Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix report output to truncate existing files #1951

Merged
merged 5 commits into from May 4, 2022
Merged

Fix report output to truncate existing files #1951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cbba2db
Fix report output to truncate existing files
Feb 8, 2022
0b86398
Merge branch 'master' into issue-1950-truncate-reports
sdati Mar 8, 2022
ee19628
Undo bad conflict resolution
sdati Mar 9, 2022
6e52056
Merge branch 'master' into issue-1950-truncate-reports
KengoTODA Mar 10, 2022
64e8c37
Merge branch 'master' into issue-1950-truncate-reports
KengoTODA May 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 1 addition & 2 deletions CHANGELOG.md
View file
Open in desktop
Expand Up @@ -9,6 +9,7 @@ Currently the versioning policy of this project follows [Semantic Versioning v2.
- Updated documentation by adding parenthesis `()` to the negative odd check message ([#1995](https://github.com/spotbugs/spotbugs/issues/1995))

### Fixed
- Fixed reports to truncate existing files before writing new content ([#1950](https://github.com/spotbugs/spotbugs/issues/1950))
- Bumped Saxon-HE from 10.6 to 11.3 ([#1955](https://github.com/spotbugs/spotbugs/pull/1955), [#1999](https://github.com/spotbugs/spotbugs/pull/1999))
- Fixed traversal of nested archives governed by `-nested:true` ([#1930](https://github.com/spotbugs/spotbugs/pull/1930))
- Warnings of deprecated System::setSecurityManager calls on Java 17 ([#1983](https://github.com/spotbugs/spotbugs/pull/1983))
Expand All @@ -22,8 +23,6 @@ Currently the versioning policy of this project follows [Semantic Versioning v2.
* `THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION` is reported when a method has Exception in its throws clause and
* `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` is reported when a method has Throwable in its throws clause (See [SEI CERT ERR07-J](https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable))
* New rule `PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS` to warn for custom class loaders who do not call their superclasses' `getPermissions()` in their `getPermissions()` method. This rule based on the SEI CERT rule *SEC07-J Call the superclass's getPermissions() method when writing a custom class loader*. ([#SEC07-J](https://wiki.sei.cmu.edu/confluence/display/java/SEC07-J.+Call+the+superclass%27s+getPermissions%28%29+method+when+writing+a+custom+class+loader))

### Added
* New rule `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on *SEC02-J. Do not base security checks on untrusted sources*. ([#SEC02-J](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources))

## 4.6.0 - 2022-03-08
Expand Down
13 changes: 13 additions & 0 deletions spotbugs-tests/src/test/java/edu/umd/cs/findbugs/TextUICommandLineTest.java
View file
Open in desktop
Expand Up @@ -36,6 +36,19 @@ public void handleOutputFilePathUsesGzip() throws IOException {
assertThat("GZip file should have -117 as its header", written[1], is((byte) -117));
}

@Test
public void handleOutputFileTruncatesExisting() throws IOException {
Path file = Files.createTempFile("spotbugs", ".html");
Files.writeString(file, "content");
TextUICommandLine commandLine = new TextUICommandLine();
SortingBugReporter reporter = new SortingBugReporter();
commandLine.handleOutputFilePath(reporter, "withMessages=" + file.toFile().getAbsolutePath());

reporter.finish();
byte[] written = Files.readAllBytes(file);
assertThat("Output file should be truncated to 0 bytes", written.length, is(0));
}

@Test
public void htmlReportWithOption() throws IOException {
Path xmlFile = Files.createTempFile("spotbugs", ".xml");
Expand Down
3 changes: 2 additions & 1 deletion spotbugs/src/main/java/edu/umd/cs/findbugs/TextUICommandLine.java
View file
Open in desktop
Expand Up @@ -278,7 +278,8 @@ public boolean justPrintVersion() {
if (index >= 0) {
Path path = Paths.get(optionExtraPart.substring(index + 1));
try {
OutputStream oStream = Files.newOutputStream(path, StandardOpenOption.CREATE, StandardOpenOption.WRITE);
OutputStream oStream = Files.newOutputStream(path, StandardOpenOption.CREATE, StandardOpenOption.WRITE,
StandardOpenOption.TRUNCATE_EXISTING);
Copy link
Contributor Author

@sdati sdati Feb 8, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, this could have been changed to use the implicit/default behavior of newOutputStream() by not specifying any OpenOptions:

OutputStream oStream = Files.newOutputStream(path);

if ("gz".equals(Util.getFileExtension(path.toFile()))) {
oStream = new GZIPOutputStream(oStream);
}
Expand Down