From 01d2a3903ff58b0f665fe12adb5e09b34c8ea938 Mon Sep 17 00:00:00 2001
From: Basil Crow <me@basilcrow.com>
Date: Sat, 19 Nov 2022 12:27:49 -0800
Subject: [PATCH] Adapt to https://github.com/jenkinsci/pom/pull/350

---
 .../org/kohsuke/stapler/HttpResponses.java    |  2 +
 .../compression/UncaughtExceptionHandler.java |  2 +-
 .../stapler/json/JsonHttpResponse.java        |  2 +
 .../stapler/jsr269/AbstractProcessorImpl.java |  2 +
 pom.xml                                       |  2 +-
 src/spotbugs/excludesFilter.xml               | 62 -------------------
 6 files changed, 8 insertions(+), 64 deletions(-)
 delete mode 100644 src/spotbugs/excludesFilter.xml

diff --git a/core/src/main/java/org/kohsuke/stapler/HttpResponses.java b/core/src/main/java/org/kohsuke/stapler/HttpResponses.java
index cbb7af8a2e..0a435acd00 100644
--- a/core/src/main/java/org/kohsuke/stapler/HttpResponses.java
+++ b/core/src/main/java/org/kohsuke/stapler/HttpResponses.java
@@ -24,6 +24,7 @@
 package org.kohsuke.stapler;
 
 import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -106,6 +107,7 @@ public static HttpResponseException error(final int code, final Throwable cause)
         if (responseException == null) {
             responseException = new HttpResponseException(cause) {
                 @Override
+                @SuppressFBWarnings(value = "INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE", justification = "Jenkins handles this issue differently or doesn't care about it")
                 public void generateResponse(StaplerRequest req, StaplerResponse rsp, Object node) throws IOException, ServletException {
                     rsp.setStatus(code);
 
diff --git a/core/src/main/java/org/kohsuke/stapler/compression/UncaughtExceptionHandler.java b/core/src/main/java/org/kohsuke/stapler/compression/UncaughtExceptionHandler.java
index 37a272443c..05182511d3 100644
--- a/core/src/main/java/org/kohsuke/stapler/compression/UncaughtExceptionHandler.java
+++ b/core/src/main/java/org/kohsuke/stapler/compression/UncaughtExceptionHandler.java
@@ -32,7 +32,7 @@ void reportException(Throwable e, ServletContext context, HttpServletRequest req
 
     UncaughtExceptionHandler DEFAULT = new UncaughtExceptionHandler() {
         @Override
-        @SuppressFBWarnings(value = "XSS_SERVLET", justification = "Covered by the escape() method.")
+        @SuppressFBWarnings(value = {"INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE", "XSS_SERVLET"}, justification = "Covered by the escape() method.")
         public void reportException(Throwable e, ServletContext context, HttpServletRequest req, HttpServletResponse rsp) throws ServletException, IOException {
             StringWriter sw = new StringWriter();
             PrintWriter pw = new PrintWriter(sw);
diff --git a/core/src/main/java/org/kohsuke/stapler/json/JsonHttpResponse.java b/core/src/main/java/org/kohsuke/stapler/json/JsonHttpResponse.java
index 030336b6bc..dd44f3d77f 100644
--- a/core/src/main/java/org/kohsuke/stapler/json/JsonHttpResponse.java
+++ b/core/src/main/java/org/kohsuke/stapler/json/JsonHttpResponse.java
@@ -6,6 +6,7 @@
 import org.kohsuke.stapler.StaplerResponse;
 
 import edu.umd.cs.findbugs.annotations.Nullable;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import javax.servlet.ServletException;
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -30,6 +31,7 @@ public JsonHttpResponse(JSONObject o, int status) {
         this.status = status;
     }
 
