jenkinsci · jglick · Jan 6, 2022 · Dec 31, 2021
@@ -24,7 +24,7 @@
 
 package org.jenkinsci.plugins.scriptsecurity.sandbox;
 
-import javax.annotation.CheckForNull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist;
 

@@ -34,8 +34,8 @@
 import java.util.WeakHashMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nonnull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import jenkins.model.Jenkins;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist;
@@ -57,25 +57,25 @@ public abstract class Whitelist implements ExtensionPoint {
      * @param args zero or more arguments
      * @return true to allow the method to be called, false to reject it
      */
-    public abstract boolean permitsMethod(@Nonnull Method method, @Nonnull Object receiver, @Nonnull Object[] args);
+    public abstract boolean permitsMethod(@NonNull Method method, @NonNull Object receiver, @NonNull Object[] args);
 
-    public abstract boolean permitsConstructor(@Nonnull Constructor<?> constructor, @Nonnull Object[] args);
+    public abstract boolean permitsConstructor(@NonNull Constructor<?> constructor, @NonNull Object[] args);
 
-    public abstract boolean permitsStaticMethod(@Nonnull Method method, @Nonnull Object[] args);
+    public abstract boolean permitsStaticMethod(@NonNull Method method, @NonNull Object[] args);
 
-    public abstract boolean permitsFieldGet(@Nonnull Field field, @Nonnull Object receiver);
+    public abstract boolean permitsFieldGet(@NonNull Field field, @NonNull Object receiver);
 
-    public abstract boolean permitsFieldSet(@Nonnull Field field, @Nonnull Object receiver, @CheckForNull Object value);
+    public abstract boolean permitsFieldSet(@NonNull Field field, @NonNull Object receiver, @CheckForNull Object value);
 
-    public abstract boolean permitsStaticFieldGet(@Nonnull Field field);
+    public abstract boolean permitsStaticFieldGet(@NonNull Field field);
 
-    public abstract boolean permitsStaticFieldSet(@Nonnull Field field, @CheckForNull Object value);
+    public abstract boolean permitsStaticFieldSet(@NonNull Field field, @CheckForNull Object value);
 
     /**
      * Checks for all whitelists registered as {@link Extension}s and aggregates them.
      * @return an aggregated default list
      */
-    public static synchronized @Nonnull Whitelist all() {
+    public static synchronized @NonNull Whitelist all() {
         Jenkins j = Jenkins.getInstanceOrNull();
         if (j == null) {
             LOGGER.log(Level.WARNING, "No Jenkins.instance", new Throwable("here"));

@@ -34,8 +34,8 @@
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nonnull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import org.apache.commons.lang.ClassUtils;
 import org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation;
 
@@ -47,7 +47,7 @@
  */
 class GroovyCallSiteSelector {
 
-    private static boolean matches(@Nonnull Class<?>[] parameterTypes, @Nonnull Object[] parameters, boolean varargs) {
+    private static boolean matches(@NonNull Class<?>[] parameterTypes, @NonNull Object[] parameters, boolean varargs) {
         if (varargs) {
             parameters = parametersForVarargs(parameterTypes, parameters);
         }
@@ -119,7 +119,7 @@ private static Object[] parametersForVarargs(Class<?>[] parameterTypes, Object[]
     /**
      * {@link Class#isInstance} extended to handle some important cases of primitive types.
      */
-    private static boolean isInstancePrimitive(@Nonnull Class<?> type, @Nonnull Object instance) {
+    private static boolean isInstancePrimitive(@NonNull Class<?> type, @NonNull Object instance) {
         if (type.isInstance(instance)) {
             return true;
         }
@@ -146,7 +146,7 @@ private static boolean isInstancePrimitive(@Nonnull Class<?> type, @Nonnull Obje
      * @param method the method name
      * @param args a set of actual arguments
      */
-    public static @CheckForNull Method method(@Nonnull Object receiver, @Nonnull String method, @Nonnull Object[] args) {
+    public static @CheckForNull Method method(@NonNull Object receiver, @NonNull String method, @NonNull Object[] args) {
         Set<Class<?>> types = types(receiver);
         if (types.contains(GroovyInterceptable.class) && !"invokeMethod".equals(method)) {
             return method(receiver, "invokeMethod", new Object[]{ method, args });
@@ -166,7 +166,7 @@ private static boolean isInstancePrimitive(@Nonnull Class<?> type, @Nonnull Obje
         return null;
     }
 
-    public static @CheckForNull Constructor<?> constructor(@Nonnull Class<?> receiver, @Nonnull Object[] args) {
+    public static @CheckForNull Constructor<?> constructor(@NonNull Class<?> receiver, @NonNull Object[] args) {
         Constructor<?>[] constructors = receiver.getDeclaredConstructors();
         Constructor<?> candidate = null;
         for (Constructor<?> c : constructors) {
@@ -194,11 +194,11 @@ private static boolean isInstancePrimitive(@Nonnull Class<?> type, @Nonnull Obje
         return null;
     }
 
