Fix Quality flaws

diff --git a/server/sonar-db-core/src/test/java/org/sonar/db/profiling/ProfiledDataSourceTest.java b/server/sonar-db-core/src/test/java/org/sonar/db/profiling/ProfiledDataSourceTest.java
index cc1a73b0891e885e4e66bcbeabe6169dd134c5bc..ede91489b4aee14473b1aa70e697ee1c640eb016 100644 (file)
--- a/server/sonar-db-core/src/test/java/org/sonar/db/profiling/ProfiledDataSourceTest.java
+++ b/server/sonar-db-core/src/test/java/org/sonar/db/profiling/ProfiledDataSourceTest.java
@@ -33,6 +33,7 @@ import org.junit.Test;
 import org.sonar.api.utils.log.LogTester;
 import org.sonar.api.utils.log.LoggerLevel;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -81,7 +82,7 @@ public class ProfiledDataSourceTest {
     String param2 = "plouf";
     Date param3 = new Date(System.currentTimeMillis());
     Timestamp param4 = new Timestamp(System.currentTimeMillis());
-    byte[] param5 = "blob".getBytes("UTF-8");
+    byte[] param5 = "blob".getBytes(UTF_8);
 
     PreparedStatement preparedStatement = mock(PreparedStatement.class);
     when(connection.prepareStatement(sqlWithParams)).thenReturn(preparedStatement);

diff --git a/server/sonar-db-dao/src/test/java/org/sonar/db/ce/LogsIteratorInputStreamTest.java b/server/sonar-db-dao/src/test/java/org/sonar/db/ce/LogsIteratorInputStreamTest.java
index 89463e56b63f2b504bc204b0569447c668bc382c..221b4005eae080cf641144c6ec3b9b1e5712d09a 100644 (file)
--- a/server/sonar-db-dao/src/test/java/org/sonar/db/ce/LogsIteratorInputStreamTest.java
+++ b/server/sonar-db-dao/src/test/java/org/sonar/db/ce/LogsIteratorInputStreamTest.java
@@ -20,7 +20,6 @@
 package org.sonar.db.ce;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import org.apache.commons.io.IOUtils;
 import org.junit.Rule;
@@ -28,6 +27,7 @@ import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.sonar.core.util.CloseableIterator;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class LogsIteratorInputStreamTest {
@@ -73,14 +73,14 @@ public class LogsIteratorInputStreamTest {
     expectedException.expect(IllegalArgumentException.class);
     expectedException.expectMessage("LogsIterator can't be empty or already read");
 
-    new LogsIteratorInputStream(iterator, StandardCharsets.UTF_8);
+    new LogsIteratorInputStream(iterator, UTF_8);
   }
 
   private static LogsIteratorInputStream create(String... lines) {
-    return new LogsIteratorInputStream(CloseableIterator.from(Arrays.asList(lines).iterator()), StandardCharsets.UTF_8);
+    return new LogsIteratorInputStream(CloseableIterator.from(Arrays.asList(lines).iterator()), UTF_8);
   }
 
   private static String read(LogsIteratorInputStream logsIteratorInputStream) throws IOException {
-    return IOUtils.toString(logsIteratorInputStream, "UTF-8");
+    return IOUtils.toString(logsIteratorInputStream, UTF_8);
   }
 }

diff --git a/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java b/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java
index af1c6cf134f972e61339433ca12ea80eebe48319..d93054eb29a352db87bdfba52c8685a5a8aa38b5 100644 (file)
--- a/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java
+++ b/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java
@@ -58,7 +58,7 @@ final class AesCipher implements Cipher {
     try {
       javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY);
       cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFile());
-      return Base64.encodeBase64String(cipher.doFinal(clearText.getBytes("UTF-8")));
+      return Base64.encodeBase64String(cipher.doFinal(clearText.getBytes(UTF_8)));
     } catch (RuntimeException e) {
       throw e;
     } catch (Exception e) {

diff --git a/server/sonar-server/src/main/java/org/sonar/server/badge/ws/ETagUtils.java b/server/sonar-server/src/main/java/org/sonar/server/badge/ws/ETagUtils.java
index 4f98f50c7bfd29b88970f00d0ac12a4474e16d05..d91cf8160d440027c6df0a9f8cd870d8897dc089 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/badge/ws/ETagUtils.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/badge/ws/ETagUtils.java
@@ -20,7 +20,7 @@
 
 package org.sonar.server.badge.ws;
 
-import java.nio.charset.Charset;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 public class ETagUtils {
   // Format for Expires Header
@@ -53,6 +53,6 @@ public class ETagUtils {
    * <a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11"></a>
    */
   static String getETag(String output) {
-    return "W/" + hash(output.getBytes(Charset.forName("UTF-8")));
+    return "W/" + hash(output.getBytes(UTF_8));
   }
 }

diff --git a/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelXMLExporter.java b/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelXMLExporter.java
index 4265da40e32208d1e3f3d4e4eb822111dfc1394a..682160b72de5897778b345e89b7112efc213166f 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelXMLExporter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/debt/DebtModelXMLExporter.java
@@ -27,10 +27,12 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
+import javax.xml.XMLConstants;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Source;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.sax.SAXSource;
 import javax.xml.transform.sax.SAXTransformerFactory;
 import javax.xml.transform.stream.StreamResult;
@@ -129,7 +131,9 @@ public class DebtModelXMLExporter {
 
