Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-3671

Exclude JPA injection issue pattern from SpotBugs in Oozie Core temporarily until it gets refactored

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 5.2.1
    • None
    • core
    • None

    Description

      Currently the SpotBugs tool indicates the following issues for every new patches:

      {color:#FF0000}-1{color} There are [5] new bugs found below threshold in [core] that must be fixed.
. You can find the SpotBugs diff here (look for the red and orange ones): core/findbugs-new.html
. The most important SpotBugs errors are:
. At BulkJPAExecutor.java:[line 206]: This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection
. At BulkJPAExecutor.java:[line 176]: At BulkJPAExecutor.java:[line 175]
. At BulkJPAExecutor.java:[line 205]: At BulkJPAExecutor.java:[line 199]
. This use of javax/persistence/EntityManager.createQuery(Ljava/lang/String;)Ljavax/persistence/Query; can be vulnerable to SQL/JPQL injection: At BulkJPAExecutor.java:[line 206]
. At BulkJPAExecutor.java:[line 111]: At BulkJPAExecutor.java:[line 127]

      The goal of this Jira is to exclude the JPA injection pattern (SQL_INJECTION_JPA) from Oozie core until the corresponding code gets refactored.

      Attachments

        1. OOZIE-3671-001.patch
          2 kB
          János Makai

        Issue Links

          is duplicated by

          Task - A task that needs to be done. OOZIE-3672 Fix current SpotBugs warnings

          • Major - Major loss of function.
          • Open

          Activity

            People

              jmakai János Makai
              jmakai János Makai
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: