Omit spotbugs CT_CONSTRUCTOR_THROWS visitor

From jenkinsci/plugin-pom#869 (comment) > Discussion in spotbugs/spotbugs#2695 > https://wiki.sei.cmu.edu/confluence/display/java/OBJ11-J.+Be+wary+of+letting+constructors+throw+exceptions > seems to relate to libraries used with SecurityManager which is dead > and certainly does not apply to Jenkins; we do not expect untrusted code > to be running inside the controller JVM, and it does not seem plausible > that finalizer abuse would happen by accident.
MarkEWaite · Dec 21, 2023 · f22073c · f22073c
1 parent fb09532
commit f22073c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 9 deletions.
diff --git a/pom.xml b/pom.xml
@@ -68,6 +68,9 @@
     <jgit.version>6.8.0.202311291450-r</jgit.version>
     <spotbugs.effort>Max</spotbugs.effort>
     <spotbugs-maven-plugin.version>4.8.2.0</spotbugs-maven-plugin.version>
+    <!-- TODO: Remove when plugin pom includes this omitVisitors -->
+    <!-- https://github.com/jenkinsci/plugin-pom/pull/869 -->
+    <spotbugs.omitVisitors>ConstructorThrow,FindReturnRef</spotbugs.omitVisitors>
     <spotbugs.threshold>Low</spotbugs.threshold>
     <spotless.check.skip>false</spotless.check.skip>
   </properties>

diff --git a/src/spotbugs/excludesFilter.xml b/src/spotbugs/excludesFilter.xml
@@ -4,15 +4,6 @@
     Exclusions in this section have been triaged and determined to be
     false positives.
   -->
-  <Match>
-    <!-- Jenkins plugins generally not vulnerable to Finalizer attacks -->
-    <Bug pattern="CT_CONSTRUCTOR_THROW" />
-    <Or>
-      <Class name="hudson.plugins.git.GitAPI" />
-      <Class name="org.jenkinsci.plugins.gitclient.JGitAPIImpl$FileRepositoryImpl" />
-      <Class name="org.jenkinsci.plugins.gitclient.trilead.TrileadSession$ProcessImpl" />
-    </Or>
-  </Match>
   <Match>
     <!-- These primitive attributes need to be public to preserve the API -->
     <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE" />