diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFServerSocket.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFServerSocket.java index 2b2ba2012..881d185cf 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFServerSocket.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFServerSocket.java @@ -44,6 +44,7 @@ * @author Christian Kohlschütter */ @SuppressWarnings({"PMD.CyclomaticComplexity", "PMD.CouplingBetweenObjects"}) +@SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET") public abstract class AFServerSocket extends ServerSocket implements AFSomeSocketThing { private final AFSocketImpl implementation; diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocket.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocket.java index ed4da9b9d..ed2a187cf 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocket.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocket.java @@ -68,7 +68,7 @@ public abstract class AFSocket extends Socket impleme * @param afh The conversion helper to get a socket address from an encoded hostname. * @throws SocketException on error. */ - @SuppressFBWarnings("CT_CONSTRUCTOR_THROW") + @SuppressFBWarnings({"CT_CONSTRUCTOR_THROW", "UNENCRYPTED_SOCKET"}) protected AFSocket(final AFSocketImpl impl, AFSocketAddressFromHostname afh) throws SocketException { super(impl); diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketAddress.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketAddress.java index 989a78176..41ab4757f 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketAddress.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketAddress.java @@ -194,6 +194,7 @@ private static void initAFSocketAddress(AFSocketAddress addr, int port, * @return The new instance. * @throws SocketException on error. */ + @SuppressFBWarnings("OBJECT_DESERIALIZATION") // we craft the serialized data protected static A newDeserializedAFSocketAddress(int port, final byte[] socketAddress, Lease nativeAddress, AFAddressFamily af, AFSocketAddressConstructor constructor) throws SocketException { diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketFactory.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketFactory.java index dd7d38bb7..ceb9bad6f 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketFactory.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFSocketFactory.java @@ -26,6 +26,8 @@ import javax.net.SocketFactory; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * The base for a SocketFactory that connects to UNIX sockets. * @@ -35,6 +37,7 @@ * @see AFUNIXSocketFactory * @param The supported address type. */ +@SuppressFBWarnings("UNENCRYPTED_SOCKET") public abstract class AFSocketFactory extends SocketFactory implements AFSocketAddressFromHostname { @@ -77,6 +80,7 @@ protected final boolean isInetAddressSupported(InetAddress address) { protected abstract Socket connectTo(A addr) throws IOException; @SuppressWarnings("unchecked") + @SuppressFBWarnings("UNENCRYPTED_SOCKET") private Socket connectTo(SocketAddress addr) throws IOException { if (AFSocketAddress.canMap(addr, socketAddressClass)) { return connectTo((A) AFSocketAddress.mapOrFail(addr, socketAddressClass)); diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFTIPCSocketAddress.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFTIPCSocketAddress.java index 6726630c7..2d7e868a6 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFTIPCSocketAddress.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFTIPCSocketAddress.java @@ -39,6 +39,8 @@ import org.eclipse.jdt.annotation.NonNullByDefault; import org.newsclub.net.unix.pool.ObjectPool.Lease; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * An {@link AFSocketAddress} for TIPC sockets. * @@ -110,6 +112,7 @@ * * @author Christian Kohlschütter (documentation credits to Jon Maloy and the TIPC team). */ +@SuppressFBWarnings("REDOS") public final class AFTIPCSocketAddress extends AFSocketAddress { private static final long serialVersionUID = 1L; // do not change! diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketAddress.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketAddress.java index 8b1d073bf..40a16f3bf 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketAddress.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketAddress.java @@ -39,6 +39,8 @@ import org.eclipse.jdt.annotation.NonNull; import org.newsclub.net.unix.pool.ObjectPool.Lease; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * Describes an {@link InetSocketAddress} that actually uses AF_UNIX sockets instead of AF_INET. * @@ -48,6 +50,7 @@ * @author Christian Kohlschütter */ @SuppressWarnings("PMD.ShortMethodName") +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public final class AFUNIXSocketAddress extends AFSocketAddress { private static final long serialVersionUID = 1L; // do not change! diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketFactory.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketFactory.java index 3dde06a04..e76ce4e0a 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketFactory.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFUNIXSocketFactory.java @@ -26,6 +26,8 @@ import javax.net.SocketFactory; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * The base for a SocketFactory that connects to UNIX sockets. * @@ -59,6 +61,7 @@ protected AFUNIXSocket connectTo(AFUNIXSocketAddress addr) throws IOException { * system property "org.newsclub.net.unix.socket.hostname"), forwarding all other * requests to the fallback {@link SocketFactory}. */ + @SuppressFBWarnings("PATH_TRAVERSAL_IN") private abstract static class DefaultSocketHostnameSocketFactory extends AFUNIXSocketFactory { private static final String PROP_SOCKET_HOSTNAME = "org.newsclub.net.unix.socket.hostname"; @@ -89,6 +92,7 @@ private static String getDefaultSocketHostname() { * This is particularly useful for JDBC drivers that take a "socketFactory" and a * "socketFactoryArg". The latter will be passed as a constructor argument. */ + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static final class FactoryArg extends DefaultSocketHostnameSocketFactory { private final File socketFile; @@ -133,6 +137,7 @@ public AFUNIXSocketAddress addressFromHost(String host, int port) throws SocketE * NOTE: While it is technically possible, it is highly discouraged to programmatically change the * value of the property as it can lead to concurrency issues and undefined behavior. */ + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static final class SystemProperty extends DefaultSocketHostnameSocketFactory { private static final String PROP_SOCKET_DEFAULT = "org.newsclub.net.unix.socket.default"; @@ -167,6 +172,7 @@ public AFUNIXSocketAddress addressFromHost(String host, int port) throws SocketE * encoded and without the closing bracket. Since this is an invalid hostname, it will not trigger * a DNS lookup, but can still be used within a JDBC Connection URL. */ + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static final class URIScheme extends AFUNIXSocketFactory { private static final String FILE_SCHEME_PREFIX = "file://"; private static final String FILE_SCHEME_PREFIX_ENCODED = "file%"; diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFVSOCKSocketAddress.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFVSOCKSocketAddress.java index 18a2fcefb..13fcb7044 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/AFVSOCKSocketAddress.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/AFVSOCKSocketAddress.java @@ -35,11 +35,14 @@ import org.newsclub.net.unix.pool.ObjectPool.Lease; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * An {@link AFSocketAddress} for VSOCK sockets. * * @author Christian Kohlschütter */ +@SuppressFBWarnings("REDOS") public final class AFVSOCKSocketAddress extends AFSocketAddress { private static final long serialVersionUID = 1L; // do not change! diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/HostAndPort.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/HostAndPort.java index c3b0d7c76..48caa8fb5 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/HostAndPort.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/HostAndPort.java @@ -26,11 +26,14 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * Hostname and port. * * @author Christian Kohlschütter */ +@SuppressFBWarnings("REDOS") public final class HostAndPort { private static final Pattern PAT_HOST_AND_PORT = Pattern.compile( "^//((?[^/\\@]*)\\@)?(?[^/\\:]+)(?:\\:(?[0-9]+))?"); diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/NativeLibraryLoader.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/NativeLibraryLoader.java index fb681e3d6..3d2183d1d 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/NativeLibraryLoader.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/NativeLibraryLoader.java @@ -35,7 +35,7 @@ import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; -@SuppressFBWarnings("RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE") +@SuppressFBWarnings({"RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE", "PATH_TRAVERSAL_IN"}) final class NativeLibraryLoader implements Closeable { private static final String PROP_LIBRARY_DISABLE = "org.newsclub.net.unix.library.disable"; private static final String PROP_LIBRARY_OVERRIDE = "org.newsclub.net.unix.library.override"; @@ -210,6 +210,7 @@ private void deleteLibTmpDelFiles(File libDir) { @Override @SuppressWarnings("PMD.CognitiveComplexity") + @SuppressFBWarnings("URLCONNECTION_SSRF_FD") synchronized String load() throws IOException, LinkageError { if (libraryNameAndVersion == null) { return null; diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/RAFChannelProvider.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/RAFChannelProvider.java index 7173020de..0cfa7080a 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/RAFChannelProvider.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/RAFChannelProvider.java @@ -25,11 +25,14 @@ import java.util.UUID; import java.util.concurrent.atomic.AtomicBoolean; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * Hack to get a readable AND writable {@link FileChannel} for a {@link FileDescriptor}. * * @author Christian Kohlschütter */ +@SuppressFBWarnings("PATH_TRAVERSAL_IN") final class RAFChannelProvider extends RandomAccessFile implements FileDescriptorAccess { private static final File DEV_NULL = new File("/dev/null"); diff --git a/junixsocket-common/src/main/java/org/newsclub/net/unix/SocketAddressUtil.java b/junixsocket-common/src/main/java/org/newsclub/net/unix/SocketAddressUtil.java index de27979b4..d9694ff1f 100644 --- a/junixsocket-common/src/main/java/org/newsclub/net/unix/SocketAddressUtil.java +++ b/junixsocket-common/src/main/java/org/newsclub/net/unix/SocketAddressUtil.java @@ -23,12 +23,15 @@ import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * {@link SocketAddress}-related