From 7b388a972ce7e5c30cbbaf68e6fe3b1837063ad5 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Thu, 21 Dec 2023 04:30:52 -0700
Subject: [PATCH] Omit spotbugs CT_CONSTRUCTOR_THROWS visitor (#1242)

From https://github.com/jenkinsci/plugin-pom/pull/869#issuecomment-1860918407

> Discussion in spotbugs/spotbugs#2695
> https://wiki.sei.cmu.edu/confluence/display/java/OBJ11-J.+Be+wary+of+letting+constructors+throw+exceptions
> seems to relate to libraries used with SecurityManager which is dead
> and certainly does not apply to Jenkins; we do not expect untrusted code
> to be running inside the controller JVM, and it does not seem plausible
> that finalizer abuse would happen by accident.
---
 pom.xml                                                        | 3 +++
 .../org/jvnet/hudson/plugins/platformlabeler/LsbRelease.java   | 2 --
 .../jvnet/hudson/plugins/platformlabeler/WindowsRelease.java   | 2 --
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index a0e17fa04..a27a40795 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,6 +57,9 @@
     <!-- https://github.com/jenkinsci/plugin-pom/pull/869 -->
     <spotbugs-maven-plugin.version>4.8.2.0</spotbugs-maven-plugin.version>
     <spotbugs.effort>Max</spotbugs.effort>
+    <!-- TODO: Remove when plugin pom includes this omitVisitors -->
+    <!-- https://github.com/jenkinsci/plugin-pom/pull/869 -->
+    <spotbugs.omitVisitors>ConstructorThrow,FindReturnRef</spotbugs.omitVisitors>
     <spotbugs.threshold>Low</spotbugs.threshold>
     <spotless.check.skip>false</spotless.check.skip>
   </properties>
diff --git a/src/main/java/org/jvnet/hudson/plugins/platformlabeler/LsbRelease.java b/src/main/java/org/jvnet/hudson/plugins/platformlabeler/LsbRelease.java
index f2b952784..e5d4bf80b 100644
--- a/src/main/java/org/jvnet/hudson/plugins/platformlabeler/LsbRelease.java
+++ b/src/main/java/org/jvnet/hudson/plugins/platformlabeler/LsbRelease.java
@@ -25,7 +25,6 @@
 package org.jvnet.hudson.plugins.platformlabeler;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -81,7 +80,6 @@ public LsbRelease() {
     }
 
     /** Read file to assign distributor ID and release. Package protected for tests. */
-    @SuppressFBWarnings(value = "CT_CONSTRUCTOR_THROW", justification = "Finalizer attack not viable")
     LsbRelease(@NonNull File lsbReleaseFile) throws IOException {
         Map<String, String> newProps = new HashMap<>();
         try (FileInputStream stream = new FileInputStream(lsbReleaseFile)) {
diff --git a/src/main/java/org/jvnet/hudson/plugins/platformlabeler/WindowsRelease.java b/src/main/java/org/jvnet/hudson/plugins/platformlabeler/WindowsRelease.java
index a720e5032..f2e84beff 100644
--- a/src/main/java/org/jvnet/hudson/plugins/platformlabeler/WindowsRelease.java
+++ b/src/main/java/org/jvnet/hudson/plugins/platformlabeler/WindowsRelease.java
@@ -25,7 +25,6 @@
 package org.jvnet.hudson.plugins.platformlabeler;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -64,7 +63,6 @@ public WindowsRelease() {
     }
 
     /** Read file to assign distributor ID and release. Package protected for tests. */
-    @SuppressFBWarnings(value = "CT_CONSTRUCTOR_THROW", justification = "Finalizer attack not viable")
     WindowsRelease(File windowsReleaseFile) throws IOException {
         Map<String, String> newProps = new HashMap<>();
         try (FileInputStream stream = new FileInputStream(windowsReleaseFile)) {