英文:
Java UR-anomaly and DR-anomaly from pmd:DataflowAnomalyAnalysis sslContext
问题
我想请教一下,为什么在我运行 SonarQube 对构建 Netty SslContext 的代码进行代码分析时,会同时从 pmd:DataflowAnomalyAnalysis 得到 UR 异常和 DR 异常呢?
这段代码本身运行得非常正常,但是我在 keystorePath 和 truststorePath 变量上都收到了 UR 异常和 DR 异常。
请提供一些指点?
谢谢
@Value("${server.ssl.key-store}") private String keyStorePath;
@Value("${server.ssl.key-store-password}") private String keyStorePassPhrase;
@Value("${server.ssl.key-password}") private String keyPassPhrase;
@Value("${server.ssl.key-store-type}") private String keyStoreType;
@Value("${server.ssl.trust-store}") private String trustStorePath;
@Value("${server.ssl.trust-store-password}") private String trustStorePassPhrase;
@Value("${server.ssl.trust-store-type}") private String trustStoreType;
public SslContext getSslContext() {
try {
final Path keystorePath = Paths.get(keyStorePath);
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
}
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());
final Path truststorePath = Paths.get(trustStorePath);
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
}
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
} catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
return null;
}
}
英文:
I would like some help understanding why am I getting both a UR-anomaly and DR-anomaly from pmd:DataflowAnomalyAnalysis when I am running SonarQube on a code trying to construct a Netty SslContext.
The code works perfectly fine, but I am getting both the UR and the DR on keystorePath and truststorePath variables.
Some pointers please?
Thank you
@Value("${server.ssl.key-store}") private String keyStorePath;
@Value("${server.ssl.key-store-password}") private String keyStorePassPhrase;
@Value("${server.ssl.key-password}") private String keyPassPhrase;
@Value("${server.ssl.key-store-type}") private String keyStoreType;
@Value("${server.ssl.trust-store}") private String trustStorePath;
@Value("${server.ssl.trust-store-password}") private String trustStorePassPhrase;
@Value("${server.ssl.trust-store-type}") private String trustStoreType;
public SslContext getSslContext() {
try {
final Path keystorePath = Paths.get(keyStorePath);
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
}
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());
final Path truststorePath = Paths.get(trustStorePath);
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
}
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
} catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
return null;
}
}
答案1
得分: 0
基于评论,最新的 PMD 7+ 版本确实已弃用此规则。
英文:
Based on comments, this rule is indeed deprecated with the latest PMD 7+ version
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论