Add some additional rules for the forbidden-apis-check borrowed from Elasticsearch, also add a separate signature file with more rules for the 'prod' code and fix two newly found issues

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1717689 13f79535-47bb-0310-9956-ffa450edef68
2015-12-02 21:47:52 +00:00 · 2015-12-02 21:47:52 +00:00 · 582ad34811
parent 98ac10e521
commit 582ad34811
5 changed files with 130 additions and 3 deletions
--- a/build.xml
+++ b/build.xml
@ -1811,6 +1811,8 @@ under the License.
        <taskdef name="forbiddenapis" 
                 classname="de.thetaphi.forbiddenapis.ant.AntTask" 
                 classpath="${forbidden.jar}"/>
+
+        <!-- first check rules that apply to all the source code -->
        <forbiddenapis 
                 internalRuntimeForbidden="true" 
                 classpathref="forbiddenapis.classpath"
@ -1838,6 +1840,20 @@ under the License.
            <fileset dir="${excelant.output.test.dir}"/>
            -->
        </forbiddenapis>
+
+        <!-- then check some advanced rules which we only apply to the core code and not tests or examples -->
+        <forbiddenapis 
+                 internalRuntimeForbidden="true" 
+                 classpathref="forbiddenapis.classpath"
+                 suppressAnnotation="org.apache.poi.util.SuppressForbidden"
+            >
+            <signaturesFileset file="src/resources/devtools/forbidden-signatures-prod.txt"/>
+            <!-- sources -->
+            <fileset dir="${main.output.dir}"/>
+            <fileset dir="${ooxml.output.dir}"/>
+            <fileset dir="${scratchpad.output.dir}"/>
+            <fileset dir="${excelant.output.dir}"/>
+        </forbiddenapis>
    </target>

    <target name="findbugs">
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureInfo.java
@ -659,9 +659,9 @@ public class SignatureInfo implements SignatureConfigurable {
     * @param other the reference to wrap, if null
     * @return if other is null, an empty lists is returned, otherwise other is returned
     */
-    @SuppressWarnings("unchecked")
    private static <T> List<T> safe(List<T> other) {
-        return other == null ? Collections.EMPTY_LIST : other;
+        List<T> emptyList = Collections.emptyList();
+        return other == null ? emptyList : other;
    }

    private void brokenJvmWorkaround(XMLSignContext context) {
--- a/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java
+++ b/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/services/TSPTimeStampService.java
@ -29,6 +29,7 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.math.BigInteger;
 import java.net.HttpURLConnection;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Proxy;
 import java.net.URL;
@ -121,7 +122,7 @@ public class TSPTimeStampService implements TimeStampService {
            URL proxyUrl = new URL(signatureConfig.getProxyUrl());
            String host = proxyUrl.getHost();
            int port = proxyUrl.getPort();
-            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, (port == -1 ? 80 : port)));
+            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(InetAddress.getByName(host), (port == -1 ? 80 : port)));
        }
        
        HttpURLConnection huc = (HttpURLConnection)new URL(signatureConfig.getTspUrl()).openConnection(proxy);
--- a/src/resources/devtools/forbidden-signatures-prod.txt
+++ b/src/resources/devtools/forbidden-signatures-prod.txt
@ -0,0 +1,29 @@
+# (C) Copyright Uwe Schindler (Generics Policeman) and others.
+# Parts of this work are licensed to the Apache Software Foundation (ASF)
+# under one or more contributor license agreements.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file contains API signatures which are specific to POI.
+# The goal is to minimize implicit defaults
+
+@defaultMessage POI forbidden APIs which are tolerated in non-production code, e.g. in tests and examples
+
+# We have applications which use this to return error codes on invalid commandline parameters...
+#@defaultMessage Please do not terminate the application
+#java.lang.System#exit(int)
+#java.lang.Runtime#exit(int)
+#java.lang.Runtime#halt(int)
+
+@defaultMessage Please do not try to stop the world
+java.lang.System#gc()
--- a/src/resources/devtools/forbidden-signatures.txt
+++ b/src/resources/devtools/forbidden-signatures.txt
@ -32,3 +32,84 @@ java.lang.reflect.AccessibleObject#setAccessible(boolean) @ Reflection usage fai

 java.text.DecimalFormatSymbols#DecimalFormatSymbols() @ use DecimalFormatSymbols.getInstance()
 java.text.DecimalFormatSymbols#DecimalFormatSymbols(Locale) @ use DecimalFormatSymbols.getInstance()
+
+# the following are taken from the Elasticsearch source at https://github.com/elastic/elasticsearch/tree/master/buildSrc/src/main/resources/forbidden
+
+@defaultMessage Convert to URI
+java.net.URL#getPath()
+java.net.URL#getFile()
+
+@defaultMessage Usage of getLocalHost is discouraged
+java.net.InetAddress#getLocalHost()
+
+@defaultMessage Specify a location for the temp file/directory instead.
+java.nio.file.Files#createTempDirectory(java.lang.String,java.nio.file.attribute.FileAttribute[])
+java.nio.file.Files#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])
+
+@defaultMessage Specify a location for the temp file/directory instead.
+java.nio.file.Files#createTempDirectory(java.lang.String,java.nio.file.attribute.FileAttribute[])
+java.nio.file.Files#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])
+
+@defaultMessage Don't use java serialization - this can break BWC without noticing it
+java.io.ObjectOutputStream
+java.io.ObjectOutput
+java.io.ObjectInputStream
+java.io.ObjectInput
+
+@defaultMessage Resolve hosts explicitly to the address(es) you want with InetAddress.
+java.net.InetSocketAddress#<init>(java.lang.String,int)
+java.net.Socket#<init>(java.lang.String,int)
+java.net.Socket#<init>(java.lang.String,int,java.net.InetAddress,int)
+
+@defaultMessage Don't bind to wildcard addresses. Be specific.
+java.net.DatagramSocket#<init>()
+java.net.DatagramSocket#<init>(int)
+java.net.InetSocketAddress#<init>(int)
+java.net.MulticastSocket#<init>()
+java.net.MulticastSocket#<init>(int)
+java.net.ServerSocket#<init>(int)
+java.net.ServerSocket#<init>(int,int)
+
+@defaultMessage use NetworkAddress format/formatAddress to print IP or IP+ports
+java.net.InetAddress#toString()
+java.net.InetAddress#getHostAddress()
+java.net.Inet4Address#getHostAddress()
+java.net.Inet6Address#getHostAddress()
+java.net.InetSocketAddress#toString()
+
+@defaultMessage avoid DNS lookups by accident: if you have a valid reason, then @SuppressWarnings with that reason so its completely clear
+java.net.InetAddress#getHostName()
+java.net.InetAddress#getCanonicalHostName()
+
+java.net.InetSocketAddress#getHostName() @ Use getHostString() instead, which avoids a DNS lookup
+
+@defaultMessage this method needs special permission
+java.lang.Thread#getAllStackTraces()
+
+@defaultMessage Avoid unchecked warnings by using Collections#empty(List|Map|Set) methods
+java.util.Collections#EMPTY_LIST
+java.util.Collections#EMPTY_MAP
+java.util.Collections#EMPTY_SET
+
+
+@defaultMessage spawns threads with vague names; use a custom thread factory and name threads so that you can tell (by its name) which executor it is associated with
+java.util.concurrent.Executors#newFixedThreadPool(int)
+java.util.concurrent.Executors#newSingleThreadExecutor()
+java.util.concurrent.Executors#newCachedThreadPool()
+java.util.concurrent.Executors#newSingleThreadScheduledExecutor()
+java.util.concurrent.Executors#newScheduledThreadPool(int)
+java.util.concurrent.Executors#defaultThreadFactory()
+java.util.concurrent.Executors#privilegedThreadFactory()
+
+java.lang.Character#codePointBefore(char[],int) @ Implicit start offset is error-prone when the char[] is a buffer and the first chars are random chars
+java.lang.Character#codePointAt(char[],int) @ Implicit end offset is error-prone when the char[] is a buffer and the last chars are random chars
+
+@defaultMessage Only use wait / notify when really needed try to use concurrency primitives, latches or callbacks instead.
+java.lang.Object#wait()
+java.lang.Object#wait(long)
+java.lang.Object#wait(long,int)
+java.lang.Object#notify()
+java.lang.Object#notifyAll()
+
+@defaultMessage Don't interrupt threads use FutureUtils#cancel(Future<T>) instead
+java.util.concurrent.Future#cancel(boolean)