-    public static @CheckForNull Method staticMethod(@Nonnull Class<?> receiver, @Nonnull String method, @Nonnull Object[] args) {
+    public static @CheckForNull Method staticMethod(@NonNull Class<?> receiver, @NonNull String method, @NonNull Object[] args) {
         return findMatchingMethod(receiver, method, args);
     }
 
-    private static Method findMatchingMethod(@Nonnull Class<?> receiver, @Nonnull String method, @Nonnull Object[] args) {
+    private static Method findMatchingMethod(@NonNull Class<?> receiver, @NonNull String method, @NonNull Object[] args) {
         Method candidate = null;
 
         for (Method m : receiver.getDeclaredMethods()) {
@@ -218,7 +218,7 @@ private static Method findMatchingMethod(@Nonnull Class<?> receiver, @Nonnull St
     /**
      * Emulates, with some tweaks, {@link org.codehaus.groovy.reflection.ParameterTypes#isVargsMethod(Object[])}
      */
-    private static boolean isVarArgsMethod(@Nonnull Method m, @Nonnull Object[] args) {
+    private static boolean isVarArgsMethod(@NonNull Method m, @NonNull Object[] args) {
         if (m.isVarArgs()) {
             return true;
         }
@@ -247,7 +247,7 @@ private static boolean isVarArgsMethod(@Nonnull Method m, @Nonnull Object[] args
         return false;
     }
 
-    public static @CheckForNull Field field(@Nonnull Object receiver, @Nonnull String field) {
+    public static @CheckForNull Field field(@NonNull Object receiver, @NonNull String field) {
         for (Class<?> c : types(receiver)) {
             for (Field f : c.getDeclaredFields()) {
                 if (f.getName().equals(field)) {
@@ -258,7 +258,7 @@ private static boolean isVarArgsMethod(@Nonnull Method m, @Nonnull Object[] args
         return null;
     }
 
-    public static @CheckForNull Field staticField(@Nonnull Class<?> receiver, @Nonnull String field) {
+    public static @CheckForNull Field staticField(@NonNull Class<?> receiver, @NonNull String field) {
         for (Field f : receiver.getDeclaredFields()) {
             if (f.getName().equals(field)) {
                 return f;
@@ -267,12 +267,12 @@ private static boolean isVarArgsMethod(@Nonnull Method m, @Nonnull Object[] args
         return null;
     }
 
-    private static Set<Class<?>> types(@Nonnull Object o) {
+    private static Set<Class<?>> types(@NonNull Object o) {
         Set<Class<?>> types = new LinkedHashSet<Class<?>>();
         visitTypes(types, o.getClass());
         return types;
     }
-    private static void visitTypes(@Nonnull Set<Class<?>> types, @Nonnull Class<?> c) {
+    private static void visitTypes(@NonNull Set<Class<?>> types, @NonNull Class<?> c) {
         Class<?> s = c.getSuperclass();
         if (s != null) {
             visitTypes(types, s);

@@ -43,8 +43,8 @@
 import java.util.concurrent.Callable;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nonnull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import org.codehaus.groovy.control.CompilationFailedException;
 import org.codehaus.groovy.control.CompilationUnit;
 import org.codehaus.groovy.control.CompilerConfiguration;
@@ -105,7 +105,7 @@ public GroovySandbox withTaskListener(@CheckForNull TaskListener listener) {
         return this;
     }
 
-    private @Nonnull Whitelist whitelist() {
+    private @NonNull Whitelist whitelist() {
         return whitelist != null ? whitelist : Whitelist.all();
     }
 
@@ -153,7 +153,7 @@ public interface Scope extends AutoCloseable {
      * @param script the script to run
      * @return the return value of the script
      */
-    public Object runScript(@Nonnull GroovyShell shell, @Nonnull String script) {
+    public Object runScript(@NonNull GroovyShell shell, @NonNull String script) {
         GroovySandbox derived = new GroovySandbox().
             withApprovalContext(context).
             withTaskListener(listener).
@@ -178,7 +178,7 @@ public Object runScript(@Nonnull GroovyShell shell, @Nonnull String script) {
      *
      * @return a compiler configuration set up to use the sandbox
      */
-    public static @Nonnull CompilerConfiguration createSecureCompilerConfiguration() {
+    public static @NonNull CompilerConfiguration createSecureCompilerConfiguration() {
         CompilerConfiguration cc = createBaseCompilerConfiguration();
         cc.addCompilationCustomizers(new SandboxTransformer());
         return cc;
@@ -187,7 +187,7 @@ public Object runScript(@Nonnull GroovyShell shell, @Nonnull String script) {
     /**
      * Prepares a compiler configuration that rejects certain AST transformations. Used by {@link #createSecureCompilerConfiguration()}.
      */
-    public static @Nonnull CompilerConfiguration createBaseCompilerConfiguration() {
+    public static @NonNull CompilerConfiguration createBaseCompilerConfiguration() {
         CompilerConfiguration cc = new CompilerConfiguration();
         cc.addCompilationCustomizers(new RejectASTTransformsCustomizer());
         cc.setDisabledGlobalASTTransformations(new HashSet<>(Collections.singletonList(GrabAnnotationTransformation.class.getName())));
@@ -200,7 +200,7 @@ public Object runScript(@Nonnull GroovyShell shell, @Nonnull String script) {
      * See {@link #createSecureCompilerConfiguration()} for the discussion.
      */
     @SuppressFBWarnings(value = "DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED", justification = "Should be managed by the caller.")
-    public static @Nonnull ClassLoader createSecureClassLoader(ClassLoader base) {
+    public static @NonNull ClassLoader createSecureClassLoader(ClassLoader base) {
         return new SandboxResolvingClassLoader(base);
     }
 
