forked from killbill/killbill
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spotbugs-exclude.xml
180 lines (156 loc) · 7.3 KB
/
spotbugs-exclude.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
<!--
~ Copyright 2020-2023 Equinix, Inc
~ Copyright 2014-2023 The Billing Project, LLC
~
~ The Billing Project licenses this file to you under the Apache License, version 2.0
~ (the "License"); you may not use this file except in compliance with the
~ License. You may obtain a copy of the License at:
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
~ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
~ License for the specific language governing permissions and limitations
~ under the License.
-->
<FindBugsFilter
xmlns="https://github.com/spotbugs/filter/3.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://github.com/spotbugs/filter/3.0.0
https://raw.githubusercontent.com/spotbugs/spotbugs/4.7.0/spotbugs/etc/findbugsfilter.xsd">
<!-- FIXME-SPOTBUGS: think proper solution for this -->
<!-- Disable EI_EXPOSE_REP,EI_EXPOSE_REP2 for all killbill classes, focus on other warnings/bugs -->
<Match>
<Class name="~.*\.killbill\..*" />
<Bug pattern="EI_EXPOSE_REP,EI_EXPOSE_REP2" />
</Match>
<!-- Exclude all joda-time getter methods: joda-time classes are mostly immutable. -->
<Match>
<Or>
<Method returns="org.joda.time.LocalDate" />
<Method returns="org.joda.time.DateTime" />
<Method returns="org.joda.time.DateTimeZone" />
</Or>
<Bug pattern="EI_EXPOSE_REP" />
</Match>
<!-- Exclude all joda-time method/constructors parameters: joda-time classes are mostly immutable. -->
<Match>
<Or>
<Field type="org.joda.time.LocalDate" />
<Field type="org.joda.time.DateTime" />
<Field type="org.joda.time.DateTimeZone" />
</Or>
<Bug pattern="EI_EXPOSE_REP2" />
</Match>
<!-- MODULE: INTERNAL-API -->
<!-- Affected class (LightSecureRandom) are private class. Invocation controlled in single class. -->
<Match>
<Class name="org.killbill.billing.util.UUIDs$LightSecureRandom" />
<Bug pattern="UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR" />
</Match>
<!-- serialization/deserialization not needed -->
<Match>
<Class name="org.killbill.billing.util.UUIDs$LightSecureRandom" />
<Bug pattern="SE_BAD_FIELD" />
</Match>
<!-- MODULE: UTIL -->
<!-- Either this, or we have to changes class name with better name and this changes will affect ~97 location in this project -->
<Match>
<Class name="org.killbill.billing.util.jackson.ObjectMapper" />
<Bug pattern="NM_SAME_SIMPLE_NAME_AS_SUPERCLASS" />
</Match>
<!-- There's comment saying that, "Note: this assumes custom realms return something sensible here" -->
<Match>
<Class name="org.killbill.billing.util.security.api.DefaultSecurityApi" />
<Method name="getCurrentUserPermissions" />
<Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE" />
</Match>
<!-- MODULE: CATALOG -->
<!--
Applied to line ~211 and ~245. The warning arise because DefaultCaseChangePlanAlignment and
DefaultCaseChangePlanPolicy don't have their own validate method and still use parent's DefaultCaseChange#validate().
This will change when they start to have their own validate method.
Thus, some suggestions about removing the method call is not right.
-->
<Match>
<Class name="org.killbill.billing.catalog.rules.DefaultPlanRules" />
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" />
</Match>
<!-- MODULE: Subscription -->
<!--
All code base that use this class use "hasNext()" before "next()", and there are null guard all over the place.
Thus, solution for this class only adding explanation in javadoc.
-->
<Match>
<Class name="org.killbill.billing.subscription.api.user.SubscriptionBaseTransitionDataIterator" />
<Method name="next" />
<Bug pattern="IT_NO_SUCH_ELEMENT" />
</Match>
<!-- MODULE: Overdue -->
<!-- This class is deprecated and not used anywhere. Keep it as per comment: ".... just kept for config compatibility" -->
<Match>
<Class name="org.killbill.billing.overdue.config.DefaultEmailNotification" />
<Bug pattern="URF_UNREAD_FIELD" />
</Match>
<!-- MODULE: Payment -->
<!-- These lines supposed to be workaround for: https://github.com/killbill/killbill/issues/1453. Keep it as is. -->
<Match>
<Class name="org.killbill.billing.payment.invoice.InvoicePaymentControlPluginApi" />
<Method name="extractIdsWithAmountFromProperties" params="java.lang.Iterable" />
<Bug pattern="WMI_WRONG_MAP_ITERATOR" />
</Match>
<!--
Method call are necessary, but return value could be ignored. Currently, it is annotated by
"@SuppressWarnings("unused")", so it is enough.
-->
<Match>
<Class name="org.killbill.billing.payment.core.PaymentMethodProcessor" />
<Method name="retrieveActualPaymentMethodExternalKey" />
<Bug pattern="DLS_DEAD_LOCAL_STORE" />
</Match>
<Match>
<Class name="org.killbill.billing.payment.core.PaymentMethodProcessor$9" />
<Method name="doOperation" />
<Bug pattern="DLS_DEAD_LOCAL_STORE" />
</Match>
<!-- FIXME-1853: DefaultNoOpPaymentControlProviderPlugin actually not used anywhere. Should we delete this? -->
<!-- Fix spotbug issue: URF_UNREAD_FIELD -->
<Match>
<Class name="org.killbill.billing.payment.provider.DefaultNoOpPaymentControlProviderPlugin" />
<Field name="paymentControlPluginApiException" />
<Bug pattern="URF_UNREAD_FIELD" />
</Match>
<!--
The only reason why DefaultPaymentControlContext need to have no-args constructor is because it extends
DefaultCallContext. At the time of writing, there's no part of code that serialize/deserialize DefaultPaymentControlContext.
-->
<Match>
<Class name="org.killbill.billing.payment.core.sm.control.ControlPluginRunner$DefaultPaymentControlContext" />
<Bug pattern="SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION" />
</Match>
<!-- MODULE: JaxRs -->
<!-- See this discussion: https://github.com/killbill/killbill/pull/1858#discussion_r1193803654 -->
<Match>
<Class name="org.killbill.billing.jaxrs.util.Context" />
<Method name="createCallContextWithAccountId" />
<Bug pattern="DCN_NULLPOINTER_EXCEPTION" />
</Match>
<!-- MODULE: Profiles -->
<Match>
<Class name="org.apache.shiro.guice.web.ShiroWebModuleWith435" />
<Bug pattern="EI_EXPOSE_REP2" />
</Match>
<!-- See the log message: "Failed to register for event notifications, this is bad exiting!". -->
<Match>
<Class name="org.killbill.billing.server.listeners.KillbillGuiceListener" />
<Method name="startLifecycleStage2" />
<Bug pattern="DM_EXIT" />
</Match>
<!-- Return value ignored, as intended? -->
<Match>
<Class name="org.killbill.billing.server.security.KillbillJdbcTenantRealm$SerializableSimpleByteSource" />
<Method name="readExternal" />
<Bug pattern="RR_NOT_CHECKED" />
</Match>
</FindBugsFilter>