helper methods. * * @author Christian Kohlschütter */ @IgnoreJRERequirement // see src/main/java15 +@SuppressFBWarnings("PATH_TRAVERSAL_IN") final class SocketAddressUtil { private SocketAddressUtil() { throw new IllegalStateException("No instances"); diff --git a/junixsocket-common/src/test/java/org/newsclub/net/unix/AFUNIXSocketAddressTest.java b/junixsocket-common/src/test/java/org/newsclub/net/unix/AFUNIXSocketAddressTest.java index cb11c834a..0522c6e6b 100644 --- a/junixsocket-common/src/test/java/org/newsclub/net/unix/AFUNIXSocketAddressTest.java +++ b/junixsocket-common/src/test/java/org/newsclub/net/unix/AFUNIXSocketAddressTest.java @@ -38,7 +38,7 @@ import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; import com.kohlschutter.testutil.AssertUtil; -@SuppressFBWarnings("DMI_HARDCODED_ABSOLUTE_FILENAME") +@SuppressFBWarnings({"DMI_HARDCODED_ABSOLUTE_FILENAME", "OBJECT_DESERIALIZATION"}) public class AFUNIXSocketAddressTest { @Test diff --git a/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketChannelTest.java b/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketChannelTest.java index 6e238f82e..b3f4ba02f 100644 --- a/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketChannelTest.java +++ b/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketChannelTest.java @@ -45,10 +45,12 @@ import org.junit.jupiter.api.Test; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; import com.kohlschutter.testutil.TestAbortedWithImportantMessageException; import com.kohlschutter.testutil.TestAbortedWithImportantMessageException.MessageType; import com.kohlschutter.testutil.TestAsyncUtil; +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public abstract class SocketChannelTest extends SocketTestBase { protected SocketChannelTest(AddressSpecifics asp) { super(asp); diff --git a/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketTestBase.java b/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketTestBase.java index 3f20ce40a..8b55c344b 100644 --- a/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketTestBase.java +++ b/junixsocket-common/src/test/java/org/newsclub/net/unix/SocketTestBase.java @@ -65,7 +65,8 @@ */ @SuppressWarnings({"PMD.AbstractClassWithoutAbstractMethod", "PMD.CouplingBetweenObjects"}) @SuppressFBWarnings({ - "THROWS_METHOD_THROWS_CLAUSE_THROWABLE", "THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION"}) + "THROWS_METHOD_THROWS_CLAUSE_THROWABLE", "THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION", + "PREDICTABLE_RANDOM"}) public abstract class SocketTestBase { // NOTE: needs to be public for // junit diff --git a/junixsocket-common/src/test/java/org/newsclub/net/unix/java/JavaAddressSpecifics.java b/junixsocket-common/src/test/java/org/newsclub/net/unix/java/JavaAddressSpecifics.java index 61946f42e..ef85844b6 100644 --- a/junixsocket-common/src/test/java/org/newsclub/net/unix/java/JavaAddressSpecifics.java +++ b/junixsocket-common/src/test/java/org/newsclub/net/unix/java/JavaAddressSpecifics.java @@ -35,6 +35,9 @@ import org.newsclub.net.unix.CloseablePair; import org.opentest4j.TestAbortedException; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + +@SuppressFBWarnings({"UNENCRYPTED_SERVER_SOCKET", "UNENCRYPTED_SOCKET"}) public final class JavaAddressSpecifics implements AddressSpecifics { public static final AddressSpecifics INSTANCE = new JavaAddressSpecifics(); diff --git a/junixsocket-common/src/test/java/org/newsclub/net/unix/jep380/SocketChannelTest.java b/junixsocket-common/src/test/java/org/newsclub/net/unix/jep380/SocketChannelTest.java index a082353a5..ab9f7a87f 100644 --- a/junixsocket-common/src/test/java/org/newsclub/net/unix/jep380/SocketChannelTest.java +++ b/junixsocket-common/src/test/java/org/newsclub/net/unix/jep380/SocketChannelTest.java @@ -33,7 +33,7 @@ @AFSocketCapabilityRequirement(AFSocketCapability.CAPABILITY_UNIX_DOMAIN) @AvailabilityRequirement(classes = "java.net.UnixDomainSocketAddress", // message = "This test requires Java 16 or later") -@SuppressFBWarnings("NM_SAME_SIMPLE_NAME_AS_SUPERCLASS") +@SuppressFBWarnings({"NM_SAME_SIMPLE_NAME_AS_SUPERCLASS", "PATH_TRAVERSAL_IN"}) public final class SocketChannelTest extends org.newsclub.net.unix.SocketChannelTest { diff --git a/junixsocket-darwin/src/test/java/org/newsclub/net/unix/darwin/system/UtunTest.java b/junixsocket-darwin/src/test/java/org/newsclub/net/unix/darwin/system/UtunTest.java index d6fc6711c..ba4b281e4 100644 --- a/junixsocket-darwin/src/test/java/org/newsclub/net/unix/darwin/system/UtunTest.java +++ b/junixsocket-darwin/src/test/java/org/newsclub/net/unix/darwin/system/UtunTest.java @@ -42,6 +42,7 @@ import org.newsclub.net.unix.AFSocketCapability; import org.newsclub.net.unix.AFSocketCapabilityRequirement; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; import com.kohlschutter.testutil.ExecutionEnvironmentRequirement; import com.kohlschutter.testutil.ExecutionEnvironmentRequirement.Rule; @@ -54,6 +55,7 @@ * @author Christian Kohlschütter */ @SuppressWarnings("PMD.AvoidUsingHardCodedIP") +@SuppressFBWarnings("COMMAND_INJECTION") public class UtunTest { private static final Inet4Address UTUN_SRC_IP; private static final Inet4Address UTUN_DST_IP; diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/DemoHelper.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/DemoHelper.java index 7b9371bb2..66b03d560 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/DemoHelper.