From 7575b838a32017bfd78604804d542ed121b62e44 Mon Sep 17 00:00:00 2001
From: Stefan Seifert <stefanseifert@users.noreply.github.com>
Date: Mon, 15 Jan 2024 12:27:54 +0100
Subject: [PATCH] Elminate PMD warnings / Prevent finalize attacks (#29)

---
 .../handler/media/spi/MediaFormatProvider.java   | 16 +++++++++++++++-
 .../mediasource/dam/impl/DamUriTemplate.java     |  2 +-
 .../mediasource/dam/impl/RenditionMetadata.java  | 10 ++++++++++
 .../mediasource/inline/InlineRendition.java      |  2 +-
 .../mediasource/inline/InlineUriTemplate.java    |  2 +-
 5 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/main/java/io/wcm/handler/media/spi/MediaFormatProvider.java b/src/main/java/io/wcm/handler/media/spi/MediaFormatProvider.java
index 62832617..c3b0c8a3 100644
--- a/src/main/java/io/wcm/handler/media/spi/MediaFormatProvider.java
+++ b/src/main/java/io/wcm/handler/media/spi/MediaFormatProvider.java
@@ -25,6 +25,8 @@
 import java.util.Set;
 
 import org.osgi.annotation.versioning.ConsumerType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import io.wcm.handler.media.format.MediaFormat;
 import io.wcm.sling.commons.caservice.ContextAwareService;
@@ -39,6 +41,8 @@ public abstract class MediaFormatProvider implements ContextAwareService {
 
   private final Set<MediaFormat> mediaFormats;
 
+  private static final Logger log = LoggerFactory.getLogger(MediaFormatProvider.class);
+
   /**
    * @param mediaFormats Set of media formats for parameter provider
    */
@@ -76,9 +80,19 @@ private static Set<MediaFormat> getMediaFormatsFromPublicFields(Class<?> type) {
       }
     }
     catch (IllegalArgumentException | IllegalAccessException ex) {
-      throw new RuntimeException("Unable to access fields of " + type.getName(), ex);
+      log.warn("Unable to access fields of {}", type.getName(), ex);
     }
     return Collections.unmodifiableSet(params);
   }
 
+  /**
+   * @deprecated Prevent finalize attack (PMD CT_CONSTRUCTOR_THROW / SEI CERT Rule OBJ-11)
+   */
+  @Override
+  @SuppressWarnings({ "PMD.EmptyFinalizer", "checkstyle:SuperFinalize", "checkstyle:NoFinalizerCheck", "java:S1113" })
+  @Deprecated(since = "2.0.0")
+  protected final void finalize() {
+    // do nothing
+  }
+
 }
diff --git a/src/main/java/io/wcm/handler/mediasource/dam/impl/DamUriTemplate.java b/src/main/java/io/wcm/handler/mediasource/dam/impl/DamUriTemplate.java
index 9cd1e4b4..38ce6883 100644
--- a/src/main/java/io/wcm/handler/mediasource/dam/impl/DamUriTemplate.java
+++ b/src/main/java/io/wcm/handler/mediasource/dam/impl/DamUriTemplate.java
@@ -45,7 +45,7 @@
 /**
  * Generates URI templates for asset renditions - with or without Dynamic Media.
  */
-class DamUriTemplate implements UriTemplate {
+final class DamUriTemplate implements UriTemplate {
 
   private final UriTemplateType type;
   private final String uriTemplate;
diff --git a/src/main/java/io/wcm/handler/mediasource/dam/impl/RenditionMetadata.java b/src/main/java/io/wcm/handler/mediasource/dam/impl/RenditionMetadata.java
index 32407b98..753ffdbd 100644
--- a/src/main/java/io/wcm/handler/mediasource/dam/impl/RenditionMetadata.java
+++ b/src/main/java/io/wcm/handler/mediasource/dam/impl/RenditionMetadata.java
@@ -407,4 +407,14 @@ else if (type == InputStream.class) {
     return super.adaptTo(type);
   }
 
+  /**
+   * @deprecated Prevent finalize attack (PMD CT_CONSTRUCTOR_THROW / SEI CERT Rule OBJ-11)
+   */
+  @Override
+  @SuppressWarnings({ "PMD.EmptyFinalizer", "checkstyle:SuperFinalize", "checkstyle:NoFinalizerCheck", "java:S1113" })
+  @Deprecated(since = "2.0.0")
+  protected final void finalize() {
+    // do nothing
+  }
+
 }
diff --git a/src/main/java/io/wcm/handler/mediasource/inline/InlineRendition.java b/src/main/java/io/wcm/handler/mediasource/inline/InlineRendition.java
index 14cf7e82..e1131782 100644
--- a/src/main/java/io/wcm/handler/mediasource/inline/InlineRendition.java
+++ b/src/main/java/io/wcm/handler/mediasource/inline/InlineRendition.java
@@ -66,7 +66,7 @@
 /**
  * {@link Rendition} implementation for inline media objects stored in a node in a content page.
  */
-class InlineRendition extends SlingAdaptable implements Rendition {
+final class InlineRendition extends SlingAdaptable implements Rendition {
 
   private final Adaptable adaptable;
   private final Resource resource;
diff --git a/src/main/java/io/wcm/handler/mediasource/inline/InlineUriTemplate.java b/src/main/java/io/wcm/handler/mediasource/inline/InlineUriTemplate.java
index a48dac84..807f2517 100644
--- a/src/main/java/io/wcm/handler/mediasource/inline/InlineUriTemplate.java
+++ b/src/main/java/io/wcm/handler/mediasource/inline/InlineUriTemplate.java
@@ -39,7 +39,7 @@
 import io.wcm.handler.url.UrlHandler;
 import io.wcm.sling.commons.adapter.AdaptTo;
 
-class InlineUriTemplate implements UriTemplate {
+final class InlineUriTemplate implements UriTemplate {
 
   private final String uriTemplate;
   private final UriTemplateType type;