Skip to content

Commit

Permalink
use an exhaustive codeql configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
ben-manes committed Dec 26, 2024
1 parent d722be8 commit d0321e2
Show file tree
Hide file tree
Showing 12 changed files with 67 additions and 47 deletions.
52 changes: 36 additions & 16 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -1,25 +1,14 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"
permissions: read-all

on:
push:
branches: [master]
branches: [master, v2.dev, v3.dev]
pull_request:
# The branches below must be a subset of the branches above
branches: [master]
branches: [master, v2.dev, v3.dev]
schedule:
- cron: '0 0 * * 4'

permissions:
actions: read
contents: read
pull-requests: read
security-events: write

env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
JAVA_VERSION: 21
Expand All @@ -28,6 +17,15 @@ jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
pull-requests: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ actions, java ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
Expand All @@ -53,13 +51,35 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Gradle
uses: ./.github/actions/run-gradle
if: ${{ matrix.language == 'java' }}
with:
java: ${{ env.JAVA_VERSION }}
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
- name: Initialize CodeQL
- name: Initialize CodeQL (Actions)
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
if: ${{ matrix.language == 'actions' }}
with:
languages: actions
- name: Initialize CodeQL (Java - Fast)
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
if: ${{ matrix.language == 'java' && github.event_name != 'schedule' }}
with:
queries: +security-and-quality,security-extended,security-experimental
languages: java-kotlin
- name: Initialize CodeQL (Java - Thorough)
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
if: ${{ matrix.language == 'java' && github.event_name == 'schedule' }}
with:
languages: java
queries: +security-and-quality,security-extended,security-experimental
languages: java-kotlin
packs: >
+codeql/java-queries:.,
githubsecuritylab/codeql-java-queries,
githubsecuritylab/codeql-java-extensions,
githubsecuritylab/codeql-java-library-sources,
githubsecuritylab/codeql-java-queries:suites/java-local.qls
config: |
threat-models: local
- name: Autobuild
uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
- name: Perform CodeQL Analysis
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -805,7 +805,7 @@ private static void checkContainsInOrder(Cache<Int, Int> cache, Iterable<Int> ex
public void evict_candidate_lru(BoundedLocalCache<Int, Int> cache, CacheContext context) {
cache.setMainProtectedMaximum(0);
cache.setWindowMaximum(context.maximumSize());
for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var oldValue = cache.put(Int.valueOf(i), Int.valueOf(i));
assertThat(oldValue).isNull();
}
Expand Down Expand Up @@ -851,7 +851,7 @@ public void evict_window_candidates(BoundedLocalCache<Int, Int> cache, CacheCont
cache.setWindowMaximum(context.maximumSize() / 2);
cache.setMainProtectedMaximum(0);

for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var value = cache.put(Int.valueOf(i), Int.valueOf(i));
assertThat(value).isNull();
}
Expand All @@ -876,7 +876,7 @@ public void evict_window_fallback(BoundedLocalCache<Int, Int> cache, CacheContex
cache.setWindowMaximum(context.maximumSize() / 2);
cache.setMainProtectedMaximum(0);

for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var value = cache.put(Int.valueOf(i), Int.valueOf(i));
assertThat(value).isNull();
}
Expand All @@ -900,7 +900,7 @@ public void evict_candidateIsVictim(BoundedLocalCache<Int, Int> cache, CacheCont
cache.setMainProtectedMaximum(context.maximumSize() / 2);
cache.setWindowMaximum(context.maximumSize() / 2);

for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var value = cache.put(Int.valueOf(i), Int.valueOf(i));
assertThat(value).isNull();
}
Expand Down Expand Up @@ -933,7 +933,7 @@ public void evict_candidateIsVictim(BoundedLocalCache<Int, Int> cache, CacheCont
maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED,
removalListener = Listener.CONSUMING)
public void evict_toZero(BoundedLocalCache<Int, Int> cache, CacheContext context) {
for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var value = cache.put(Int.valueOf(i), Int.valueOf(i));
assertThat(value).isNull();
}
Expand Down Expand Up @@ -1016,7 +1016,7 @@ public void evict_zeroWeight_candidate(BoundedLocalCache<Int, Int> cache, CacheC
return Math.abs(value.intValue());
});

for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
assertThat(cache.put(Int.valueOf(i), Int.valueOf(1))).isNull();
}