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/DemoHelper.java @@ -32,10 +32,12 @@ import org.newsclub.net.unix.AFUNIXSocketAddress; import com.kohlschutter.annotations.compiletime.ExcludeFromCodeCoverageGeneratedReport; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; /** * Just a helper class to simplify controlling the demo from the command line. */ +@SuppressFBWarnings({"UNENCRYPTED_SOCKET", "PATH_TRAVERSAL_IN"}) public final class DemoHelper { @ExcludeFromCodeCoverageGeneratedReport(reason = "unreachable") private DemoHelper() { @@ -194,6 +196,7 @@ public static Socket connectSocket(SocketAddress socketAddress) throws IOExcepti } } + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static SocketAddress parseAddress(String[] args, SocketAddress defaultAddress) throws IOException { if (args.length == 0) { @@ -205,6 +208,7 @@ public static SocketAddress parseAddress(String[] args, SocketAddress defaultAdd } } + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static SocketAddress parseAddress(String opt, String val, SocketAddress defaultAddress) throws IOException { if (opt == null || val == null) { diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClient.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClient.java index 2cf3a61d7..92c112697 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClient.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClient.java @@ -23,11 +23,14 @@ import org.newsclub.net.unix.AFSocket; import org.newsclub.net.unix.demo.DemoHelper; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * A demo program to configure and run several {@link AFSocket} client demos from the command line. * * @author Christian Kohlschütter */ +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public final class DemoClient { public static void main(String[] args) throws IOException, InterruptedException { final DemoClientBase demoClient; diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClientBase.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClientBase.java index 007bcef10..ad633e846 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClientBase.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/client/DemoClientBase.java @@ -24,6 +24,8 @@ import org.newsclub.net.unix.AFSocketAddress; import org.newsclub.net.unix.AFUNIXSocket; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * An {@link AFUNIXSocket} client that's just good for demo purposes. * @@ -38,6 +40,7 @@ public void close() throws IOException { } } + @SuppressFBWarnings("UNENCRYPTED_SOCKET") public void connect(SocketAddress endpoint) throws IOException { System.out.println("Connect " + this + " to " + endpoint); if (endpoint instanceof AFSocketAddress) { diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/nanohttpd/NanoHttpdServerDemo.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/nanohttpd/NanoHttpdServerDemo.java index d7dac583f..5ec13c313 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/nanohttpd/NanoHttpdServerDemo.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/nanohttpd/NanoHttpdServerDemo.java @@ -28,6 +28,8 @@ import org.newsclub.net.unix.demo.DemoHelper; import org.newsclub.net.unix.demo.okhttp.OkHttpClientDemo; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + import fi.iki.elonen.NanoHTTPD; /** @@ -38,6 +40,7 @@ * @author Christian Kohlschütter * @see OkHttpClientDemo */ +@SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET") public final class NanoHttpdServerDemo extends NanoHTTPD { public NanoHttpdServerDemo(SocketAddress socketAddress) throws IOException { @@ -62,6 +65,7 @@ public ServerSocket create() throws IOException { } } + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static void main(String[] args) throws IOException { SocketAddress addr = DemoHelper.parseAddress(args, // AFUNIXSocketAddress.of(new File("/tmp/junixsocket-http-server.sock"))); diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/netty/EchoServer.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/netty/EchoServer.java index c4c7e2856..c6293e29a 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/netty/EchoServer.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/netty/EchoServer.java @@ -25,6 +25,8 @@ import org.newsclub.net.unix.AFUNIXSelectorProvider; import org.newsclub.net.unix.AFUNIXSocketAddress; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + import io.netty.bootstrap.ServerBootstrap; import io.netty.channel.ChannelFuture; import io.netty.channel.ChannelInitializer; @@ -41,6 +43,7 @@ * guide for 4.x */ @SuppressWarnings("FutureReturnValueIgnored" /* errorprone */) +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public class EchoServer { private final AFSocketAddress addr; @@ -81,6 +84,7 @@ public void initChannel(SocketChannel ch) throws Exception { } } + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static void main(String[] args) throws Exception { File path = new File("/tmp/nettyecho"); if (args.length > 0) { diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientDemo.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientDemo.java index 77df83f24..31e6834ef 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientDemo.