Upgrade to FindBugs 3.0.1 and add some findbugs-excludes

Update to forbiddenapi-checker 2.1, use the newly provided rule-sets and remove things that were applied upstream

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1745366 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/build.xml b/build.xml
index 8f4bb29ce492173f8bc70387824a702e30a4d9c6..e215e26543dbaeaabb75e05d71bfd64f7f98262c 100644 (file)
--- a/build.xml
+++ b/build.xml
@@ -200,8 +200,8 @@ under the License.
     <!-- license and api checks -->
     <property name="rat.jar" location="${main.lib}/apache-rat-0.11.jar"/>
     <property name="rat.url" value="${repository.m2}/maven2/org/apache/rat/apache-rat/0.11/apache-rat-0.11.jar"/>
-    <property name="forbidden.jar" location="${main.lib}/forbiddenapis-2.0.jar"/>
-    <property name="forbidden.url" value="${repository.m2}/maven2/de/thetaphi/forbiddenapis/2.0/forbiddenapis-2.0.jar"/>
+    <property name="forbidden.jar" location="${main.lib}/forbiddenapis-2.1.jar"/>
+    <property name="forbidden.url" value="${repository.m2}/maven2/de/thetaphi/forbiddenapis/2.1/forbiddenapis-2.1.jar"/>
 
     <!-- See http://www.ecma-international.org/publications/standards/Ecma-376.htm -->
     <!-- "Copy these file(s), free of charge" -->
@@ -528,6 +528,7 @@ under the License.
                 <include name="junit-4.11*"/>
                 <include name="findbugs-*-2.0.3*"/>
                 <include name="forbiddenapis-1.*.jar"/>
+                <include name="forbiddenapis-2.0.jar"/>
             </fileset>
             <fileset dir="${ooxml.lib}">
                 <!-- remove jars from previous versions, but not the current version -->
@@ -2017,12 +2018,15 @@ under the License.
 
         <!-- first check rules that apply to all the source code -->
         <forbiddenapis
-                 internalRuntimeForbidden="true"
                  classpathref="forbiddenapis.classpath"
                  suppressAnnotation="org.apache.poi.util.SuppressForbidden"
+                 targetVersion="${jdk.version.source}"
             >
-            <bundledsignatures name="jdk-unsafe-${jdk.version.source}"/>
-            <bundledsignatures name="jdk-deprecated-${jdk.version.source}"/>
+            <bundledsignatures name="jdk-unsafe"/>
+            <bundledsignatures name="jdk-deprecated"/>
+            <bundledsignatures name="jdk-internal"/>
+            <bundledsignatures name="jdk-non-portable"/>
+            <bundledsignatures name="jdk-reflection"/>
             <!--
             <bundledsignatures name="jdk-system-out"/>
             -->
@@ -2046,9 +2050,9 @@ under the License.
 
         <!-- then check some advanced rules which we only apply to the core code and not tests or examples -->
         <forbiddenapis
-                 internalRuntimeForbidden="true"
                  classpathref="forbiddenapis.classpath"
                  suppressAnnotation="org.apache.poi.util.SuppressForbidden"
+                 targetVersion="${jdk.version.source}"
             >
             <signaturesFileset file="src/resources/devtools/forbidden-signatures-prod.txt"/>
             <!-- sources -->
@@ -2062,14 +2066,14 @@ under the License.
     <target name="findbugs">
         <!-- NOTE: we did not update to 3.x yet because it requires Java 7, but we are still supporting Java 6 currently! -->
         <downloadfile
-            src="http://prdownloads.sourceforge.net/findbugs/findbugs-noUpdateChecks-2.0.3.zip?download"
-            dest="${main.lib}/findbugs-noUpdateChecks-2.0.3.zip"/>
+            src="http://prdownloads.sourceforge.net/findbugs/findbugs-noUpdateChecks-3.0.1.zip?download"
+            dest="${main.lib}/findbugs-noUpdateChecks-3.0.1.zip"/>
 
         <property name="findbugs.home" value="build/findbugs" />
-        <unzip src="${main.lib}/findbugs-noUpdateChecks-2.0.3.zip"
+        <unzip src="${main.lib}/findbugs-noUpdateChecks-3.0.1.zip"
                dest="${findbugs.home}/lib">
             <patternset>
-                <include name="findbugs-2.0.3/lib/**"/>
+                <include name="findbugs-3.0.1/lib/**"/>
             </patternset>
             <mapper type="flatten"/>
         </unzip>

diff --git a/src/resources/devtools/findbugs-filters.xml b/src/resources/devtools/findbugs-filters.xml
index 951201f631cb276ff004a621e0bc71a34e5f574f..f79feca3457fc7f489542aca2b31ed89a2b40adf 100644 (file)
--- a/src/resources/devtools/findbugs-filters.xml
+++ b/src/resources/devtools/findbugs-filters.xml
@@ -26,4 +26,64 @@
                <Class name="org.apache.poi.hssf.usermodel.DummyGraphics2d"/>\r
                <Bug code="FI" />\r
        </Match>\r
+\r
+       <!-- things that were moved or are named equally on purpose -->\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.extractor.ExcelExtractor"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.record.RecordFormatException"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.record.UnicodeString"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.usermodel.HeaderFooter"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.util.AreaReference"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.util.CellRangeAddress"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.util.CellRangeAddressList"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.util.CellReference"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hssf.util.Region"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.hwpf.usermodel.CharacterRun"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.sl.usermodel.Hyperlink"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.ss.usermodel.Hyperlink"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+       <Match>\r
+               <Class name="org.apache.poi.xssf.model.IndexedUDFFinder"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
+\r
+       <!-- named this way on purpose -->\r
+       <Match>\r
+               <Class name="org.apache.poi.xdgf.exceptions.XDGFException"/>\r
+               <Bug code="Nm" />\r
+       </Match>\r
 </FindBugsFilter>
\ No newline at end of file

diff --git a/src/resources/devtools/forbidden-signatures.txt b/src/resources/devtools/forbidden-signatures.txt
index dabcb7691c000d7151cb19348161dcc6f2c50df2..54b2856786510631fb4a23fb7ba59f6075ad0e81 100644 (file)
--- a/src/resources/devtools/forbidden-signatures.txt
+++ b/src/resources/devtools/forbidden-signatures.txt
@@ -26,10 +26,6 @@ java.util.Locale#setDefault(java.util.Locale) @ Do not use methods that depend o
 java.util.TimeZone#getDefault() @ Do not use methods that depend on the current Local, either use Locale.ROOT or let the user define the local, see class LocaleUtil for details\r
 java.util.Date#toString() @ Do not use methods that depend on the current Local, either use Locale.ROOT or let the user define the local, see class LocaleUtil for details\r
 \r
-# Disallow reflection on private object fields/methods\r
-java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9\r
-java.lang.reflect.AccessibleObject#setAccessible(boolean) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9\r
-\r
 java.text.DecimalFormatSymbols#<init>() @ use DecimalFormatSymbols.getInstance()\r
 java.text.DecimalFormatSymbols#<init>(java.util.Locale) @ use DecimalFormatSymbols.getInstance()\r
 \r