Expand All @@ -1042,7 +1042,7 @@ public void evict_zeroWeight_victim(BoundedLocalCache<Int, Int> cache, CacheCont
return Math.abs(value.intValue());
});

for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
assertThat(cache.put(Int.valueOf(i), Int.valueOf(1))).isNull();
}

Expand Down Expand Up @@ -1673,7 +1673,7 @@ public void exceedsMaximumBufferSize_onWrite(
public void fastpath(BoundedLocalCache<Int, Int> cache, CacheContext context) {
assertThat(cache.skipReadBuffer()).isTrue();

for (int i = 0; i < (context.maximumSize() / 2) - 1; i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize() / 2) - 1; i++) {
var oldValue = cache.put(Int.valueOf(i), Int.valueOf(-i));
assertThat(oldValue).isNull();
}
Expand Down Expand Up @@ -1766,7 +1766,7 @@ public void drain_blocksClear(BoundedLocalCache<Int, Int> cache, CacheContext co
public void drain_blocksOrderedMap(BoundedLocalCache<Int, Int> cache,
CacheContext context, Eviction<Int, Int> eviction) {
checkDrainBlocks(cache, () -> {
var results = eviction.coldest(((int) context.maximumSize()));
var results = eviction.coldest((Math.toIntExact(context.maximumSize())));

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / benchmarks (GraalVM)

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / benchmarks (GraalVM)

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / spotbugs

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / spotbugs

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / Compile (11)

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / Compile (11)

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / pmd

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / pmd

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / forbiddenApis

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / forbiddenApis

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / qodana

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them

Check warning on line 1769 in caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java

View workflow job for this annotation

GitHub Actions / qodana

[UnnecessaryParentheses] These grouping parentheses are unnecessary; it is unlikely the code will be misinterpreted without them
assertThat(results).isEmpty();
});
}
Expand Down Expand Up @@ -2130,8 +2130,8 @@ public void unschedule_invalidateAll(BoundedLocalCache<Int, Int> cache, CacheCon
@CacheSpec(population = Population.EMPTY, expireAfterAccess = Expire.ONE_MINUTE,
maximumSize = {Maximum.DISABLED, Maximum.FULL}, weigher = CacheWeigher.DISABLED)
public void expirationDelay_window(BoundedLocalCache<Int, Int> cache, CacheContext context) {
int maximum = cache.evicts() ? (int) context.maximumSize() : 100;
long stepSize = context.expireAfterAccess().timeNanos() / (2 * maximum);
int maximum = cache.evicts() ? Math.toIntExact(context.maximumSize()) : 100;
long stepSize = context.expireAfterAccess().timeNanos() / (2L * maximum);
for (int i = 0; i < maximum; i++) {
var key = intern(Int.valueOf(i));
var value = cache.put(key, key);
Expand Down Expand Up @@ -2166,7 +2166,7 @@ public void expirationDelay_window(BoundedLocalCache<Int, Int> cache, CacheConte
maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED)
public void expirationDelay_probation(BoundedLocalCache<Int, Int> cache, CacheContext context) {
long stepSize = context.expireAfterAccess().timeNanos() / (2 * context.maximumSize());
for (int i = 0; i < (int) context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var key = intern(Int.valueOf(i));
var value = cache.put(key, key);
assertThat(value).isNull();
Expand Down Expand Up @@ -2198,7 +2198,7 @@ public void expirationDelay_probation(BoundedLocalCache<Int, Int> cache, CacheCo
maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED)
public void expirationDelay_protected(BoundedLocalCache<Int, Int> cache, CacheContext context) {
long stepSize = context.expireAfterAccess().timeNanos() / (2 * context.maximumSize());
for (int i = 0; i < (int) context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var key = intern(Int.valueOf(i));
var value = cache.put(key, key);
assertThat(value).isNull();
Expand Down Expand Up @@ -2231,7 +2231,7 @@ public void expirationDelay_protected(BoundedLocalCache<Int, Int> cache, CacheCo
maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED)
public void expirationDelay_writeOrder(BoundedLocalCache<Int, Int> cache, CacheContext context) {
long stepSize = context.expireAfterWrite().timeNanos() / (2 * context.maximumSize());
for (int i = 0; i < (int) context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
var key = intern(Int.valueOf(i));
var value = cache.put(key, key);
assertThat(value).isNull();
Expand All @@ -2254,8 +2254,8 @@ public void expirationDelay_writeOrder(BoundedLocalCache<Int, Int> cache, CacheC
expiry = CacheExpiry.WRITE, expiryTime = Expire.ONE_MINUTE)
public void expirationDelay_varTime(BoundedLocalCache<Int, Int> cache, CacheContext context) {
long startTime = context.ticker().read();
int maximum = cache.evicts() ? (int) context.maximumSize() : 100;
long stepSize = context.expiryTime().timeNanos() / (2 * maximum);
int maximum = cache.evicts() ? Math.toIntExact(context.maximumSize()) : 100;
long stepSize = context.expiryTime().timeNanos() / (2L * maximum);
for (int i = 0; i < maximum; i++) {
var key = intern(Int.valueOf(i));
var value = cache.put(key, key);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@ final class Key {
}