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientDemo.java @@ -28,6 +28,7 @@ import org.newsclub.net.unix.demo.DemoHelper; import org.newsclub.net.unix.demo.nanohttpd.NanoHttpdServerDemo; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; import com.kohlschutter.util.IOUtil; import okhttp3.OkHttpClient; @@ -45,6 +46,7 @@ * @see NanoHttpdServerDemo */ public class OkHttpClientDemo { + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static void main(String[] args) throws IOException { SocketAddress addr = DemoHelper.parseAddress(args, // AFUNIXSocketAddress.of(new File("/tmp/junixsocket-http-server.sock"))); diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientTIPCDemo.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientTIPCDemo.java index 18069c225..58ee773c8 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientTIPCDemo.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/okhttp/OkHttpClientTIPCDemo.java @@ -29,6 +29,7 @@ import org.newsclub.net.unix.demo.DemoHelper; import org.newsclub.net.unix.demo.nanohttpd.NanoHttpdServerDemo; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; import com.kohlschutter.util.IOUtil; import okhttp3.OkHttpClient; @@ -48,6 +49,7 @@ */ @SuppressWarnings("CatchAndPrintStackTrace" /* errorprone */) public class OkHttpClientTIPCDemo { + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static void main(String[] args) throws IOException, InterruptedException { SocketAddress addr = DemoHelper.parseAddress(args, // diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/rmi/fd/StreamClient.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/rmi/fd/StreamClient.java index 43da47371..88c682839 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/rmi/fd/StreamClient.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/rmi/fd/StreamClient.java @@ -29,12 +29,15 @@ import org.newsclub.net.unix.rmi.RemoteCloseable; import org.newsclub.net.unix.rmi.RemoteFileInput; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * Demonstrates how to read files via FileDescriptors that are exchanged via RMI. * * @author Christian Kohlschütter * @see StreamServer */ +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public final class StreamClient { private StreamClient() { throw new IllegalStateException("No instances"); @@ -47,6 +50,7 @@ private StreamClient() { * @throws IOException on error. * @throws NotBoundException if the server cannot be reached. */ + @SuppressFBWarnings("PATH_TRAVERSAL_IN") public static void main(String[] args) throws IOException, NotBoundException { if (args.length != 1) { System.err.println("Usage: StreamClient "); diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/DemoServerBase.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/DemoServerBase.java index b05431373..650100269 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/DemoServerBase.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/DemoServerBase.java @@ -28,12 +28,15 @@ import org.newsclub.net.unix.AFUNIXSocket; import org.newsclub.net.unix.server.SocketServer; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * An {@link SocketServer} that's just good for demo purposes. * * @author Christian Kohlschütter */ @SuppressWarnings("CatchAndPrintStackTrace" /* errorprone */) +@SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET") abstract class DemoServerBase extends SocketServer { public DemoServerBase(SocketAddress listenAddress) { super(listenAddress); diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/SocketServerDemo.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/SocketServerDemo.java index 8ae79ab50..c5d91761f 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/SocketServerDemo.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/SocketServerDemo.java @@ -24,11 +24,14 @@ import org.newsclub.net.unix.demo.DemoHelper; import org.newsclub.net.unix.server.SocketServer; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * A demo program to configure and run several {@link SocketServer} demos from the command line. * * @author Christian Kohlschütter */ +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public final class SocketServerDemo { public static void main(String[] args) throws IOException, InterruptedException { final DemoServerBase demoServer; diff --git a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/ZeroServer.java b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/ZeroServer.java index d2e3c69af..680df0634 100644 --- a/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/ZeroServer.java +++ b/junixsocket-demo/src/main/java/org/newsclub/net/unix/demo/server/ZeroServer.java @@ -22,6 +22,8 @@ import java.net.Socket; import java.net.SocketAddress; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * A multi-threaded unix socket server that simply writes null-bytes, and does not attempt to read * anything. @@ -29,6 +31,7 @@ * @author Christian Kohlschütter */ // CPD-OFF +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public final class ZeroServer extends DemoServerBase { public ZeroServer(SocketAddress listenAddress) { super(listenAddress); diff --git a/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMemory.java b/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMemory.java index 4f5c893f4..8f8a5c443 100644 --- a/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMemory.java +++ b/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMemory.java @@ -39,11 +39,14 @@ import org.newsclub.net.unix.FileDescriptorCast; import org.newsclub.net.unix.MemoryImplUtilInternal; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * Some shared memory. * * @author Christian Kohlschütter */ +@SuppressFBWarnings("OVERLY_PERMISSIVE_FILE_PERMISSION") public