diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java index 12f38397c3..135a17d34a 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/datalayer/ComponentDataImpl.java @@ -32,6 +32,7 @@ import com.day.cq.commons.jcr.JcrConstants; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; public class ComponentDataImpl implements FormComponentData { @@ -41,7 +42,25 @@ public class ComponentDataImpl implements FormComponentData { protected final Resource resource; + /** + * Creates a new ComponentDataImpl instance. + * + * Note: This constructor stores references to FormComponent and Resource objects. + * These objects are designed to be immutable and shared across the system. + * The FormComponent interface provides read-only access to form component data, + * and the Resource interface represents an immutable JCR resource. + * + * @param component The form component (immutable, read-only interface) + * @param resource The JCR resource (immutable, read-only interface) + */ + @SuppressFBWarnings( + value = "EI_EXPOSE_REP2", + justification = "This constructor stores references to FormComponent and Resource objects. These objects are designed to be immutable and shared across the system. The FormComponent interface provides read-only access to form component data, and the Resource interface represents an immutable JCR resource. This is safe from a security perspective as these objects cannot be modified through the stored references.") public ComponentDataImpl(FormComponent component, Resource resource) { + // Both FormComponent and Resource are interfaces designed to be immutable + // and shared across the system. They provide read-only access to data. + // This is safe from a security perspective as these objects cannot be + // modified through the stored references. this.component = component; this.resource = resource; } diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java index 984fddcc4a..4d43c54e50 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/form/ReservedProperties.java @@ -204,6 +204,6 @@ private static Set aggregateReservedProperties() { } public static Set getReservedProperties() { - return reservedProperties; + return new HashSet<>(reservedProperties); } } diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java index ccd0e829d2..c49362fa54 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/form/FragmentImpl.java @@ -16,6 +16,7 @@ package com.adobe.cq.forms.core.components.internal.models.v1.form; import java.util.ArrayList; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -104,7 +105,7 @@ public String getFragmentPath() { if (itemModels == null) { itemModels = getChildrenModels(request, ComponentExporter.class); } - return itemModels; + return new LinkedHashMap<>(itemModels); } protected Map getChildrenModels(@Nullable SlingHttpServletRequest request, @NotNull Class modelClass) { @@ -136,7 +137,7 @@ public List getFragmentChildren() { if (filteredChildComponents == null) { filteredChildComponents = getFilteredChildrenResources(fragmentContainer); } - return filteredChildComponents; + return new ArrayList<>(filteredChildComponents); } @JsonIgnore diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java index 07c4706104..9cfbccf84c 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractBaseImpl.java @@ -294,7 +294,7 @@ protected String getConstraintMessage(ConstraintType type) { putConstraintMessage(ConstraintType.VALIDATION_EXPRESSION, msgs.getValidationExpressionConstraintMessage()); putConstraintMessage(ConstraintType.UNIQUE_ITEMS, msgs.getUniqueItemsConstraintMessage()); } - return constraintMessages; + return new LinkedHashMap<>(constraintMessages); } /** diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java index d5f063d43f..92e5018045 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractContainerImpl.java @@ -116,7 +116,7 @@ public List getItems() { if (childrenModels == null) { childrenModels = new ArrayList<>(getChildrenModels(request, ComponentExporter.class).values()); } - return childrenModels; + return new ArrayList<>(childrenModels); } @NotNull @@ -178,7 +178,7 @@ protected Map getChildrenModels(@Nullable SlingHttpServletRequest if (itemModels == null) { itemModels = getChildrenModels(request, ComponentExporter.class); } - return itemModels; + return new LinkedHashMap<>(itemModels); } protected List getFilteredChildrenResources() { diff --git a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java index 6687e1b213..b766ef8724 100644 --- a/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java +++ b/bundles/af-core/src/main/java/com/adobe/cq/forms/core/components/util/AbstractFormComponentImpl.java @@ -22,7 +22,6 @@ import java.util.Arrays; import java.util.Calendar; import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.List; @@ -545,7 +544,7 @@ private boolean isAllowedType(Object value) { * @return {@code Map} returns all custom property key value pairs associated with the resource */ private Map getCustomProperties() { - Map customProperties = new HashMap<>(); + Map customProperties = new LinkedHashMap<>(); Map templateBasedCustomProperties; List excludedPrefixes = Arrays.asList("fd:", "jcr:", "sling:"); Set reservedProperties = ReservedProperties.getReservedProperties(); diff --git a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java index 5f8890f54d..5f41b8ebbb 100644 --- a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java +++ b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v1/formsportal/PortalListerImpl.java @@ -16,6 +16,7 @@ package com.adobe.cq.forms.core.components.internal.models.v1.formsportal; import java.net.URISyntaxException; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -192,7 +193,7 @@ public void setFormThumbnail(String formThumbnail) { } public void setOperations(List operations) { - this.operations = operations; + this.operations = operations != null ? new ArrayList<>(operations) : null; } public void setId(String id) { @@ -205,7 +206,7 @@ public void setLastModified(String timeInfo) { @Override public List getOperations() { - return operations; + return operations != null ? new ArrayList<>(operations) : null; } @Override diff --git a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java index 7133abaaa1..bebc2e871e 100644 --- a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java +++ b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/HtmlPageItemImpl.java @@ -101,7 +101,7 @@ public Map getAttributes() { } } } - return attributes; + return new LinkedHashMap<>(attributes); } private void addAttributes(String name, String value) { diff --git a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java index 320f5bb9e8..cf8df51b54 100644 --- a/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java +++ b/bundles/core/src/main/java/com/adobe/cq/forms/core/components/internal/models/v2/aemform/AEMFormImpl.java @@ -92,7 +92,7 @@ protected void init() { } } } - return htmlPageItems; + return htmlPageItems != null ? new LinkedList<>(htmlPageItems) : null; } @JsonIgnore diff --git a/parent/pom.xml b/parent/pom.xml index c600faee99..467708ca14 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -698,7 +698,7 @@ com.github.spotbugs spotbugs-maven-plugin - 4.0.4 + 4.8.3.0 Max true