+    @SuppressFBWarnings(value = "INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE", justification = "Jenkins handles this issue differently or doesn't care about it")
     public JsonHttpResponse(Throwable t, int status) {
         StringWriter sw = new StringWriter();
         t.printStackTrace(new PrintWriter(sw));
diff --git a/core/src/main/java/org/kohsuke/stapler/jsr269/AbstractProcessorImpl.java b/core/src/main/java/org/kohsuke/stapler/jsr269/AbstractProcessorImpl.java
index 45a6cf2a10..017b9023ad 100644
--- a/core/src/main/java/org/kohsuke/stapler/jsr269/AbstractProcessorImpl.java
+++ b/core/src/main/java/org/kohsuke/stapler/jsr269/AbstractProcessorImpl.java
@@ -22,6 +22,7 @@
  */
 package org.kohsuke.stapler.jsr269;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import javax.annotation.processing.AbstractProcessor;
 import javax.lang.model.element.Element;
 import javax.tools.FileObject;
@@ -38,6 +39,7 @@
  * @author Kohsuke Kawaguchi
  */
 abstract class AbstractProcessorImpl extends AbstractProcessor {
+    @SuppressFBWarnings(value = "INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE", justification = "Jenkins handles this issue differently or doesn't care about it")
     protected String toString(Throwable t) {
         StringWriter w = new StringWriter();
         t.printStackTrace(new PrintWriter(w));
diff --git a/pom.xml b/pom.xml
index 427f2b3781..61e20294d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.jenkins-ci</groupId>
     <artifactId>jenkins</artifactId>
-    <version>1.91</version>
+    <version>1.92</version>
     <relativePath />
   </parent>
   <groupId>org.kohsuke.stapler</groupId>
diff --git a/src/spotbugs/excludesFilter.xml b/src/spotbugs/excludesFilter.xml
deleted file mode 100644
index a7ddf72c81..0000000000
--- a/src/spotbugs/excludesFilter.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<FindBugsFilter>
-  <!--
-    Exclusions in this section have been triaged and determined to be false positives.
-  -->
-  <Match>
-    <Or>
-      <!-- We don't care about this behavior -->
-      <Bug pattern="CRLF_INJECTION_LOGS"/>
-      <!-- Jenkins handles this issue differently or doesn't care about it. -->
-      <Bug pattern="INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE"/>
-    </Or>
-  </Match>
-  <!--
-    Here lies technical debt. Exclusions in this section have not yet been triaged. When working on
-    on this section, pick an exclusion to triage, then:
-    - If it is a false positive, add a @SuppressFBWarnings(value = "[…]", justification = "[…]")
-      annotation indicating the reason why it is a false positive, then remove the exclusion from
-      this section.
-    - If it is not a false positive, fix the bug, then remove the exclusion from this section.
-   -->
-  <Match>
-    <Confidence value="2"/>
-    <Or>
-      <And>
-        <Bug pattern="SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA"/>
-        <Class name="org.kohsuke.stapler.EvaluationTrace$ApplicationTracer"/>
-      </And>
-      <And>
-        <Bug pattern="THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION"/>
-        <Or>
-          <Class name="org.kohsuke.stapler.AbstractTearOff"/>
-          <Class name="org.kohsuke.stapler.CachingScriptLoader"/>
-          <Class name="org.kohsuke.stapler.framework.AbstractWebAppMain"/>
-          <Class name="org.kohsuke.stapler.jelly.groovy.GroovyClassTearOff"/>
-          <Class name="org.kohsuke.stapler.jelly.groovy.GroovyServerPageTearOff"/>
-          <Class name="org.kohsuke.stapler.jelly.JellyClassTearOff"/>
-          <Class name="org.kohsuke.stapler.jelly.ScriptInvoker"/>
-          <Class name="org.kohsuke.stapler.ScriptExecutor"/>
-        </Or>
-      </And>
-      <And>
-        <Bug pattern="THROWS_METHOD_THROWS_CLAUSE_THROWABLE"/>
-        <Or>
-          <Class name="org.kohsuke.stapler.config.ConfigurationLoader$1"/>
-          <Class name="org.kohsuke.stapler.jelly.groovy.Namespace$ProxyImpl"/>
-        </Or>
-      </And>
-      <And>
-        <Bug pattern="THROWS_METHOD_THROWS_RUNTIMEEXCEPTION"/>
-        <Or>
-          <Class name="org.kohsuke.stapler.export.Model"/>
-          <Class name="org.kohsuke.stapler.jelly.groovy.JellyBuilder"/>
-          <Class name="org.kohsuke.stapler.jelly.IncludeTag"/>
-          <Class name="org.kohsuke.stapler.RequestImpl"/>
-          <Class name="org.kohsuke.stapler.Stapler"/>
-          <Class name="org.kohsuke.stapler.TearOffSupport"/>
-        </Or>
-      </And>
-    </Or>
-  </Match>
-</FindBugsFilter>