,9 @@
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>3.1.1</version>
                 <configuration>
                     <!--
                         Enables analysis which takes more memory but finds more bugs.
@@ -98,7 +68,7 @@
                     <!-- Produces XML report -->
                     <xmlOutput>true</xmlOutput>
                     <!-- Configures the directory in which the XML report is created -->
-                    <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
+                    <spotbugsXmlOutputDirectory>${project.build.directory}/spotbugs</spotbugsXmlOutputDirectory>
 
                     <plugins>
                         <plugin>
@@ -110,7 +80,7 @@
                 </configuration>
                 <executions>
                     <!--
-                        Ensures that FindBugs inspects source code when project is compiled.
+                        Ensures that SpotBug inspects source code when project is compiled.
                     -->
                     <execution>
                         <id>analyze-compile</id>
diff --git a/aws-serverless-java-container-spring/pom.xml b/aws-serverless-java-container-spring/pom.xml
@@ -146,36 +146,6 @@
         </dependency>
     </dependencies>
 
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
-                <configuration>
-                    <!--
-                        Enables analysis which takes more memory but finds more bugs.
-                        If you run out of memory, changes the value of the effort element
-                        to 'low'.
-                    -->
-                    <effort>Max</effort>
-                    <!-- Reports all bugs (other values are medium and max) -->
-                    <threshold>Low</threshold>
-                    <!-- Produces XML report -->
-                    <xmlOutput>true</xmlOutput>
-
-                    <plugins>
-                        <plugin>
-                            <groupId>com.h3xstream.findsecbugs</groupId>
-                            <artifactId>findsecbugs-plugin</artifactId>
-                            <version>1.7.1</version>
-                        </plugin>
-                    </plugins>
-                </configuration>
-            </plugin>
-        </plugins>
-    </reporting>
-
     <build>
         <plugins>
             <!-- fork JVM before each spring test to make sure we have a clean context -->
@@ -188,9 +158,9 @@
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.5</version>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>3.1.1</version>
                 <configuration>
                     <!--
                         Enables analysis which takes more memory but finds more bugs.
@@ -203,7 +173,7 @@
                     <!-- Produces XML report -->
                     <xmlOutput>true</xmlOutput>
                     <!-- Configures the directory in which the XML report is created -->
-                    <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
+                    <spotbugsXmlOutputDirectory>${project.build.directory}/spotbugs</spotbugsXmlOutputDirectory>
 
                     <plugins>
                         <plugin>
@@ -215,7 +185,7 @@
                 </configuration>
                 <executions>
                     <!--
-                        Ensures that FindBugs inspects source code when project is compiled.
+                        Ensures that SpotBug inspects source code when project is compiled.
                     -->
                     <execution>
                         <id>analyze-compile</id>

Original file line number	Diff line number	Diff line change
`@@ -275,7 +275,7 @@ protected Cookie[] parseCookieHeaderValue(String headerValue) {`
`275`	`275`
`276`	`276`	`return parsedHeaders.stream()`
`277`	`277`	`.filter(e -> e.getKey() != null)`
`278`		`- .map(e -> new Cookie(e.getKey(), e.getValue()))`
	`278`	`+ .map(e -> new Cookie(SecurityUtils.crlf(e.getKey()), SecurityUtils.crlf(e.getValue())))`
`279`	`279`	`.toArray(Cookie[]::new);`
`280`	`280`	`}`
`281`	`281`
`@@ -304,7 +304,7 @@ protected String generateQueryString(Map<String, String> parameters) {`
`304`	`304`	`newValue = URLEncoder.encode(newValue, StandardCharsets.UTF_8.name());`
`305`	`305`	`}`
`306`	`306`	`} catch (UnsupportedEncodingException e) {`
`307`		`- log.error("Could not URLEncode: " + newKey, e);`
	`307`	`+ log.error(SecurityUtils.crlf("Could not URLEncode: " + newKey), e);`
`308`	`308`
`309`	`309`	`}`
`310`	`310`	`return newKey + "=" + newValue;`