findbugs all over

2020-08-19 14:50:58 +00:00
parent 797a31924d
commit cc6247fe7e
14 changed files with 23 additions and 20 deletions
--- a/apps/i2pcontrol/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java
+++ b/apps/i2pcontrol/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java
@ -186,17 +186,18 @@ public class KeyStoreProvider {
        if (_keystore == null) {
            File keyStoreFile = new File(getKeyStoreLocation());

+            InputStream is = null;
            try {
                _keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                if (keyStoreFile.exists()) {
-                    InputStream is = new FileInputStream(keyStoreFile);
+                    is = new FileInputStream(keyStoreFile);
                    _keystore.load(is, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                    return _keystore;
                }

                initialize();
                if (keyStoreFile.exists()) {
-                    InputStream is = new FileInputStream(keyStoreFile);
+                    is = new FileInputStream(keyStoreFile);
                    _keystore.load(is, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                    return _keystore;
                } else {
@ -204,6 +205,8 @@ public class KeyStoreProvider {
                }
            } catch (Exception e) {
                // Ignore. Not an issue. Let's just create a new keystore instead.
+            } finally {
+                if (is != null) try { is.close(); } catch (IOException ioe) {}
            }
            return null;
        } else {
--- a/apps/routerconsole/java/src/net/i2p/router/sybil/Analysis.java
+++ b/apps/routerconsole/java/src/net/i2p/router/sybil/Analysis.java
@ -323,8 +323,6 @@ public class Analysis extends JobImpl implements RouterApp {
        if (_log.shouldWarn())
            _log.warn("Analyzing " + ris.size() + " routers, including non-floodfills? " + includeAll);

-        double avgMinDist = getAvgMinDist(ris);
-
        // IP analysis
        calculateIPGroupsFamily(ris, points);
        List<RouterInfo> ri32 = new ArrayList<RouterInfo>(4);
--- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/HomeHelper.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/HomeHelper.java
@ -34,7 +34,7 @@ public class HomeHelper extends HelperBase {
    static final String PROP_MONITORING = "routerconsole.monitoring";
    static final String PROP_OLDHOME = "routerconsole.oldHomePage";
    private static final String PROP_SEARCH = "routerconsole.showSearch";
-    public final String bottomWrap = "<br>\n" +
+    private static final String bottomWrap = "<br>\n" +
            "<div class=\"clearer\">&nbsp;</div>\n" +
                "</div>\n" + 
                "</div>\n";
--- a/apps/routerconsole/jsp/configplugins.jsp
+++ b/apps/routerconsole/jsp/configplugins.jsp
@ -60,7 +60,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
 <b>URL:</b>
 <%
   String url = request.getParameter("pluginURL");
-   String value = url != null ? "value=\"" + url + '"' : "";
+   String value = url != null ? "value=\"" + net.i2p.data.DataHelper.escapeHTML(url) + '"' : "";
 %>
 <input type="text" size="60" name="pluginURL" title="<%=intl._t("To install a plugin, enter the download URL:")%>" <%=value%>>
 </td>
@ -84,7 +84,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
   String file = request.getParameter("pluginFile");
   if (file != null && file.length() > 0) {
 %>
-<input type="text" size="60" name="pluginFile" value="<%=file%>">
+<input type="text" size="60" name="pluginFile" value="<%=net.i2p.data.DataHelper.escapeHTML(file)%>">
 <%
   } else {
 %>
--- a/apps/routerconsole/jsp/configreseed.jsp
+++ b/apps/routerconsole/jsp/configreseed.jsp
@ -70,7 +70,7 @@
 <b><%=intl._t("Enter zip or su3 URL")%>:</b>
 <%
   String url = request.getParameter("url");
-   String value = url != null ? "value=\"" + url + '"' : "";
+   String value = url != null ? "value=\"" + net.i2p.data.DataHelper.escapeHTML(url) + '"' : "";
 %>
 <input name="url" type="text" size="60" <%=value%> />
  </td>
@ -93,7 +93,7 @@
   String file = request.getParameter("file");
   if (file != null && file.length() > 0) {
 %>
-<input type="text" size="60" name="file" value="<%=file%>">
+<input type="text" size="60" name="file" value="<%=net.i2p.data.DataHelper.escapeHTML(file)%>">
 <%
   } else {
 %>
--- a/apps/routerconsole/jsp/viewstat.jsp
+++ b/apps/routerconsole/jsp/viewstat.jsp
@ -38,6 +38,11 @@ if ( !rendered && ((rs != null) || fakeBw) ) {
    if (!fakeBw)
      rate = rs.getRate(per);
    if ( (rate != null) || (fakeBw) ) {
+      if (stat != null &&
+          (stat.indexOf('\n') >= 0 || stat.indexOf('\r') >= 0)) {
+          response.sendError(403, "param");
+          return;
+      }
      java.io.OutputStream cout = response.getOutputStream();
      String format = request.getParameter("format");
      response.setHeader("X-Content-Type-Options", "nosniff");
--- a/apps/streaming/java/src/net/i2p/client/streaming/impl/Connection.java
+++ b/apps/streaming/java/src/net/i2p/client/streaming/impl/Connection.java
@ -1656,7 +1656,6 @@ class Connection {
                return false;
            }