final class SharedMemory implements Closeable { private static final Set DEFAULT_PERMISSIONS = PosixFilePermissions .fromString("rw-rw-rw-"); @@ -626,8 +629,8 @@ Futex futex(MemorySegment addr, boolean wakeUpOnClose, boolean zeroValueOnClose) } /** - * Returns a {@link SharedMutex} instance working with the given {@link MemorySegment}, which has to be - * exactly {@link #MUTEX_SEGMENT_SIZE} bytes long. + * Returns a {@link SharedMutex} instance working with the given {@link MemorySegment}, which has + * to be exactly {@link #MUTEX_SEGMENT_SIZE} bytes long. * * @param addr The address. * @return The instance. diff --git a/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMutex.java b/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMutex.java index 4f13d581e..fca60caf3 100644 --- a/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMutex.java +++ b/junixsocket-memory/src/main/java/org/newsclub/net/unix/memory/SharedMutex.java @@ -58,8 +58,8 @@ public interface SharedMutex extends Closeable { /** * Reports if this lock instance can safely be accessed from multiple processes, or not. The - * actual way of accessing this {@link SharedMutex} is unspecified, but typically this is coordinated - * via {@link SharedMemory}. + * actual way of accessing this {@link SharedMutex} is unspecified, but typically this is + * coordinated via {@link SharedMemory}. *

* The value returned is constant. * diff --git a/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactory.java b/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactory.java index 8d173947e..d9b1009a1 100644 --- a/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactory.java +++ b/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactory.java @@ -63,7 +63,7 @@ public Socket beforeHandshake() throws SocketException, IOException { } @Override - @SuppressFBWarnings("EI_EXPOSE_REP") + @SuppressFBWarnings({"EI_EXPOSE_REP", "PATH_TRAVERSAL_IN"}) public Socket connect(String host, int portNumber, Properties props) throws SocketException, IOException { // Adjust the path to your MySQL socket by setting the diff --git a/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactoryCJ.java b/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactoryCJ.java index c2888ca6e..0dd26cdbe 100644 --- a/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactoryCJ.java +++ b/junixsocket-mysql/src/main/java/org/newsclub/net/mysql/AFUNIXDatabaseSocketFactoryCJ.java @@ -46,7 +46,7 @@ public AFUNIXDatabaseSocketFactoryCJ() { } @SuppressWarnings({"unchecked"}) - @SuppressFBWarnings("EI_EXPOSE_REP") + @SuppressFBWarnings({"EI_EXPOSE_REP", "PATH_TRAVERSAL_IN"}) @Override public Socket connect(String hostname, int portNumber, @SuppressWarnings("exports") PropertySet props, int loginTimeout) throws IOException { diff --git a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMIServiceImpl.java b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMIServiceImpl.java index caf52c4de..bd3303bd6 100644 --- a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMIServiceImpl.java +++ b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMIServiceImpl.java @@ -52,7 +52,7 @@ public AFRMIServiceImpl(AFNaming naming) { this.naming = new WeakReference<>(naming); } - @SuppressFBWarnings("DMI_RANDOM_USED_ONLY_ONCE") + @SuppressFBWarnings({"DMI_RANDOM_USED_ONLY_ONCE", "PREDICTABLE_RANDOM"}) private/* synchronized */int randomPort() { int maxRandom = ports.size(); diff --git a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMISocketFactory.java b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMISocketFactory.java index 91b605758..14e5605f9 100644 --- a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMISocketFactory.java +++ b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFRMISocketFactory.java @@ -361,6 +361,7 @@ public void close() throws IOException { } @Override + @SuppressFBWarnings("OBJECT_DESERIALIZATION") public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { setExternable(new Externables(readNamingInstance(in), // (RMIClientSocketFactory) in.readObject(), // diff --git a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFUNIXRMISocketFactory.java b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFUNIXRMISocketFactory.java index e38e40a32..f0b043e7e 100644 --- a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFUNIXRMISocketFactory.java +++ b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/AFUNIXRMISocketFactory.java @@ -112,6 +112,7 @@ public AFUNIXRMISocketFactory(AFNaming naming, File socketDir) { } @Override + @SuppressFBWarnings("PATH_TRAVERSAL_IN") protected AFNaming readNamingInstance(ObjectInput in) throws IOException { socketDir = new File(in.readUTF()); int port = in.readInt(); @@ -167,6 +168,7 @@ public File getSocketDir() { return socketDir; } + @SuppressFBWarnings("PATH_TRAVERSAL_IN") File getFile(int port) { if (isPlainFileSocket()) { return getSocketDir(); diff --git a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIClientSocketFactory.java b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIClientSocketFactory.java index 815d846f1..25146410c 100644 --- a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIClientSocketFactory.java +++ b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIClientSocketFactory.java @@ -48,6 +48,7 @@ public static DefaultRMIClientSocketFactory getInstance() { } @Override + @SuppressFBWarnings("UNENCRYPTED_SOCKET") public