Janos Makai created OOZIE-3671: ---------------------------------- Summary: Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily until it gets refactored Key: OOZIE-3671 URL: https://issues.apache.org/jira/browse/OOZIE-3671 Project: Oozie Issue Type: Task Components: core Reporter: Janos Makai Assignee: Janos Makai
Currently the SpotBugs tool indicates the following issues for every new patches: {code:java} {color:#FF0000}-1{color} There are [5] new bugs found below threshold in [core] that must be fixed. . You can find the SpotBugs diff here (look for the red and orange ones): core/findbugs-new.html . The most important SpotBugs errors are: . At BulkJPAExecutor.java:[line 206]: This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection . At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175] . At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199] . This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206] . At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line 127] {code} The goal of this Jira is to exclude the JPA injection pattern (SQL_INJECTION_JPA) from Oozie core until the corresponding code gets refactored. -- This message was sent by Atlassian Jira (v8.20.10#820010)