From 798b797d00af74357b83694eaca98aace12f87b4 Mon Sep 17 00:00:00 2001 From: Rishi Mehta Date: Thu, 21 Aug 2025 12:07:05 +0530 Subject: [PATCH 1/2] Upgrading spot bugs --- .../internal/datalayer/ComponentDataImpl.java | 19 +++++++++++++++++++ .../internal/form/ReservedProperties.java | 2 +- .../internal/models/v1/form/FragmentImpl.java | 7 +++++-- .../components/util/AbstractBaseImpl.java | 2 +- .../util/AbstractContainerImpl.java | 4 ++-- .../util/AbstractFormComponentImpl.java | 2 +- .../v1/formsportal/PortalListerImpl.java | 5 +++-- .../internal/models/v2/HtmlPageItemImpl.java | 2 +- .../models/v2/aemform/AEMFormImpl.java | 2 +- parent/pom.xml | 2 +- 10 files changed, 35 insertions(+), 12 deletions(-) diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java index 12f38397c3..135a17d34a 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java @@ -32,6 +32,7 @@ import com.day.cq.commons.jcr.JcrConstants; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; public class ComponentDataImpl implements FormComponentData { @@ -41,7 +42,25 @@ public class ComponentDataImpl implements FormComponentData { protected final Resource resource; + /** + * Creates a new ComponentDataImpl instance. + * + * Note: This constructor stores references to FormComponent and Resource objects. + * These objects are designed to be immutable and shared across the system. + * The FormComponent interface provides read-only access to form component data, + * and the Resource interface represents an immutable JCR resource. + * + * @param component The form component (immutable, read-only interface) + * @param resource The JCR resource (immutable, read-only interface) + */ + @SuppressFBWarnings( + value = "EI_EXPOSE_REP2", + justification = "This constructor stores references to FormComponent and Resource objects. These objects are designed to be immutable and shared across the system. The FormComponent interface provides read-only access to form component data, and the Resource interface represents an immutable JCR resource. This is safe from a security perspective as these objects cannot be modified through the stored references.") public ComponentDataImpl(FormComponent component, Resource resource) { + // Both FormComponent and Resource are interfaces designed to be immutable + // and shared across the system. They provide read-only access to data. + // This is safe from a security perspective as these objects cannot be + // modified through the stored references. this.component = component; this.resource = resource; } diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java index 984fddcc4a..4d43c54e50 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java @@ -204,6 +204,6 @@ private static Set aggregateReservedProperties() { } public static Set getReservedProperties() { - return reservedProperties; + return new HashSet<>(reservedProperties); } } diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java index ccd0e829d2..a4705e8106 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java @@ -16,6 +16,7 @@ package com.adobe.cq.forms.core.components.internal.models.v1.form; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -49,6 +50,8 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonView; +import java.util.LinkedHashMap; + @Model( adaptables = { SlingHttpServletRequest.class, Resource.class }, adapters = { Fragment.class, ComponentExporter.class }, @@ -104,7 +107,7 @@ public String getFragmentPath() { if (itemModels == null) { itemModels = getChildrenModels(request, ComponentExporter.class); } - return itemModels; + return new LinkedHashMap<>(itemModels); } protected Map getChildrenModels(@Nullable SlingHttpServletRequest request, @NotNull Class modelClass) { @@ -136,7 +139,7 @@ public List getFragmentChildren() { if (filteredChildComponents == null) { filteredChildComponents = getFilteredChildrenResources(fragmentContainer); } - return filteredChildComponents; + return new ArrayList<>(filteredChildComponents); } @JsonIgnore diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java index 07c4706104..9cfbccf84c 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java @@ -294,7 +294,7 @@ protected String getConstraintMessage(ConstraintType type) { putConstraintMessage(ConstraintType.VALIDATION_EXPRESSION, msgs.getValidationExpressionConstraintMessage()); putConstraintMessage(ConstraintType.UNIQUE_ITEMS, msgs.getUniqueItemsConstraintMessage()); } - return constraintMessages; + return new LinkedHashMap<>(constraintMessages); } /** diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java index d5f063d43f..92e5018045 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java @@ -116,7 +116,7 @@ public List getItems() { if (childrenModels == null) { childrenModels = new ArrayList<>(getChildrenModels(request, ComponentExporter.class).values()); } - return childrenModels; + return new ArrayList<>(childrenModels); } @NotNull @@ -178,7 +178,7 @@ protected Map getChildrenModels(@Nullable SlingHttpServletRequest if (itemModels == null) { itemModels = getChildrenModels(request, ComponentExporter.class); } - return itemModels; + return new LinkedHashMap<>(itemModels); } protected List getFilteredChildrenResources() { diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java index 6687e1b213..cb488f181e 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java @@ -545,7 +545,7 @@ private boolean isAllowedType(Object value) { * @return {@code Map} returns all custom property key value pairs associated with the resource */ private Map getCustomProperties() { - Map customProperties = new HashMap<>(); + Map customProperties = new LinkedHashMap<>(); Map templateBasedCustomProperties; List excludedPrefixes = Arrays.asList("fd:", "jcr:", "sling:"); Set reservedProperties = ReservedProperties.getReservedProperties(); diff --git a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java index 5f8890f54d..5f41b8ebbb 100644 --- a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java +++ b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java @@ -16,6 +16,7 @@ package com.adobe.cq.forms.core.components.internal.models.v1.formsportal; import java.net.URISyntaxException; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -192,7 +193,7 @@ public void setFormThumbnail(String formThumbnail) { } public void setOperations(List operations) { - this.operations = operations; + this.operations = operations != null ? new ArrayList<>(operations) : null; } public void setId(String id) { @@ -205,7 +206,7 @@ public void setLastModified(String timeInfo) { @Override public List getOperations() { - return operations; + return operations != null ? new ArrayList<>(operations) : null; } @Override diff --git a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java index 7133abaaa1..bebc2e871e 100644 --- a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java +++ b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java @@ -101,7 +101,7 @@ public Map getAttributes() { } } } - return attributes; + return new LinkedHashMap<>(attributes); } private void addAttributes(String name, String value) { diff --git a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java index 320f5bb9e8..cf8df51b54 100644 --- a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java +++ b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java @@ -92,7 +92,7 @@ protected void init() { } } } - return htmlPageItems; + return htmlPageItems != null ? new LinkedList<>(htmlPageItems) : null; } @JsonIgnore diff --git a/parent/pom.xml b/parent/pom.xml index c600faee99..467708ca14 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -698,7 +698,7 @@ com.github.spotbugs spotbugs-maven-plugin - 4.0.4 + 4.8.3.0 Max true From 232f3bbdf20a3b3a4e1afbaf62d0a2cf54d04776 Mon Sep 17 00:00:00 2001 From: Rishi Mehta Date: Thu, 21 Aug 2025 12:38:11 +0530 Subject: [PATCH 2/2] Formatting code --- .../core/components/internal/models/v1/form/FragmentImpl.java | 4 +--- .../forms/core/components/util/AbstractFormComponentImpl.java | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java index a4705e8106..c49362fa54 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java @@ -16,7 +16,7 @@ package com.adobe.cq.forms.core.components.internal.models.v1.form; import java.util.ArrayList; -import java.util.HashMap; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -50,8 +50,6 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonView; -import java.util.LinkedHashMap; - @Model( adaptables = { SlingHttpServletRequest.class, Resource.class }, adapters = { Fragment.class, ComponentExporter.class }, diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java index cb488f181e..b766ef8724 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java @@ -22,7 +22,6 @@ import java.util.Arrays; import java.util.Calendar; import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.List;