[3/6] accumulo git commit: ACCUMULO-4687 Clean up some static-analysis warnings

Thu, 27 Jul 2017 16:32:39 -0700 

ACCUMULO-4687 Clean up some static-analysis warnings

* Close a closeable resource
* Remove some vestigal AccessController calls
* Set HttpOnly on our cookies in the monitor
* Avoiding putting user-provided content into an HTTP response


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/f08c58c5
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/f08c58c5
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/f08c58c5

Branch: refs/heads/master
Commit: f08c58c597a4c203b8f9759b540fd0736b3c6ae1
Parents: 465f6c4
Author: Josh Elser <els...@apache.org>
Authored: Thu Jul 27 18:41:34 2017 -0400
Committer: Josh Elser <els...@apache.org>
Committed: Thu Jul 27 18:41:34 2017 -0400

----------------------------------------------------------------------
 .../rfile/bcfile/BoundedRangeFileInputStream.java   | 16 +---------------
 .../java/org/apache/accumulo/core/util/Jar.java     |  3 +--
 .../accumulo/monitor/servlets/BasicServlet.java     | 10 +++++++++-
 .../accumulo/monitor/servlets/DefaultServlet.java   |  6 +++++-
 .../accumulo/monitor/servlets/OperationServlet.java | 15 ++++++++++-----
 5 files changed, 26 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/f08c58c5/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BoundedRangeFileInputStream.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BoundedRangeFileInputStream.java
 
b/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BoundedRangeFileInputStream.java
index b5ee61b..4154e0b 100644
--- 
a/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BoundedRangeFileInputStream.java
+++ 
b/core/src/main/java/org/apache/accumulo/core/file/rfile/bcfile/BoundedRangeFileInputStream.java
@@ -19,9 +19,6 @@ package org.apache.accumulo.core.file.rfile.bcfile;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 
 import org.apache.hadoop.fs.FSDataInputStream;
 
@@ -95,18 +92,7 @@ class BoundedRangeFileInputStream extends InputStream {
         throw new IOException("Stream closed");
       }
       in.seek(pos);
-      try {
-        ret = AccessController.doPrivileged(new 
PrivilegedExceptionAction<Integer>() {
-          @Override
-          public Integer run() throws IOException {
-            int ret = 0;
-            ret = in.read(b, off, n);
-            return ret;
-          }
-        });
-      } catch (PrivilegedActionException e) {
-        throw (IOException) e.getException();
-      }
+      ret = in.read(b, off, n);
     }
     if (ret < 0) {
       end = pos;

http://git-wip-us.apache.org/repos/asf/accumulo/blob/f08c58c5/core/src/main/java/org/apache/accumulo/core/util/Jar.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/util/Jar.java 
b/core/src/main/java/org/apache/accumulo/core/util/Jar.java
index e5c2d1c..3c2a1f5 100644
--- a/core/src/main/java/org/apache/accumulo/core/util/Jar.java
+++ b/core/src/main/java/org/apache/accumulo/core/util/Jar.java
@@ -41,8 +41,7 @@ public class Jar implements KeywordExecutable {
     String jarFileName = args[0];
     String candidateMainClass = args.length > 1 ? args[1] : null;
     Class<?> mainClass = null;
-    try {
-      JarFile f = new JarFile(jarFileName);
+    try (JarFile f = new JarFile(jarFileName)) {
       mainClass = Main.loadClassFromJar(args, f, Main.getClassLoader());
     } catch (IOException ioe) {
       System.out.println("File " + jarFileName + " could not be found or 
read.");

http://git-wip-us.apache.org/repos/asf/accumulo/blob/f08c58c5/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/BasicServlet.java
----------------------------------------------------------------------
diff --git 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/BasicServlet.java
 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/BasicServlet.java
index fac18cd..8168ce7 100644
--- 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/BasicServlet.java
+++ 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/BasicServlet.java
@@ -83,7 +83,7 @@ abstract public class BasicServlet extends HttpServlet {
   private static final String DEFAULT_CONTENT_TYPE = "text/html";
 
   public static final void setCookie(HttpServletResponse resp, String name, 
String value) {
-    resp.addCookie(new Cookie(name, value));
+    resp.addCookie(createCookie(name, value));
   }
 
   public static final String getCookieValue(HttpServletRequest req, String 
name) {
@@ -264,4 +264,12 @@ abstract public class BasicServlet extends HttpServlet {
     sb.append("<br />\n<h2 
class='").append(klass).append("'>").append(text).append("</h2>\n");
   }
 