   private static String prettyFormatXml(String xml) {
     try {
-      Transformer serializer = SAXTransformerFactory.newInstance().newTransformer();
+      TransformerFactory factory = SAXTransformerFactory.newInstance();
+      factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+      Transformer serializer = factory.newTransformer();
       serializer.setOutputProperty(OutputKeys.INDENT, "yes");
       serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
       serializer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", DEFAULT_INDENT);

diff --git a/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureJsonWriter.java b/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureJsonWriter.java
index c686e3ab0932e0a2844604c0ad01c45bbd135613..dc968f9f64ba9d5f59b4187d78a0570ca05a3c86 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureJsonWriter.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/measure/custom/ws/CustomMeasureJsonWriter.java
@@ -81,7 +81,7 @@ public class CustomMeasureJsonWriter {
     json.endObject();
   }
 
-  private String measureValue(CustomMeasureDto measure, MetricDto metric) {
+  private static String measureValue(CustomMeasureDto measure, MetricDto metric) {
     Metric.ValueType metricType = Metric.ValueType.valueOf(metric.getValueType());
     Double doubleValue = measure.getValue();
     String stringValue = measure.getTextValue();

diff --git a/sonar-core/src/main/java/org/sonar/core/i18n/DefaultI18n.java b/sonar-core/src/main/java/org/sonar/core/i18n/DefaultI18n.java
index c181cfbe7c05a9825fad40120b2585af936ab0c4..dfe930b32791b9d0aea7915125588264f209514c 100644 (file)
--- a/sonar-core/src/main/java/org/sonar/core/i18n/DefaultI18n.java
+++ b/sonar-core/src/main/java/org/sonar/core/i18n/DefaultI18n.java
@@ -50,6 +50,8 @@ import org.sonar.api.utils.log.Loggers;
 import org.sonar.core.platform.PluginInfo;
 import org.sonar.core.platform.PluginRepository;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 @ScannerSide
 public class DefaultI18n implements I18n, Startable {
 
@@ -213,7 +215,7 @@ public class DefaultI18n implements I18n, Startable {
   private static String readInputStream(String filePath, InputStream input) {
     String result;
     try {
-      result = IOUtils.toString(input, "UTF-8");
+      result = IOUtils.toString(input, UTF_8);
     } catch (IOException e) {
       throw new SonarException("Fail to load file: " + filePath, e);
     } finally {

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
index 06140551ab8c19950cebf7ae96ba37111a36fc66..263f2947e028e5391a8a79e13ac00b36362f9d78 100644 (file)
--- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
@@ -86,8 +86,7 @@ public final class ZipUtils {
     }
 
     Path targetDirNormalizedPath = toDir.toPath().normalize();
-    ZipInputStream zipStream = new ZipInputStream(stream);
-    try {
+    try (ZipInputStream zipStream = new ZipInputStream(stream)) {
       ZipEntry entry;
       while ((entry = zipStream.getNextEntry()) != null) {
         if (filter.test(entry)) {
@@ -95,9 +94,6 @@ public final class ZipUtils {
         }
       }
       return toDir;
-
-    } finally {
-      zipStream.close();
     }
   }
 
@@ -144,8 +140,7 @@ public final class ZipUtils {
     }
 
     Path targetDirNormalizedPath = toDir.toPath().normalize();
-    ZipFile zipFile = new ZipFile(zip);
-    try {
+    try (ZipFile zipFile = new ZipFile(zip)) {
       Enumeration<? extends ZipEntry> entries = zipFile.entries();
       while (entries.hasMoreElements()) {
         ZipEntry entry = entries.nextElement();
@@ -164,45 +159,25 @@ public final class ZipUtils {
         }
       }
       return toDir;
-
-    } finally {
-      zipFile.close();
     }
   }
 
   private static void copy(ZipInputStream zipStream, File to) throws IOException {
-    FileOutputStream fos = null;
-    try {
-      fos = new FileOutputStream(to);
+    try (OutputStream fos = new FileOutputStream(to)) {
       IOUtils.copy(zipStream, fos);
-    } finally {
-      IOUtils.closeQuietly(fos);
     }
   }
 
   private static void copy(ZipFile zipFile, ZipEntry entry, File to) throws IOException {
-    FileOutputStream fos = new FileOutputStream(to);
-    InputStream input = null;
-    try {
-      input = zipFile.getInputStream(entry);
+    try (InputStream input = zipFile.getInputStream(entry); OutputStream fos = new FileOutputStream(to)) {
       IOUtils.copy(input, fos);
-    } finally {
-      IOUtils.closeQuietly(input);
-      IOUtils.closeQuietly(fos);
     }
   }
 
   public static void zipDir(File dir, File zip) throws IOException {
-    OutputStream out = null;
-    ZipOutputStream zout = null;
-    try {
-      out = FileUtils.openOutputStream(zip);
-      zout = new ZipOutputStream(out);
+    try (OutputStream out = FileUtils.openOutputStream(zip);
+      ZipOutputStream zout = new ZipOutputStream(out)) {
       doZipDir(dir, zout);
-
-    } finally {
-      IOUtils.closeQuietly(zout);
-      IOUtils.closeQuietly(out);
     }
   }