Socket createSocket(String host, int port) throws IOException { Socket socket = new Socket(host, port); // socket.setSoTimeout(60 * 60 * 1000); diff --git a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIServerSocketFactory.java b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIServerSocketFactory.java index c847d2895..62ac7a593 100644 --- a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIServerSocketFactory.java +++ b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/DefaultRMIServerSocketFactory.java @@ -52,6 +52,7 @@ public static DefaultRMIServerSocketFactory getInstance() { } @Override + @SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET") public ServerSocket createServerSocket(int port) throws IOException { ServerSocket socket = new ServerSocket(port); // socket.setSoTimeout(60 * 60 * 1000); diff --git a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/RemoteFileDescriptorBase.java b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/RemoteFileDescriptorBase.java index a3d9659dd..f654e922d 100644 --- a/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/RemoteFileDescriptorBase.java +++ b/junixsocket-rmi/src/main/java/org/newsclub/net/unix/rmi/RemoteFileDescriptorBase.java @@ -103,6 +103,7 @@ public RemoteFileDescriptorBase() { @Override @SuppressWarnings("PMD.ExceptionAsFlowControl") + @SuppressFBWarnings("PREDICTABLE_RANDOM") public final void writeExternal(ObjectOutput objOut) throws IOException { if (fd == null || !fd.valid()) { throw new IOException("No or invalid file descriptor"); @@ -169,6 +170,7 @@ protected void onServerStopped(AFServerSocket socket) { } @SuppressWarnings("resource") + @SuppressFBWarnings("OBJECT_DESERIALIZATION") @Override public final void readExternal(ObjectInput objIn) throws IOException, ClassNotFoundException { DataInputStream in1 = remoteConnection.getAndSet(null); diff --git a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/Selftest.java b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/Selftest.java index b9513db81..03c128e74 100644 --- a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/Selftest.java +++ b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/Selftest.java @@ -81,6 +81,7 @@ */ @SuppressWarnings({ "PMD.CyclomaticComplexity", "PMD.CognitiveComplexity", "PMD.CouplingBetweenObjects"}) +@SuppressFBWarnings({"PATH_TRAVERSAL_IN", "INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE"}) public class Selftest { private final Class diagnosticsHelperClass = resolveOptionalClass( "org.newsclub.net.unix.SelftestDiagnosticsHelper"); diff --git a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/EchoServer.java b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/EchoServer.java index f0ac19c3a..f8c4ceeb5 100644 --- a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/EchoServer.java +++ b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/EchoServer.java @@ -25,7 +25,10 @@ import org.newsclub.net.unix.AFSocketAddress; import org.newsclub.net.unix.server.AFSocketServer; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + // CPD-OFF +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public class EchoServer { private static void printHelp() { System.err.println("Syntax: java " + EchoServer.class.getName() + " "); diff --git a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/SocketAddressUtil.java b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/SocketAddressUtil.java index ed41b950b..e0e363323 100644 --- a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/SocketAddressUtil.java +++ b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/SocketAddressUtil.java @@ -24,6 +24,9 @@ import org.newsclub.net.unix.AFSocketAddress; import org.newsclub.net.unix.AFUNIXSocketAddress; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public class SocketAddressUtil { public static AFSocketAddress parseAddress(String addr) throws SocketException { if (addr.startsWith("/")) { diff --git a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/StreamClient.java b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/StreamClient.java index c882e0bef..8955da033 100644 --- a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/StreamClient.java +++ b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/StreamClient.java @@ -30,8 +30,10 @@ import org.newsclub.net.unix.AFSocket; import org.newsclub.net.unix.AFSocketAddress; -// CPD-OFF +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; +// CPD-OFF +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public class StreamClient { private static void printHelp() { System.err.println("Syntax: java " + StreamClient.class.getName() + " "); diff --git a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/ZeroServer.java b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/ZeroServer.java index 7d806a98c..fe713ee0e 100644 --- a/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/ZeroServer.java +++ b/junixsocket-selftest/src/main/java/org/newsclub/net/unix/selftest/apps/ZeroServer.java @@ -31,6 +31,9 @@ import org.newsclub.net.unix.AFSocketAddress; import org.newsclub.net.unix.server.AFSocketServer; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public class ZeroServer { private static void printHelp() { System.err.println("Syntax: java " + ZeroServer.class.getName() + " "); diff --git a/junixsocket-server/src/main/java/org/newsclub/net/unix/server/AFUNIXSocketServer.java