jackrabbit-filevault icon indicating copy to clipboard operation
jackrabbit-filevault copied to clipboard
verified publisher icon apache

Enable forbiddenapis in Maven build

Open kwin opened this issue 2 years ago • 3 comments

The detects issues like JCRVLT-702

kwin avatar Apr 05 '23 16:04 kwin

@reschke 59 issues to fix. Do you have capacity to take this over?

kwin avatar Apr 05 '23 16:04 kwin

Yes. But not before next week.

reschke avatar Apr 05 '23 16:04 reschke 

[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.MD5 (MD5.java:100)
[ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses default charset]
[ERROR]   in org.apache.jackrabbit.vault.util.LineOutputStream (LineOutputStream.java:36)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrWorkspaceFilter (JcrWorkspaceFilter.java:71)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrWorkspaceFilter (JcrWorkspaceFilter.java:72)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrWorkspaceFilter (JcrWorkspaceFilter.java:184)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.Importer (Importer.java:1141)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.Importer (Importer.java:1144)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.Importer (Importer.java:1172)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.NodeNameComparator (NodeNameComparator.java:35)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.NodeNameComparator (NodeNameComparator.java:36)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:243)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:506)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:540)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:569)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:593)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageDefinitionImpl (JcrPackageDefinitionImpl.java:973)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:503)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:780)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:794)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:802)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl (JcrPackageImpl.java:826)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.spi.impl.jcr20.JackrabbitUserManagement (JackrabbitUserManagement.java:67)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.config.DefaultWorkspaceFilter (DefaultWorkspaceFilter.java:428)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.config.DefaultWorkspaceFilter (DefaultWorkspaceFilter.java:534)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSInstallStateCache (FSInstallStateCache.java:158)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl (JcrPackageManagerImpl.java:335)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl (JcrPackageManagerImpl.java:412)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl (JcrPackageManagerImpl.java:431)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.ExecutionPlanBuilderImpl (ExecutionPlanBuilderImpl.java:115)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.ExecutionPlanBuilderImpl (ExecutionPlanBuilderImpl.java:175)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.impl.io.FileArtifactHandler (FileArtifactHandler.java:344)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.DefaultPackageInfo (DefaultPackageInfo.java:140)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.SubPackageHandling (SubPackageHandling.java:149)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.SubPackageHandling (SubPackageHandling.java:200)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.config.ConfigHelper (ConfigHelper.java:128)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.api.DumpContext (DumpContext.java:49)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.AutoSave (AutoSave.java:172)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.impl.io.CompressionUtil (CompressionUtil.java:116)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.AbstractExporter (AbstractExporter.java:225)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.AbstractExporter (AbstractExporter.java:243)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.SHA1 (SHA1.java:113)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.RepositoryCopier (RepositoryCopier.java:593)
[ERROR] Forbidden method invocation: java.lang.String#getBytes() [Uses default charset]
[ERROR]   in org.apache.jackrabbit.vault.util.LineInputStream (LineInputStream.java:34)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.PackagePropertiesImpl (PackagePropertiesImpl.java:156)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.PackagePropertiesImpl (PackagePropertiesImpl.java:281)
[ERROR] Forbidden method invocation: java.time.format.DateTimeFormatter#ofPattern(java.lang.String) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.PackagePropertiesImpl (PackagePropertiesImpl.java:53)
[ERROR] Forbidden method invocation: java.lang.String#toUpperCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSInstallState (FSInstallState.java:210)
[ERROR] Forbidden method invocation: java.lang.String#toLowerCase() [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSInstallState (FSInstallState.java:342)
[ERROR] Forbidden method invocation: java.io.PrintWriter#<init>(java.io.OutputStream) [Uses default charset]
[ERROR]   in org.apache.jackrabbit.vault.util.DefaultProgressListener (DefaultProgressListener.java:32)
[ERROR] Forbidden method invocation: java.io.PrintWriter#printf(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.DefaultProgressListener (DefaultProgressListener.java:44)
[ERROR] Forbidden method invocation: java.io.PrintWriter#printf(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.util.DefaultProgressListener (DefaultProgressListener.java:53)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.impl.io.DocViewImporter (DocViewImporter.java:698)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.JcrPackageRegistry (JcrPackageRegistry.java:620)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.JcrExporter (JcrExporter.java:143)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.fs.io.JcrExporter (JcrExporter.java:166)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.ActivityLog (ActivityLog.java:53)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.ActivityLog (ActivityLog.java:55)
[ERROR] Forbidden method invocation: java.lang.String#format(java.lang.String,java.lang.Object[]) [Uses default locale]
[ERROR]   in org.apache.jackrabbit.vault.packaging.impl.ActivityLog (ActivityLog.java:63)
[ERROR] Forbidden method invocation: java.util.Calendar#getInstance() [Uses default locale or time zone]
[ERROR]   in org.apache.jackrabbit.vault.packaging.registry.impl.FSRegisteredPackage (FSRegisteredPackage.java:100)
[ERROR] Scanned 402 class file(s) for forbidden API invocations (in 1.07s), 59 error(s).

kwin avatar May 04 '23 08:05 kwin

This will break the build, it needs fixing in the same PR. Do you want to pick it up?

kwin avatar Dec 19 '24 19:12 kwin

One can use @SuppressForbidden for false positives (https://github.com/policeman-tools/forbidden-apis/issues/251).

kwin avatar Dec 22 '24 11:12 kwin

I now refactored all methods relying on the default charset/locale/timezone. Please check again @reschke.

kwin avatar Jan 03 '25 16:01 kwin

It is easier to always set it than to exclude some checks. Some other format specifiers are locale specific as well (integer)

kwin avatar Jan 03 '25 17:01 kwin

Consistency is good, but I also dislike verbosity :-)

reschke avatar Jan 03 '25 18:01 reschke