6992545: FindBugs scan - Malicious code vulnerability Warnings in com.sun.net.httpserver.HttpsParameters.*

Reviewed-by: alanb

jdk/src/share/classes/com/sun/net/httpserver/BasicAuthenticator.java

@@ -24,9 +24,6 @@
  */
 
 package com.sun.net.httpserver;
-import java.net.*;
-import java.io.*;
-import java.util.*;
 
 /**
  * BasicAuthenticator provides an implementation of HTTP Basic
@@ -57,7 +54,6 @@ public abstract class BasicAuthenticator extends Authenticator {
 
     public Result authenticate (HttpExchange t)
     {
-        HttpContext context = t.getHttpContext();
         Headers rmap = (Headers) t.getRequestHeaders();
         /*
          * look for auth token

jdk/src/share/classes/com/sun/net/httpserver/Filter.java

@@ -25,11 +25,7 @@
 
 package com.sun.net.httpserver;
 
-import java.net.*;
-import java.io.*;
-import java.nio.*;
-import java.nio.channels.*;
-import sun.net.www.MessageHeader;
+import java.io.IOException;
 import java.util.*;
 
 /**
@@ -56,12 +52,10 @@ public abstract class Filter {
         /* the last element in the chain must invoke the users
          * handler
          */
-        private List<Filter> filters;
         private ListIterator<Filter> iter;
         private HttpHandler handler;
 
         public Chain (List<Filter> filters, HttpHandler handler) {
-            this.filters = filters;
             iter = filters.listIterator();
             this.handler = handler;
         }

jdk/src/share/classes/com/sun/net/httpserver/Headers.java

@@ -26,7 +26,6 @@
 package com.sun.net.httpserver;
 
 import java.util.*;
-import java.io.*;
 
 /**
  * HTTP request and response headers are represented by this class which implements
@@ -77,19 +76,16 @@ public class Headers implements Map<String,List<String>> {
             if (len == 0) {
                 return key;
             }
-            char[] b = new char [len];
-            String s = null;
-                b = key.toCharArray();
-                if (b[0] >= 'a' && b[0] <= 'z') {
-                    b[0] = (char)(b[0] - ('a' - 'A'));
+            char[] b = key.toCharArray();
+            if (b[0] >= 'a' && b[0] <= 'z') {
+                b[0] = (char)(b[0] - ('a' - 'A'));
+            }
+            for (int i=1; i<len; i++) {
+                if (b[i] >= 'A' && b[i] <= 'Z') {
+                    b[i] = (char) (b[i] + ('a' - 'A'));
                 }
-                for (int i=1; i<len; i++) {
-                    if (b[i] >= 'A' && b[i] <= 'Z') {
-                        b[i] = (char) (b[i] + ('a' - 'A'));
-                    }
-                }
-                s = new String (b);
-            return s;
+            }
+            return new String(b);
         }
 
         public int size() {return map.size();}

jdk/src/share/classes/com/sun/net/httpserver/HttpsParameters.java

@@ -24,9 +24,7 @@
  */
 
 package com.sun.net.httpserver;
-import java.net.*;
-import java.io.*;
-import java.util.*;
+import java.net.InetSocketAddress;
 import javax.net.ssl.SSLParameters;
 
 /**
@@ -90,7 +88,7 @@ public abstract class HttpsParameters {
      * have been set.
      */
     public String[] getCipherSuites() {
-        return cipherSuites;
+        return cipherSuites != null ? cipherSuites.clone() : null;
     }
 
     /**
@@ -99,7 +97,7 @@ public abstract class HttpsParameters {
      * @param cipherSuites the array of ciphersuites (or null)
      */
     public void setCipherSuites(String[] cipherSuites) {
-        this.cipherSuites = cipherSuites;
+        this.cipherSuites = cipherSuites != null ? cipherSuites.clone() : null;
     }
 
     /**
@@ -110,7 +108,7 @@ public abstract class HttpsParameters {
      * have been set.
      */
     public String[] getProtocols() {
-        return protocols;
+        return protocols != null ? protocols.clone() : null;
     }
 
     /**
@@ -119,7 +117,7 @@ public abstract class HttpsParameters {
      * @param protocols the array of protocols (or null)
      */
     public void setProtocols(String[] protocols) {
-        this.protocols = protocols;
+        this.protocols = protocols != null ? protocols.clone() : null;
     }
 
     /**