var keys = intern(new ArrayList<Key>());
for (int i = 0; i < Population.FULL.size(); i++) {
for (int i = 0; i < Math.toIntExact(Population.FULL.size()); i++) {
keys.add(new Key());
}

Expand Down Expand Up @@ -603,7 +603,7 @@ final class Key {
Cache<Object, Int> cache = context.build(key -> null);

var keys = new ArrayList<Key>();
for (int i = 0; i < Population.FULL.size(); i++) {
for (int i = 0; i < Math.toIntExact(Population.FULL.size()); i++) {
keys.add(intern(new Key()));
}
Key key = requireNonNull(Iterables.getLast(keys));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ public void evict(Cache<Int, Int> cache, CacheContext context) {
initialCapacity = InitialCapacity.EXCESSIVE)
public void evict_weighted(Cache<Int, List<Int>> cache, CacheContext context) {
// Enforce full initialization of internal structures
for (int i = 0; i < context.maximumSize(); i++) {
for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) {
cache.put(Int.valueOf(i), List.of());
}
cache.invalidateAll();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -414,7 +414,7 @@ public void oldest_zero(CacheContext context,
@CacheSpec(population = Population.FULL, expireAfterAccess = Expire.ONE_MINUTE)
public void oldest_partial(CacheContext context,
@ExpireAfterAccess FixedExpiration<Int, Int> expireAfterAccess) {
int count = (int) context.initialSize() / 2;
int count = Math.toIntExact(context.initialSize() / 2);
assertThat(expireAfterAccess.oldest(count)).hasSize(count);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public void ensureCapacity_smaller(FrequencySketch<Integer> sketch) {
@Test(dataProvider = "sketch")
public void ensureCapacity_larger(FrequencySketch<Integer> sketch) {
int size = sketch.table.length;
sketch.ensureCapacity(2 * size);
sketch.ensureCapacity(2L * size);
assertThat(sketch.table).hasLength(2 * size);
assertThat(sketch.sampleSize).isEqualTo(10 * 2 * size);
assertThat(sketch.blockMask).isEqualTo(((2 * size) >> 3) - 1);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ final class Key {
LoadingCache<Object, Int> cache = context.build(key -> null);

var keys = intern(new ArrayList<Key>());
for (int i = 0; i < Population.FULL.size(); i++) {
for (int i = 0; i < Math.toIntExact(Population.FULL.size()); i++) {
keys.add(new Key());
}
Key key = requireNonNull(Iterables.getLast(keys));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -956,7 +956,7 @@ public void getRefreshesAfter(CacheContext context, FixedRefresh<Int, Int> refre

