Java中来自pmd:DataflowAnomalyAnalysis的UR异常和DR异常 sslContext

huangapple go评论93阅读模式
英文:

Java UR-anomaly and DR-anomaly from pmd:DataflowAnomalyAnalysis sslContext

问题

我想请教一下,为什么在我运行 SonarQube 对构建 Netty SslContext 的代码进行代码分析时,会同时从 pmd:DataflowAnomalyAnalysis 得到 UR 异常和 DR 异常呢?

这段代码本身运行得非常正常,但是我在 keystorePath 和 truststorePath 变量上都收到了 UR 异常和 DR 异常。

请提供一些指点?
谢谢

@Value("${server.ssl.key-store}") private String keyStorePath;
@Value("${server.ssl.key-store-password}") private String keyStorePassPhrase;
@Value("${server.ssl.key-password}") private String keyPassPhrase;
@Value("${server.ssl.key-store-type}") private String keyStoreType;
@Value("${server.ssl.trust-store}") private String trustStorePath;
@Value("${server.ssl.trust-store-password}") private String trustStorePassPhrase;
@Value("${server.ssl.trust-store-type}") private String trustStoreType;

public SslContext getSslContext() {
    try {
        final Path keystorePath = Paths.get(keyStorePath);
        final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
            keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
        }
        final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());

        final Path truststorePath = Paths.get(trustStorePath);
        final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
        try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
            trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
        }
        final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);

        return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
    } catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {
        e.printStackTrace();
        return null;
    }
}
英文:

I would like some help understanding why am I getting both a UR-anomaly and DR-anomaly from pmd:DataflowAnomalyAnalysis when I am running SonarQube on a code trying to construct a Netty SslContext.

The code works perfectly fine, but I am getting both the UR and the DR on keystorePath and truststorePath variables.

Some pointers please?
Thank you

@Value("${server.ssl.key-store}") private String keyStorePath;
    @Value("${server.ssl.key-store-password}") private String keyStorePassPhrase;
    @Value("${server.ssl.key-password}") private String keyPassPhrase;
    @Value("${server.ssl.key-store-type}") private String keyStoreType;
    @Value("${server.ssl.trust-store}") private String trustStorePath;
    @Value("${server.ssl.trust-store-password}") private String trustStorePassPhrase;
    @Value("${server.ssl.trust-store-type}") private String trustStoreType;

    public SslContext getSslContext() {
        try {
            final Path     keystorePath = Paths.get(keyStorePath);
            final KeyStore keyStore     = KeyStore.getInstance(keyStoreType);
            try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
                keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
            }
            final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());

            final Path     truststorePath = Paths.get(trustStorePath);
            final KeyStore trustStore     = KeyStore.getInstance(trustStoreType);
            try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
                trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
            }
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);

            return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
        } catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

答案1

得分: 0

基于评论,最新的 PMD 7+ 版本确实已弃用此规则。

英文:

Based on comments, this rule is indeed deprecated with the latest PMD 7+ version

huangapple
  • 本文由 发表于 2020年8月31日 19:54:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/63670308.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定