-            long now = _context.clock().now();
               _context.statManager().addRateData("stream.fastRetransmit", _packet.getLifetime(), _packet.getLifetime());
                
                // revamp various fields, in case we need to ack more, etc
--- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
+++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
@ -3092,10 +3092,10 @@ public class WebMail extends HttpServlet
 	 */
 	private static void showLogin( PrintWriter out )
 	{
-		boolean fixed = Boolean.parseBoolean(Config.getProperty( CONFIG_PORTS_FIXED, "true" ));
-		String host = Config.getProperty(CONFIG_HOST, DEFAULT_HOST);
-		String pop3 = Config.getProperty(CONFIG_PORTS_POP3, Integer.toString(DEFAULT_POP3PORT));
-		String smtp = Config.getProperty(CONFIG_PORTS_SMTP, Integer.toString(DEFAULT_SMTPPORT));
+		//boolean fixed = Boolean.parseBoolean(Config.getProperty( CONFIG_PORTS_FIXED, "true" ));
+		//String host = Config.getProperty(CONFIG_HOST, DEFAULT_HOST);
+		//String pop3 = Config.getProperty(CONFIG_PORTS_POP3, Integer.toString(DEFAULT_POP3PORT));
+		//String smtp = Config.getProperty(CONFIG_PORTS_SMTP, Integer.toString(DEFAULT_SMTPPORT));

 		out.println( "<div id=\"dologin\"><h1>" + _t("Email Login") + "</h1><table cellspacing=\"3\" cellpadding=\"5\">\n" +
 			// current postman hq length limits 16/12, new postman version 32/32
--- a/core/java/src/net/i2p/data/PrivateKeyFile.java
+++ b/core/java/src/net/i2p/data/PrivateKeyFile.java
@ -967,7 +967,6 @@ public class PrivateKeyFile {
            SigType type = spk.getType();
            if (type == SigType.EdDSA_SHA512_Ed25519 ||
                type == SigType.RedDSA_SHA512_Ed25519) {
-                I2PAppContext ctx = I2PAppContext.getGlobalContext();
                s.append("\nBlinded B32: ").append(Blinding.encode(spk));
                s.append("\n + auth key: ").append(Blinding.encode(spk, false, true));
                s.append("\n + password: ").append(Blinding.encode(spk, true, false));
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@ -18,7 +18,7 @@ public class RouterVersion {
    /** deprecated */
    public final static String ID = "Monotone";
    public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 12;
+    public final static long BUILD = 13;

    /** for example "-test" */
    public final static String EXTRA = "-rc";
--- a/router/java/src/net/i2p/router/crypto/ratchet/ECIESAEADEngine.java
+++ b/router/java/src/net/i2p/router/crypto/ratchet/ECIESAEADEngine.java
@ -190,7 +190,6 @@ public final class ECIESAEADEngine {
        RatchetSessionTag st = new RatchetSessionTag(tag);
        SessionKeyAndNonce key = keyManager.consumeTag(st);
        CloveSet decrypted;
-        final boolean shouldDebug = _log.shouldDebug();
        if (key != null) {
            decrypted = xx_decryptFast(tag, st, key, data, targetPrivateKey, keyManager);
            // we do NOT retry as NS
@ -957,9 +956,11 @@ public final class ECIESAEADEngine {
    /**
     * No ad
     */
+/*
    private final byte[] encryptAEADBlock(byte data[], SessionKey key, long n) {
        return encryptAEADBlock(null, data, key, n);
    }
+*/

    /**
     *
--- a/router/java/src/net/i2p/router/crypto/ratchet/RatchetSKM.java
+++ b/router/java/src/net/i2p/router/crypto/ratchet/RatchetSKM.java
@ -1157,7 +1157,6 @@ public class RatchetSKM extends SessionKeyManager implements SessionTagListener
                    _hisIBKey = receivedKey;

                    // create new OB TS, delete old one
-                    PublicKey pub = nextKeys.getPublic();
                    PrivateKey priv = nextKeys.getPrivate();
                    PrivateKey sharedSecret = ECIESAEADEngine.doDH(priv, key);
                    byte[] sk = new byte[32];
--- a/router/java/src/net/i2p/router/message/OutboundClientMessageOneShotJob.java
+++ b/router/java/src/net/i2p/router/message/OutboundClientMessageOneShotJob.java
@ -1196,7 +1196,7 @@ public class OutboundClientMessageOneShotJob extends JobImpl {
        }

        public void onReply() {
-            runJob();
+            super.runJob();
        }
    }
    
--- a/router/java/src/net/i2p/router/tunnel/pool/TunnelPoolManager.java
+++ b/router/java/src/net/i2p/router/tunnel/pool/TunnelPoolManager.java
@ -562,7 +562,6 @@ public class TunnelPoolManager implements TunnelManagerFacade {
            (!_context.getBooleanPropertyDefaultTrue("router.disableTunnelTesting") ||
             _context.router().isHidden() ||
             _context.router().getRouterInfo().getAddressCount() <= 0)) {
-            Hash client = cfg.getDestination();
            TunnelPool pool = cfg.getTunnelPool();
            _context.jobQueue().addJob(new TestJob(_context, cfg, pool));
        }