+  /**
+   * Creates a {@link Cookie} with the given name and value, also setting the 
HttpOnly attribute on the cookie.
+   */
+  protected static Cookie createCookie(String name, String value) {
+    Cookie c = new Cookie(name, value);
+    c.setHttpOnly(true);
+    return c;
+  }
 }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/f08c58c5/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/DefaultServlet.java
----------------------------------------------------------------------
diff --git 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/DefaultServlet.java
 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/DefaultServlet.java
index 8d130aa..0f83b68 100644
--- 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/DefaultServlet.java
+++ 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/DefaultServlet.java
@@ -47,10 +47,13 @@ import org.apache.accumulo.server.fs.VolumeManagerImpl;
 import org.apache.hadoop.fs.ContentSummary;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class DefaultServlet extends BasicServlet {
 
   private static final long serialVersionUID = 1L;
+  private static final Logger LOG = 
LoggerFactory.getLogger(DefaultServlet.class);
 
   @Override
   protected String getTitle(HttpServletRequest req) {
@@ -77,7 +80,8 @@ public class DefaultServlet extends BasicServlet {
           while ((n = data.read(buffer)) > 0)
             out.write(buffer, 0, n);
         } else {
-          out.write(("could not get resource " + path + "").getBytes(UTF_8));
+          LOG.debug("Client requested {}, but it could not be loaded", path);
+          out.write("could not access requested resource".getBytes(UTF_8));
         }
       } finally {
         if (data != null)

http://git-wip-us.apache.org/repos/asf/accumulo/blob/f08c58c5/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/OperationServlet.java
----------------------------------------------------------------------
diff --git 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/OperationServlet.java
 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/OperationServlet.java
index a3dbe8c..c3ca3a1 100644
--- 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/OperationServlet.java
+++ 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/OperationServlet.java
@@ -97,8 +97,13 @@ public class OperationServlet extends BasicServlet {
   public static class RefreshOperation implements WebOperation {
     @Override
     public List<Cookie> execute(HttpServletRequest req, Logger log) {
-      String value = req.getParameter("value");
-      return Collections.singletonList(new Cookie("page.refresh.rate", value 
== null ? "5" : BasicServlet.encode(value)));
+      String rawValue = req.getParameter("value");
+      int refreshTime = 5;
+      // Verify that the value provided is actually a number
+      if (rawValue != null) {
+        refreshTime = Integer.parseInt(rawValue);
+      }
+      return Collections.singletonList(createCookie("page.refresh.rate", 
Integer.toString(refreshTime)));
     }
   }
 
@@ -151,10 +156,10 @@ public class OperationServlet extends BasicServlet {
       table = BasicServlet.encode(table);
       if (asc == null) {
         col = BasicServlet.encode(col);
-        return Collections.singletonList(new Cookie("tableSort." + page + "." 
+ table + "." + "sortCol", col));
+        return Collections.singletonList(createCookie("tableSort." + page + 
"." + table + "." + "sortCol", col));
       } else {
         asc = BasicServlet.encode(asc);
-        return Collections.singletonList(new Cookie("tableSort." + page + "." 
+ table + "." + "sortAsc", asc));
+        return Collections.singletonList(createCookie("tableSort." + page + 
"." + table + "." + "sortAsc", asc));
       }
     }
   }
@@ -170,7 +175,7 @@ public class OperationServlet extends BasicServlet {
       page = BasicServlet.encode(page);
       table = BasicServlet.encode(table);
       show = BasicServlet.encode(show);
-      return Collections.singletonList(new Cookie("tableLegend." + page + "." 
+ table + "." + "show", show));
+      return Collections.singletonList(createCookie("tableLegend." + page + 
"." + table + "." + "show", show));
     }
   }

Reply via email to