Do not disable the security manager on Java 17 VMs and newer as it is deprecated for removal. #2123
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ThrawnCA
requested changes
Jul 29, 2022
spotbugs/src/main/java/edu/umd/cs/findbugs/util/SecurityManagerHandler.java
Outdated
Show resolved
Hide resolved
ThrawnCA
previously approved these changes
Jul 31, 2022
KengoTODA
requested changes
Aug 28, 2022
spotbugs/src/main/java/edu/umd/cs/findbugs/util/SecurityManagerHandler.java
Outdated
Show resolved
Hide resolved
spotbugs/src/main/java/edu/umd/cs/findbugs/util/SecurityManagerHandler.java
Outdated
Show resolved
Hide resolved
spotbugs/src/main/java/edu/umd/cs/findbugs/util/SecurityManagerHandler.java
Show resolved
Hide resolved
|
Please merge the latest |
… deprecated for removal. This fixes spotbugs#1579. If needed, disabling the security manager can still be requested on Java 17 and newer by setting the 'edu.umd.cs.findbugs.securityManagerDisabled' property to 'false'. Using this property also allows to disable this functionality on older VMs.
|
Indeed, pushed the changes, including the rebase. |
|
Not sure why the build is failing. 🤔 It seems that there are some problem like #2146? |
ThrawnCA
previously approved these changes
Sep 2, 2022
KengoTODA
requested changes
Sep 4, 2022
| securityManagerDisabled = false; | ||
| LOGGER.debug("failed to detect the ability of security manager feature, so treat it as available", t); | ||
| } | ||
| SECURITY_MANAGER_DISABLED = securityManagerDisabled; |
There was a problem hiding this comment.
SpotBugs reports a potential bug here, please consider to make this static field final.
edu.umd.cs.findbugs.util.SecurityManagerHandler.SECURITY_MANAGER_DISABLED isn't final but should be
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
KengoTODA
approved these changes
Sep 5, 2022
gtoison
added a commit
to gtoison/sonar-findbugs
that referenced
this pull request
Feb 12, 2023
Since SpotBugs 4.7.3 and spotbugs/spotbugs#2123 it is no longer necessary to set the security manager6
gtoison
added a commit
to spotbugs/sonar-findbugs
that referenced
this pull request
Feb 12, 2023
Since SpotBugs 4.7.3 and spotbugs/spotbugs#2123 it is no longer necessary to set the security manager6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes #1579. If needed, disabling the security manager can still be requested on Java 17 and newer by setting the edu.umd.cs.findbugs.securityManagerDisabled property to
false. Using this property also allows to disable this functionality on older VMs.