Improve dictionary processing: fix critical bugs and enhance null-safety (#2958)

* Improve dictionary processing code quality and fix critical bugs

This commit addresses multiple code quality issues and critical bugs in the dictionary processing implementation:

**Critical Bug Fixes (P0):**
- Fix PagingList.removeAll() logic error: method was calling retainAll() instead of removeAll()
- Fix resource leaks in all 6 Updater constructors: FileOutputStream not properly closed on error
- Fix CharMappingItem.equals(): remove state mutation (calling sort()) and add null safety

**High Priority Improvements (P1):**
- Add null-safe equals/hashCode in StopwordsItem and ProtwordsItem using Objects.equals()
- Add defensive copying for exposed mutable arrays in CharMappingItem and SynonymItem getters

**Files Modified:**
- DictionaryFile.java: Fixed removeAll() bug
- CharMappingFile.java, KuromojiFile.java, ProtwordsFile.java, StemmerOverrideFile.java, StopwordsFile.java, SynonymFile.java: Fixed resource leaks
- CharMappingItem.java: Fixed equals(), added defensive copying
- StopwordsItem.java, ProtwordsItem.java: Null-safe equals/hashCode
- SynonymItem.java: Added defensive copying

These improvements enhance robustness, prevent potential NPEs and resource leaks, and follow security best practices.

* Fix and enhance dictionary Item tests for null-safe implementations

Updated tests to align with null-safe equals/hashCode implementations:

**Test Fixes:**
- ProtwordsItemTest: Fixed test_hashCode_withNullInput and test_equals_withNullInput to expect null-safe behavior instead of NullPointerException
- StopwordsItemTest: Added test_hashCode_withNullInput and test_equals_withNullInput for comprehensive null handling coverage
- CharMappingItemTest: Added test_hashCode_withNullOutput and test_equals_withNullOutput for null output scenarios

**Test Enhancements:**
- SynonymItemTest: Added 5 defensive copy tests to verify immutability of returned arrays
- CharMappingItemTest: Added 3 defensive copy tests for inputs and newInputs arrays

**Files Modified:**
- ProtwordsItemTest.java: Updated 2 null-related tests
- StopwordsItemTest.java: Added 2 new null-safe tests
- CharMappingItemTest.java: Added 5 new tests (2 null tests + 3 defensive copy tests)
- SynonymItemTest.java: Added 5 defensive copy tests

These tests ensure the null-safe implementations work correctly and verify that defensive copying prevents external modification of internal state.

* Fix CharMappingItemTest to use assertArrayEquals for defensive copy

Changed test_constructor_withIdZero to use assertArrayEquals instead of assertSame
since getNewInputs() now returns a defensive copy (clone) of the array rather than
the original array reference. This is the correct behavior for encapsulation and
security, and the test should verify content equality, not reference equality.

* Add missing assertArrayEquals import to CharMappingItemTest

Added static import for org.junit.Assert.assertArrayEquals to fix compilation
error when using assertArrayEquals method in test_constructor_withIdZero.

---------

Co-authored-by: Claude <[email protected]>

Author: marevol

src/main/java/org/codelibs/fess/dict/DictionaryFile.java

@@ -256,7 +256,7 @@ public boolean addAll(final int index, final Collection<? extends E> c) {
 
         @Override
         public boolean removeAll(final Collection<?> c) {
-            return parent.retainAll(c);
+            return parent.removeAll(c);
         }
 
         @Override

src/main/java/org/codelibs/fess/dict/kuromoji/KuromojiFile.java

@@ -252,10 +252,20 @@ protected class KuromojiUpdater implements Closeable {
          * @param newItem The new item to be added or updated.
          */
         protected KuromojiUpdater(final KuromojiItem newItem) {
+            FileOutputStream fos = null;
             try {
                 newFile = ComponentUtil.getSystemHelper().createTempFile(KUROMOJI, ".txt");
-                writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(newFile), Constants.UTF_8));
+                fos = new FileOutputStream(newFile);
+                writer = new BufferedWriter(new OutputStreamWriter(fos, Constants.UTF_8));
+                fos = null; // Successfully wrapped, no need to close explicitly
             } catch (final Exception e) {
+                if (fos != null) {
+                    try {
+                        fos.close();
+                    } catch (final IOException ioe) {
+                        // Ignore close exception
+                    }
+                }
                 if (newFile != null) {
                     newFile.delete();
                 }