b/junixsocket-server/src/main/java/org/newsclub/net/unix/server/AFUNIXSocketServer.java index 7381878a9..3e14fbeb1 100644 --- a/junixsocket-server/src/main/java/org/newsclub/net/unix/server/AFUNIXSocketServer.java +++ b/junixsocket-server/src/main/java/org/newsclub/net/unix/server/AFUNIXSocketServer.java @@ -25,6 +25,8 @@ import org.newsclub.net.unix.AFSocketAddress; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * A base implementation for a simple, multi-threaded socket server. * @@ -34,6 +36,7 @@ * @deprecated Use {@link SocketServer} or {@link AFSocketServer} */ @Deprecated +@SuppressFBWarnings("UNENCRYPTED_SERVER_SOCKET") public abstract class AFUNIXSocketServer extends SocketServer { /** * Creates a server using the given, bound {@link ServerSocket}. diff --git a/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/IgnorantX509TrustManager.java b/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/IgnorantX509TrustManager.java index adbffc300..f0ee57638 100644 --- a/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/IgnorantX509TrustManager.java +++ b/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/IgnorantX509TrustManager.java @@ -22,6 +22,8 @@ import javax.net.ssl.X509TrustManager; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * An ignorant {@link X509TrustManager} that doesn't check certificates at all. *

@@ -31,6 +33,7 @@ * * @author Christian Kohlschütter */ +@SuppressFBWarnings("WEAK_TRUST_MANAGER") public final class IgnorantX509TrustManager implements X509TrustManager { private static final IgnorantX509TrustManager INSTANCE = new IgnorantX509TrustManager(); private static final X509Certificate[] EMPTY_ACCEPTED_ISSUERS = new X509Certificate[0]; diff --git a/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/SSLContextBuilder.java b/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/SSLContextBuilder.java index 95a03f1e2..b87e948ca 100644 --- a/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/SSLContextBuilder.java +++ b/junixsocket-ssl/src/main/java/org/newsclub/net/unix/ssl/SSLContextBuilder.java @@ -361,6 +361,7 @@ private TrustManagerFactory buildTrustManagerFactory() throws GeneralSecurityExc return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } + @SuppressFBWarnings("URLCONNECTION_SSRF_FD") private KeyManager[] buildKeyManagers(KeyManagerFactory kmf) throws GeneralSecurityException, IOException, UnrecoverableKeyException { if (keyStoreUrl == null) { @@ -443,6 +444,7 @@ private static KnownJavaBugIOException knownJDKBug(Exception e, String bugId, St } } + @SuppressFBWarnings("URLCONNECTION_SSRF_FD") private TrustManager[] buildTrustManagers(TrustManagerFactory tmf) throws IOException, GeneralSecurityException { diff --git a/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/SSLContextBuilderTest.java b/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/SSLContextBuilderTest.java index bd054ef50..dd06af8f2 100644 --- a/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/SSLContextBuilderTest.java +++ b/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/SSLContextBuilderTest.java @@ -83,6 +83,7 @@ // CPD-OFF @SuppressWarnings({"PMD.ExcessiveImports", "PMD.CouplingBetweenObjects"}) +@SuppressFBWarnings({"UNENCRYPTED_SERVER_SOCKET", "URLCONNECTION_SSRF_FD"}) public class SSLContextBuilderTest extends SSLTestBase { @ParameterizedTest diff --git a/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/ValidatingX509TrustManagerTest.java b/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/ValidatingX509TrustManagerTest.java index 42f9f14a4..37e8699bc 100644 --- a/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/ValidatingX509TrustManagerTest.java +++ b/junixsocket-ssl/src/test/java/org/newsclub/net/unix/ssl/ValidatingX509TrustManagerTest.java @@ -54,12 +54,14 @@ import org.newsclub.net.unix.AFUNIXSocketAddress; import org.newsclub.net.unix.KnownJavaBugIOException; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; import com.kohlschutter.testutil.AssertUtil; import com.kohlschutter.testutil.TestAbortedWithImportantMessageException; import com.kohlschutter.testutil.TestAbortedWithImportantMessageException.MessageType; import com.kohlschutter.testutil.TestResourceUtil; // CPD-OFF +@SuppressFBWarnings("URLCONNECTION_SSRF_FD") public class ValidatingX509TrustManagerTest extends SSLTestBase { @ParameterizedTest diff --git a/junixsocket-vsock/src/main/java/org/newsclub/net/unix/vsock/AFVSOCKProxyServerSocketConnector.java b/junixsocket-vsock/src/main/java/org/newsclub/net/unix/vsock/AFVSOCKProxyServerSocketConnector.java index bbc541b06..30b9b3bd8 100644 --- a/junixsocket-vsock/src/main/java/org/newsclub/net/unix/vsock/AFVSOCKProxyServerSocketConnector.java +++ b/junixsocket-vsock/src/main/java/org/newsclub/net/unix/vsock/AFVSOCKProxyServerSocketConnector.java @@ -27,6 +27,8 @@ import org.newsclub.net.unix.AFVSOCKSocketAddress; import org.newsclub.net.unix.AddressUnavailableSocketException; +import com.kohlschutter.annotations.compiletime.SuppressFBWarnings; + /** * Provides access to AF_VSOCK connections that aren't directly accessible but exposed via a * proxying/multiplexing Unix domain socket. @@ -35,6 +37,7 @@ * @see #openFirecrackerStyleConnector(File, int) * @see #openDirectConnector() */ +@SuppressFBWarnings("PATH_TRAVERSAL_IN") public final class AFVSOCKProxyServerSocketConnector implements AFServerSocketConnector { private static final AFServerSocketConnector DIRECT_CONNECTOR =