Elminate PMD warnings / Prevent finalize attacks (#29)

wcm-io · Jan 15, 2024 · 7575b83 · 7575b83
1 parent 56a792b
commit 7575b83
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 4 deletions.
diff --git a/src/main/java/io/wcm/handler/media/spi/MediaFormatProvider.java b/src/main/java/io/wcm/handler/media/spi/MediaFormatProvider.java
@@ -25,6 +25,8 @@
 import java.util.Set;
 
 import org.osgi.annotation.versioning.ConsumerType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import io.wcm.handler.media.format.MediaFormat;
 import io.wcm.sling.commons.caservice.ContextAwareService;
@@ -39,6 +41,8 @@ public abstract class MediaFormatProvider implements ContextAwareService {
 
   private final Set<MediaFormat> mediaFormats;
 
+  private static final Logger log = LoggerFactory.getLogger(MediaFormatProvider.class);
+
   /**
    * @param mediaFormats Set of media formats for parameter provider
    */
@@ -76,9 +80,19 @@ private static Set<MediaFormat> getMediaFormatsFromPublicFields(Class<?> type) {
       }
     }
     catch (IllegalArgumentException | IllegalAccessException ex) {
-      throw new RuntimeException("Unable to access fields of " + type.getName(), ex);
+      log.warn("Unable to access fields of {}", type.getName(), ex);
     }
     return Collections.unmodifiableSet(params);
   }
 
+  /**
+   * @deprecated Prevent finalize attack (PMD CT_CONSTRUCTOR_THROW / SEI CERT Rule OBJ-11)
+   */
+  @Override
+  @SuppressWarnings({ "PMD.EmptyFinalizer", "checkstyle:SuperFinalize", "checkstyle:NoFinalizerCheck", "java:S1113" })
+  @Deprecated(since = "2.0.0")
+  protected final void finalize() {
+    // do nothing
+  }
+
 }
diff --git a/src/main/java/io/wcm/handler/mediasource/dam/impl/DamUriTemplate.java b/src/main/java/io/wcm/handler/mediasource/dam/impl/DamUriTemplate.java
@@ -45,7 +45,7 @@
 /**
  * Generates URI templates for asset renditions - with or without Dynamic Media.
  */
-class DamUriTemplate implements UriTemplate {
+final class DamUriTemplate implements UriTemplate {
 
   private final UriTemplateType type;
   private final String uriTemplate;

diff --git a/src/main/java/io/wcm/handler/mediasource/dam/impl/RenditionMetadata.java b/src/main/java/io/wcm/handler/mediasource/dam/impl/RenditionMetadata.java
@@ -407,4 +407,14 @@ else if (type == InputStream.class) {
     return super.adaptTo(type);
   }
 
+  /**
+   * @deprecated Prevent finalize attack (PMD CT_CONSTRUCTOR_THROW / SEI CERT Rule OBJ-11)
+   */
+  @Override
+  @SuppressWarnings({ "PMD.EmptyFinalizer", "checkstyle:SuperFinalize", "checkstyle:NoFinalizerCheck", "java:S1113" })
+  @Deprecated(since = "2.0.0")
+  protected final void finalize() {
+    // do nothing
+  }
+
 }
diff --git a/src/main/java/io/wcm/handler/mediasource/inline/InlineRendition.java b/src/main/java/io/wcm/handler/mediasource/inline/InlineRendition.java
@@ -66,7 +66,7 @@
 /**
  * {@link Rendition} implementation for inline media objects stored in a node in a content page.
  */
-class InlineRendition extends SlingAdaptable implements Rendition {
+final class InlineRendition extends SlingAdaptable implements Rendition {
 
   private final Adaptable adaptable;
   private final Resource resource;

diff --git a/src/main/java/io/wcm/handler/mediasource/inline/InlineUriTemplate.java b/src/main/java/io/wcm/handler/mediasource/inline/InlineUriTemplate.java
@@ -39,7 +39,7 @@
 import io.wcm.handler.url.UrlHandler;
 import io.wcm.sling.commons.adapter.AdaptTo;
 
-class InlineUriTemplate implements UriTemplate {
+final class InlineUriTemplate implements UriTemplate {
 
   private final String uriTemplate;
   private final UriTemplateType type;