我想了解一下,当我在试图构建Netty SslContext的代码上运行SonarQube时,为什么我从pmd:DataflowAnomalyAnalytics中同时得到UR异常和DR异常。
代码运行得很好,但我正在获取keystorePath和truststorePath变量上的UR和DR。
请给我一些指点?谢谢
@Value("${server.ssl.key-store}") private String keyStorePath;
@Value("${server.ssl.key-store-password}") private String keyStorePassPhrase;
@Value("${server.ssl.key-password}") private String keyPassPhrase;
@Value("${server.ssl.key-store-type}") private String keyStoreType;
@Value("${server.ssl.trust-store}") private String trustStorePath;
@Value("${server.ssl.trust-store-password}") private String trustStorePassPhrase;
@Value("${server.ssl.trust-store-type}") private String trustStoreType;
public SslContext getSslContext() {
try {
final Path keystorePath = Paths.get(keyStorePath);
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreFile = Files.newInputStream(keystorePath)) {
keyStore.load(keyStoreFile, keyStorePassPhrase.toCharArray());
}
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyPassPhrase.toCharArray());
final Path truststorePath = Paths.get(trustStorePath);
final KeyStore trustStore = KeyStore.getInstance(trustStoreType);
try (InputStream trustStoreFile = Files.newInputStream(truststorePath)) {
trustStore.load(trustStoreFile, trustStorePassPhrase.toCharArray());
}
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
} catch (KeyStoreException | IOException | UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
return null;
}
}
根据评论,最新的PMD 7+版本确实不赞成使用此规则