diff options
| author | PJ Fanning <fanningpj@apache.org> | 2021-11-14 10:18:40 +0000 |
|---|---|---|
| committer | PJ Fanning <fanningpj@apache.org> | 2021-11-14 10:18:40 +0000 |
| commit | 8365ee1611c87346277854f3333d3c5f3668e7b9 (patch) | |
| tree | 68e624e50f3bed91e6622207708452ae8de96a80 /poi/src | |
| parent | 20c0ac1637acb8069b656452ff39eb0dbf9baef1 (diff) | |
| download | poi-8365ee1611c87346277854f3333d3c5f3668e7b9.tar.gz poi-8365ee1611c87346277854f3333d3c5f3668e7b9.zip | |
[github-278] Resolve all SpotBugs P1 issues in Main and Test. Thanks to Andreas Reichel. This closes #278
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1895016 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi/src')
12 files changed, 39 insertions, 43 deletions
diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/Encryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/Encryptor.java index d6af6d44f7..0e2581a64e 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/Encryptor.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/Encryptor.java @@ -31,6 +31,7 @@ import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.util.GenericRecordUtil; public abstract class Encryptor implements GenericRecord { + protected static final String DEFAULT_POIFS_ENTRY = Decryptor.DEFAULT_POIFS_ENTRY; private EncryptionInfo encryptionInfo; private SecretKey secretKey; diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java index 4df5540517..455959451e 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java @@ -37,8 +37,6 @@ import java.io.InputStream; import java.io.OutputStream; import java.security.GeneralSecurityException; import java.security.MessageDigest; -import java.security.SecureRandom; -import java.util.Random; import javax.crypto.Cipher; import javax.crypto.Mac; @@ -62,6 +60,7 @@ import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndianByteArrayOutputStream; import org.apache.poi.util.LittleEndianConsts; +import org.apache.poi.util.RandomSingleton; import org.apache.poi.util.XMLHelper; import org.w3c.dom.Document; @@ -81,7 +80,6 @@ public class AgileEncryptor extends Encryptor { @Override public void confirmPassword(String password) { // see [MS-OFFCRYPTO] - 2.3.3 EncryptionVerifier - Random r = new SecureRandom(); AgileEncryptionHeader header = (AgileEncryptionHeader)getEncryptionInfo().getHeader(); int blockSize = header.getBlockSize(); int keySize = header.getKeySize()/8; @@ -93,11 +91,13 @@ public class AgileEncryptor extends Encryptor { , newKeySalt = IOUtils.safelyAllocate(blockSize, maxLen) , newKeySpec = IOUtils.safelyAllocate(keySize, maxLen) , newIntegritySalt = IOUtils.safelyAllocate(hashSize, maxLen); - r.nextBytes(newVerifierSalt); // blocksize - r.nextBytes(newVerifier); // blocksize - r.nextBytes(newKeySalt); // blocksize - r.nextBytes(newKeySpec); // keysize - r.nextBytes(newIntegritySalt); // hashsize + + // using a java.security.SecureRandom (and avoid allocating a new SecureRandom for each random number needed). + RandomSingleton.getInstance().nextBytes(newVerifierSalt); // blocksize + RandomSingleton.getInstance().nextBytes(newVerifier); // blocksize + RandomSingleton.getInstance().nextBytes(newKeySalt); // blocksize + RandomSingleton.getInstance().nextBytes(newKeySpec); // keysize + RandomSingleton.getInstance().nextBytes(newIntegritySalt); // hashsize confirmPassword(password, newKeySpec, newKeySalt, newVerifierSalt, newVerifier, newIntegritySalt); } diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/binaryrc4/BinaryRC4Encryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/binaryrc4/BinaryRC4Encryptor.java index c048271421..9b4542ab0b 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/binaryrc4/BinaryRC4Encryptor.