src/main/java/org/codelibs/fess/dict/mapping/CharMappingFile.java

@@ -321,10 +321,20 @@ protected class MappingUpdater implements Closeable {
          * @param newItem the character mapping item to update, or null for read-only operations
          */
         protected MappingUpdater(final CharMappingItem newItem) {
+            FileOutputStream fos = null;
             try {
                 newFile = ComponentUtil.getSystemHelper().createTempFile(MAPPING, ".txt");
-                writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(newFile), Constants.UTF_8));
+                fos = new FileOutputStream(newFile);
+                writer = new BufferedWriter(new OutputStreamWriter(fos, Constants.UTF_8));
+                fos = null; // Successfully wrapped, no need to close explicitly
             } catch (final Exception e) {
+                if (fos != null) {
+                    try {
+                        fos.close();
+                    } catch (final IOException ioe) {
+                        // Ignore close exception
+                    }
+                }
                 if (newFile != null) {
                     newFile.delete();
                 }

src/main/java/org/codelibs/fess/dict/mapping/CharMappingItem.java

@@ -77,11 +77,12 @@ public CharMappingItem(final long id, final String[] inputs, final String output
 
     /**
      * Returns the array of new input character sequences for update operations.
+     * Returns a defensive copy to prevent external modification.
      *
-     * @return array of new input sequences, or null if no updates are pending
+     * @return array of new input sequences (defensive copy), or null if no updates are pending
      */
     public String[] getNewInputs() {
-        return newInputs;
+        return newInputs == null ? null : newInputs.clone();
     }
 
     /**
@@ -114,11 +115,12 @@ public void setNewOutput(final String newOutput) {
 
     /**
      * Returns the array of input character sequences that are mapped to the output.
+     * Returns a defensive copy to prevent external modification.
      *
-     * @return array of input sequences
+     * @return array of input sequences (defensive copy)
      */
     public String[] getInputs() {
-        return inputs;
+        return inputs == null ? null : inputs.clone();
     }
 
     /**
@@ -188,6 +190,7 @@ public int hashCode() {
     /**
      * Compares this CharMappingItem with another object for equality.
      * Two CharMappingItem objects are equal if they have the same inputs and output.
+     * Note: inputs arrays are sorted in the constructor, so no sorting is needed here.
      *
      * @param obj the object to compare with
      * @return true if the objects are equal, false otherwise
@@ -201,12 +204,10 @@ public boolean equals(final Object obj) {
             return false;
         }
         final CharMappingItem other = (CharMappingItem) obj;
-        sort();
-        other.sort();
-        if (!Arrays.equals(inputs, other.inputs) || !output.equals(other.getOutput())) {
+        if (!Arrays.equals(inputs, other.inputs)) {
             return false;
         }
-        return true;
+        return Objects.equals(output, other.output);
     }
 
     /**

src/main/java/org/codelibs/fess/dict/protwords/ProtwordsFile.java

@@ -247,10 +247,20 @@ protected class ProtwordsUpdater implements Closeable {
          * @param newItem the item to be updated
          */
         protected ProtwordsUpdater(final ProtwordsItem newItem) {
+            FileOutputStream fos = null;
             try {
                 newFile = ComponentUtil.getSystemHelper().createTempFile(PROTWORDS, ".txt");
-                writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(newFile), Constants.UTF_8));
+                fos = new FileOutputStream(newFile);
+                writer = new BufferedWriter(new OutputStreamWriter(fos, Constants.UTF_8));
+                fos = null; // Successfully wrapped, no need to close explicitly
             } catch (final Exception e) {
+                if (fos != null) {
+                    try {
+                        fos.close();
+                    } catch (final IOException ioe) {
+                        // Ignore close exception
+                    }
+                }
                 if (newFile != null) {
                     newFile.delete();
                 }

src/main/java/org/codelibs/fess/dict/protwords/ProtwordsItem.java

@@ -96,9 +96,7 @@ public boolean isDeleted() {
 
     @Override
     public int hashCode() {
-        final int prime = 31;
-        final int result = 1;
-        return prime * result + input.hashCode();
+        return java.util.Objects.hashCode(input);
     }
 