@Test(dataProvider = "caches")
@CacheSpec(refreshAfterWrite = Expire.ONE_MINUTE)
public void setRefreshAfter_negative(Cache<Int, Int> cache,
public void setRefreshAfter_negative(
CacheContext context, FixedRefresh<Int, Int> refreshAfterWrite) {
var duration = Duration.ofMinutes(-2);
assertThrows(IllegalArgumentException.class, () ->
Expand All @@ -965,7 +965,7 @@ public void setRefreshAfter_negative(Cache<Int, Int> cache,

@Test(dataProvider = "caches")
@CacheSpec(refreshAfterWrite = Expire.ONE_MINUTE)
public void setRefreshAfter_excessive(Cache<Int, Int> cache,
public void setRefreshAfter_excessive(
CacheContext context, FixedRefresh<Int, Int> refreshAfterWrite) {
refreshAfterWrite.setRefreshesAfter(ChronoUnit.FOREVER.getDuration());
assertThat(refreshAfterWrite.getRefreshesAfter(TimeUnit.NANOSECONDS)).isEqualTo(Long.MAX_VALUE);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ void test(Random r) {
// thread was just reading/writing
lastBlock.set(block);

Long k = block;
long k = block;
Val v = cache.getIfPresent(k);
if (v != null) {
hits.incrementAndGet();
Expand Down Expand Up @@ -172,7 +172,7 @@ public void clear() {
}

void test(Random r) {
Long k = (long) r.nextInt(blocksInTest);
long k = r.nextInt(blocksInTest);
Val v = cache.getIfPresent(k);
if (v != null) {
assertThat(k).isEqualTo(v.key);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -217,8 +217,8 @@ private static void populate(CacheContext context, Cache<Int, Int> cache) {
return;
}

int maximum = (int) Math.min(context.maximumSize(), context.population.size());
int first = BASE + (int) Math.min(0, context.population.size());
int maximum = Math.toIntExact(Math.min(context.maximumSize(), context.population.size()));
int first = Math.toIntExact(BASE + Math.min(0, context.population.size()));
int last = BASE + maximum - 1;
int middle = Math.max(first, BASE + ((last - first) / 2));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ public abstract class ParallelMapIteratePutAcceptanceTest {
LoggerFactory.getLogger(ParallelMapIteratePutAcceptanceTest.class);
private static final long SEED = 0x12345678ABCDL;

private static final long PUT_REPEAT = 100;
private static final int PUT_REPEAT = 100;
private static final int CHUNK_SIZE = 16000;
private static final int MAX_THREADS = 48;

Expand Down Expand Up @@ -90,7 +90,7 @@ private void runAllPutTests(Integer[] contents, Integer[] constContents) {

private void runPutTest1(int threadCount, Integer[] contents, Integer[] constContents,
ExecutorService executorService, boolean warmup) {
long ops = ((warmup ? 100_000 : 100_000 * PUT_REPEAT) / contents.length) + 1;
int ops = ((warmup ? 100_000 : 100_000 * PUT_REPEAT) / contents.length) + 1;
Future<?>[] futures = new Future<?>[threadCount];
for (int i = 0; i < ops; i++) {
ConcurrentMutableMap<Integer, Integer> map = newMap(constContents.length);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ public int getStep() {
}

public void setStep(int x) {
this.step = Math.max(1, Math.min(15, step));
this.step = Math.max(1, Math.min(15, x));
}

public int getEventsToCount() {
Expand Down

0 comments on commit d0321e2

Please sign in to comment.