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/binaryrc4/BinaryRC4Encryptor.java @@ -22,8 +22,6 @@ import java.io.IOException; import java.io.OutputStream; import java.security.GeneralSecurityException; import java.security.MessageDigest; -import java.security.SecureRandom; -import java.util.Random; import javax.crypto.Cipher; import javax.crypto.SecretKey; @@ -38,6 +36,7 @@ import org.apache.poi.poifs.crypt.HashAlgorithm; import org.apache.poi.poifs.crypt.standard.EncryptionRecord; import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.util.LittleEndianByteArrayOutputStream; +import org.apache.poi.util.RandomSingleton; public class BinaryRC4Encryptor extends Encryptor { @@ -52,11 +51,12 @@ public class BinaryRC4Encryptor extends Encryptor { @Override public void confirmPassword(String password) { - Random r = new SecureRandom(); byte[] salt = new byte[16]; byte[] verifier = new byte[16]; - r.nextBytes(salt); - r.nextBytes(verifier); + + // using a java.security.SecureRandom (and avoid allocating a new SecureRandom for each random number needed). + RandomSingleton.getInstance().nextBytes(salt); + RandomSingleton.getInstance().nextBytes(verifier); confirmPassword(password, null, null, verifier, salt, null); } diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java index 176f431eec..f44ec7a7be 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java @@ -22,10 +22,8 @@ import java.io.IOException; import java.io.OutputStream; import java.security.GeneralSecurityException; import java.security.MessageDigest; -import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; -import java.util.Random; import javax.crypto.Cipher; import javax.crypto.SecretKey; @@ -43,6 +41,7 @@ import org.apache.poi.poifs.filesystem.Entry; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; +import org.apache.poi.util.RandomSingleton; import org.apache.poi.util.StringUtil; public class CryptoAPIEncryptor extends Encryptor { @@ -58,11 +57,11 @@ public class CryptoAPIEncryptor extends Encryptor { @Override public void confirmPassword(String password) { - Random r = new SecureRandom(); byte[] salt = new byte[16]; byte[] verifier = new byte[16]; - r.nextBytes(salt); - r.nextBytes(verifier); + // using a java.security.SecureRandom (and avoid allocating a new SecureRandom for each random number needed). + RandomSingleton.getInstance().nextBytes(salt); + RandomSingleton.getInstance().nextBytes(verifier); confirmPassword(password, null, null, verifier, salt, null); } diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/standard/StandardEncryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/standard/StandardEncryptor.java index 097a7bd6d7..c5f931c62a 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/standard/StandardEncryptor.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/standard/StandardEncryptor.java @@ -28,9 +28,7 @@ import java.io.IOException; import java.io.OutputStream; import java.security.GeneralSecurityException; import java.security.MessageDigest; -import java.security.SecureRandom; import java.util.Arrays; -import java.util.Random; import javax.crypto.Cipher; import javax.crypto.CipherOutputStream; @@ -51,6 +49,7 @@ import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndianByteArrayOutputStream; import org.apache.poi.util.LittleEndianConsts; import org.apache.poi.util.LittleEndianOutputStream; +import org.apache.poi.util.RandomSingleton; import org.apache.poi.util.TempFile; public class StandardEncryptor extends Encryptor { @@ -65,10 +64,11 @@ public class StandardEncryptor extends Encryptor { @Override public void confirmPassword(String password) { // see [MS-OFFCRYPTO] - 2.3.3 EncryptionVerifier - Random r = new SecureRandom(); byte[] salt = new byte[16], verifier = new byte[16]; - r.nextBytes(salt); - r.nextBytes(verifier); + + // using a java.security.SecureRandom (and avoid allocating a new SecureRandom for each random number needed). + RandomSingleton.getInstance().nextBytes(salt); + RandomSingleton.getInstance().nextBytes(verifier); confirmPassword(password, null, null, salt, verifier, null); } diff --git a/poi/src/main/java/org/apache/poi/ss/util/CellUtil.java b/poi/src/main/java/org/apache/poi/ss/util/CellUtil.java index 283d7d4de7..99d92c4750 100644 --- a/poi/src/main/java/org/apache/poi/ss/util/CellUtil.java +++ b/poi/src/main/java/org/apache/poi/ss/util/CellUtil.java @@ -244,7 +244,7 @@ public final class CellUtil { // Copy CellStyle if (policy.isCopyCellStyle()) { if (destCell.getSheet().getWorkbook() == srcCell.getSheet().getWorkbook()) { - destCell.setCellStyle(srcCell == null ? null : srcCell.getCellStyle()); + destCell.setCellStyle(srcCell.getCellStyle()); } else { CellStyle srcStyle = srcCell.getCellStyle(); CellStyle destStyle = context == null ? null : context.getMappedStyle(srcStyle); diff --git a/poi/src/main/java/org/apache/poi/util/DefaultTempFileCreationStrategy.java b/poi/src/main/java/org/apache/poi/util/DefaultTempFileCreationStrategy.java index 0252b4b684..f2e51d48ab 100644 --- a/poi/src/main/java/org/apache/poi/util/DefaultTempFileCreationStrategy.java +++ b/poi/src/main/java/org/apache/poi/util/DefaultTempFileCreationStrategy.java @@ -21,7 +21,6 @@ import static org.apache.poi.util.TempFile.JAVA_IO_TMPDIR; import java.io.File; import java.io.IOException; -import java.security.SecureRandom; /** * Default implementation of the {@link TempFileCreationStrategy} used by {@link TempFile}: @@ -41,9 +40,6 @@ public class DefaultTempFileCreationStrategy implements TempFileCreationStrategy /** To keep files after JVM exit, set the <code>-Dpoi.keep.tmp.files</code> JVM property */ public static final String KEEP_FILES = "poi.keep.tmp.files"; - /** random number generator to generate unique filenames */ - private static final SecureRandom random = new SecureRandom(); - /** The directory where the temporary files will be created (<code>null</code> to use the default directory). */ private File dir; @@ -126,7 +122,7 @@ public class DefaultTempFileCreationStrategy implements TempFileCreationStrategy // Generate a unique new filename // FIXME: Java 7+: use java.nio.Files#createTempDirectory - final long n = random.nextLong(); + final long n = RandomSingleton.getInstance().nextLong(); File newDirectory = new File(dir, prefix + Long.toString(n)); createTempDirectory(newDirectory); diff --git a/poi/src/test/java/org/apache/poi/hpsf/basic/TestMetaDataIPI.java b/poi/src/test/java/org/apache/poi/hpsf/basic/TestMetaDataIPI.java index 0767691879..0bf0b99ce7 100644 --- a/poi/src/test/java/org/apache/poi/hpsf/basic/TestMetaDataIPI.java +++ b/poi/src/test/java/org/apache/poi/hpsf/basic/TestMetaDataIPI.java @@ -26,7 +26,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.IOException; import java.io.InputStream; import java.util.Date; -import java.util.Random; import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream; import org.apache.poi.hpsf.CustomProperties; @@ -36,6 +35,7 @@ import org.apache.poi.hpsf.PropertySetFactory; import org.apache.poi.hpsf.SummaryInformation; import org.apache.poi.poifs.filesystem.DirectoryEntry; import org.apache.poi.poifs.filesystem.POIFSFileSystem; +import org.apache.poi.util.RandomSingleton; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -583,16 +583,19 @@ final class TestMetaDataIPI { StringBuilder sb = new StringBuilder(); String[] umlaute = { "\u00e4", "\u00fc", "\u00f6", "\u00dc", "$", "\u00d6", "\u00dc", "\u00c9", "\u00d6", "@", "\u00e7", "&" }; - Random rand = new Random(0); // TODO - no Random - tests should be completely deterministic for (int i = 0; i < 5; i++) { sb.append(s); sb.append(' '); - char j = (char) rand.nextInt(220); + + // TODO - no Random - tests should be completely deterministic + char j = (char) RandomSingleton.getInstance().nextInt(220); j += 33; sb.append('>'); sb.append(Character.valueOf(j)); sb.append('='); - sb.append(umlaute[rand.nextInt(umlaute.length)]); + + // TODO - no Random - tests should be completely deterministic + sb.append(umlaute[RandomSingleton.getInstance().nextInt(umlaute.length)]); sb.append('<'); } return sb; diff --git a/poi/src/test/java/org/apache/poi/hssf/usermodel/TestCellStyle.java b/poi/src/test/java/org/apache/poi/hssf/usermodel/TestCellStyle.java index 06b6eed277..7bfea1b3cf 100644 --- a/poi/src/test/java/org/apache/poi/hssf/usermodel/TestCellStyle.java +++ b/poi/src/test/java/org/apache/poi/hssf/usermodel/TestCellStyle.java @@ -32,7 +32,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.util.Calendar; import java.util.Date; -import java.util.Random; import java.util.stream.Stream; import org.apache.poi.hssf.HSSFTestDataSamples; @@ -48,6 +47,7 @@ import org.apache.poi.ss.usermodel.Row; import org.apache.poi.ss.usermodel.Sheet; import org.apache.poi.ss.usermodel.Workbook; import org.apache.poi.util.LocaleUtil; +import org.apache.poi.util.RandomSingleton; import org.apache.poi.util.TempFile; import org.junit.jupiter.api.Test; @@ -414,9 +414,8 @@ final class TestCellStyle { @Test void test56563() { Stream.of("56563a.xls", "56563b.xls").parallel().forEach(fileName -> assertDoesNotThrow(() -> { - Random rand = new Random(); for(int i=0; i<10; i++) { - Thread.sleep(rand.nextInt(300)); + Thread.sleep(RandomSingleton.getInstance().nextInt(300)); try (Workbook wb = openSample(fileName)) { for (Row row : wb.getSheetAt(0)) { for (Cell cell : row) { diff --git a/poi/src/test/java/org/apache/poi/poifs/filesystem/TestFileMagic.java b/poi/src/test/java/org/apache/poi/poifs/filesystem/TestFileMagic.java index 456ca076ac..b0da3907e7 100644 --- a/poi/src/test/java/org/apache/poi/poifs/filesystem/TestFileMagic.java +++ b/poi/src/test/java/org/apache/poi/poifs/filesystem/TestFileMagic.java @@ -33,9 +33,9 @@ import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.Arrays; -import java.util.Random; import org.apache.poi.POIDataSamples; +import org.apache.poi.util.RandomSingleton; import org.apache.poi.util.TempFile; import org.junit.jupiter.api.Test; @@ -165,12 +165,10 @@ class TestFileMagic { @Test void testRandomPatterns() { - Random random = new Random(); - // just try to trash the functionality with some byte-patterns for(int i = 0; i < 1000;i++) { final byte[] data = new byte[12]; - random.nextBytes(data); + RandomSingleton.getInstance().nextBytes(data); // we cannot check for UNKNOWN as we might hit valid byte-patterns here as well try { diff --git a/poi/src/test/java/org/apache/poi/ss/formula/function/ExcelFileFormatDocFunctionExtractor.java b/poi/src/test/java/org/apache/poi/ss/formula/function/ExcelFileFormatDocFunctionExtractor.java index c73c8667cd..0155ab0fe1 100644 --- a/poi/src/test/java/org/apache/poi/ss/formula/function/ExcelFileFormatDocFunctionExtractor.java +++ b/poi/src/test/java/org/apache/poi/ss/formula/function/ExcelFileFormatDocFunctionExtractor.java @@ -37,6 +37,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.Stack; import java.util.zip.ZipFile; @@ -304,7 +305,7 @@ public final class ExcelFileFormatDocFunctionExtractor { @Override public void endElement(String namespaceURI, String localName, String name) { String expectedName = _elemNameStack.peek(); - if(expectedName != name) { + if(!Objects.equals(name, expectedName)) { throw new RuntimeException("close tag mismatch"); } if(matchesPath(0, HEADING_PATH_NAMES)) { diff --git a/poi/src/test/java/org/apache/poi/util/TestIOUtils.java b/poi/src/test/java/org/apache/poi/util/TestIOUtils.java index 5e43acaa11..5a0c5c5bdb 100644 --- a/poi/src/test/java/org/apache/poi/util/TestIOUtils.java +++ b/poi/src/test/java/org/apache/poi/util/TestIOUtils.java @@ -36,7 +36,6 @@ import java.io.PushbackInputStream; import java.nio.ByteBuffer; import java.nio.channels.ReadableByteChannel; import java.nio.charset.StandardCharsets; -import java.util.Random; import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream; import org.apache.poi.EmptyFileException; @@ -48,7 +47,7 @@ import org.junit.jupiter.api.parallel.Isolated; @Isolated // this test changes global static BYTE_ARRAY_MAX_OVERRIDE final class TestIOUtils { private static File TMP; - private static final long LENGTH = 300 + new Random().nextInt(9000); + private static final long LENGTH = 300 + RandomSingleton.getInstance().nextInt(9000); @BeforeAll public static void setUp() throws IOException { |