     @Override
@@ -110,10 +108,7 @@ public boolean equals(final Object obj) {
             return false;
         }
         final ProtwordsItem other = (ProtwordsItem) obj;
-        if (!input.equals(other.input)) {
-            return false;
-        }
-        return true;
+        return java.util.Objects.equals(input, other.input);
     }
 
     @Override

src/main/java/org/codelibs/fess/dict/stemmeroverride/StemmerOverrideFile.java

@@ -276,10 +276,20 @@ protected class StemmerOverrideUpdater implements Closeable {
          * @throws DictionaryException if the temporary file cannot be created.
          */
         protected StemmerOverrideUpdater(final StemmerOverrideItem newItem) {
+            FileOutputStream fos = null;
             try {
                 newFile = ComponentUtil.getSystemHelper().createTempFile(STEMMER_OVERRIDE, ".txt");
-                writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(newFile), Constants.UTF_8));
+                fos = new FileOutputStream(newFile);
+                writer = new BufferedWriter(new OutputStreamWriter(fos, Constants.UTF_8));
+                fos = null; // Successfully wrapped, no need to close explicitly
             } catch (final Exception e) {
+                if (fos != null) {
+                    try {
+                        fos.close();
+                    } catch (final IOException ioe) {
+                        // Ignore close exception
+                    }
+                }
                 if (newFile != null) {
                     newFile.delete();
                 }

src/main/java/org/codelibs/fess/dict/stopwords/StopwordsFile.java

@@ -263,10 +263,20 @@ protected class StopwordsUpdater implements Closeable {
          * @throws DictionaryException if the temporary file cannot be created.
          */
         protected StopwordsUpdater(final StopwordsItem newItem) {
+            FileOutputStream fos = null;
             try {
                 newFile = ComponentUtil.getSystemHelper().createTempFile(STOPWORDS, ".txt");
-                writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(newFile), Constants.UTF_8));
+                fos = new FileOutputStream(newFile);
+                writer = new BufferedWriter(new OutputStreamWriter(fos, Constants.UTF_8));
+                fos = null; // Successfully wrapped, no need to close explicitly
             } catch (final Exception e) {
+                if (fos != null) {
+                    try {
+                        fos.close();
+                    } catch (final IOException ioe) {
+                        // Ignore close exception
+                    }
+                }
                 if (newFile != null) {
                     newFile.delete();
                 }

src/main/java/org/codelibs/fess/dict/stopwords/StopwordsItem.java

@@ -105,9 +105,7 @@ public boolean isDeleted() {
 
     @Override
     public int hashCode() {
-        final int prime = 31;
-        final int result = 1;
-        return prime * result + input.hashCode();
+        return java.util.Objects.hashCode(input);
     }
 
     @Override
@@ -119,10 +117,7 @@ public boolean equals(final Object obj) {
             return false;
         }
         final StopwordsItem other = (StopwordsItem) obj;
-        if (!input.equals(other.input)) {
-            return false;
-        }
-        return true;
+        return java.util.Objects.equals(input, other.input);
     }
 
     @Override

src/main/java/org/codelibs/fess/dict/synonym/SynonymFile.java

@@ -340,10 +340,20 @@ protected class SynonymUpdater implements Closeable {
          * @throws DictionaryException if the temporary file cannot be created.
          */
         protected SynonymUpdater(final SynonymItem newItem) {
+            FileOutputStream fos = null;
             try {
                 newFile = ComponentUtil.getSystemHelper().createTempFile(SYNONYM, ".txt");
-                writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(newFile), Constants.UTF_8));
+                fos = new FileOutputStream(newFile);
+                writer = new BufferedWriter(new OutputStreamWriter(fos, Constants.UTF_8));
+                fos = null; // Successfully wrapped, no need to close explicitly
             } catch (final Exception e) {
+                if (fos != null) {
+                    try {
+                        fos.close();
+                    } catch (final IOException ioe) {
+                        // Ignore close exception
+                    }
+                }
                 if (newFile != null) {
                     newFile.delete();
                 }