@@ -214,7 +214,7 @@ public Object runScript(@Nonnull GroovyShell shell, @Nonnull String script) {
      * @deprecated use {@link #enter}
      */
     @Deprecated
-    public static void runInSandbox(@Nonnull Runnable r, @Nonnull Whitelist whitelist) throws RejectedAccessException {
+    public static void runInSandbox(@NonNull Runnable r, @NonNull Whitelist whitelist) throws RejectedAccessException {
         try (Scope scope = new GroovySandbox().withWhitelist(whitelist).enter()) {
             r.run();
         }
@@ -232,7 +232,7 @@ public static void runInSandbox(@Nonnull Runnable r, @Nonnull Whitelist whitelis
      * @deprecated use {@link #enter}
      */
     @Deprecated
-    public static <V> V runInSandbox(@Nonnull Callable<V> c, @Nonnull Whitelist whitelist) throws Exception {
+    public static <V> V runInSandbox(@NonNull Callable<V> c, @NonNull Whitelist whitelist) throws Exception {
         try (Scope scope = new GroovySandbox().withWhitelist(whitelist).enter()) {
             return c.call();
         }
@@ -244,7 +244,7 @@ public static <V> V runInSandbox(@Nonnull Callable<V> c, @Nonnull Whitelist whit
      * @deprecated insecure; use {@link #run(GroovyShell, String, Whitelist)} or {@link #runScript}
      */
     @Deprecated
-    public static Object run(@Nonnull Script script, @Nonnull final Whitelist whitelist) throws RejectedAccessException {
+    public static Object run(@NonNull Script script, @NonNull final Whitelist whitelist) throws RejectedAccessException {
         LOGGER.log(Level.WARNING, null, new IllegalStateException(Messages.GroovySandbox_useOfInsecureRunOverload()));
         Whitelist wrapperWhitelist = new ProxyWhitelist(
                 new ClassLoaderWhitelist(script.getClass().getClassLoader()),
@@ -265,7 +265,7 @@ public static Object run(@Nonnull Script script, @Nonnull final Whitelist whitel
      * @deprecated use {@link #runScript}
      */
     @Deprecated
-    public static Object run(@Nonnull final GroovyShell shell, @Nonnull final String script, @Nonnull final Whitelist whitelist) throws RejectedAccessException {
+    public static Object run(@NonNull final GroovyShell shell, @NonNull final String script, @NonNull final Whitelist whitelist) throws RejectedAccessException {
         return new GroovySandbox().withWhitelist(whitelist).runScript(shell, script);
     }
 
@@ -276,7 +276,7 @@ public static Object run(@Nonnull final GroovyShell shell, @Nonnull final String
      * @param classLoader The {@link GroovyClassLoader} to use during compilation.
      * @return The {@link FormValidation} for the compilation check.
      */
-    public static @Nonnull FormValidation checkScriptForCompilationErrors(String script, GroovyClassLoader classLoader) {
+    public static @NonNull FormValidation checkScriptForCompilationErrors(String script, GroovyClassLoader classLoader) {
         try {
             CompilationUnit cu = new CompilationUnit(
                     createSecureCompilerConfiguration(),

@@ -41,8 +41,8 @@
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nonnull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import org.codehaus.groovy.runtime.DateGroovyMethods;
 import org.codehaus.groovy.runtime.DefaultGroovyMethods;
 import org.codehaus.groovy.runtime.EncodingGroovyMethods;
@@ -428,7 +428,7 @@ private static RejectedAccessException unclassifiedField(Object receiver, String
 
     // TODO Java 8: @FunctionalInterface
     private interface Rejector {
-        @Nonnull RejectedAccessException reject();
+        @NonNull RejectedAccessException reject();
     }
 
     @Override public Object onGetAttribute(Invoker invoker, Object receiver, String attribute) throws Throwable {
@@ -516,7 +516,7 @@ private static String printArgumentTypes(Object[] args) {
         return b.toString();
     }
 
-    private static @CheckForNull MetaMethod findMetaMethod(@Nonnull Object receiver, @Nonnull String method, @Nonnull Object[] args) {
+    private static @CheckForNull MetaMethod findMetaMethod(@NonNull Object receiver, @NonNull String method, @NonNull Object[] args) {
         Class<?>[] types = new Class[args.length];
         for (int i = 0; i < types.length; i++) {
             Object arg = args[i];

@@ -55,8 +55,8 @@
 import java.util.concurrent.ConcurrentMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.annotation.CheckForNull;
-import javax.annotation.Nonnull;
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import jenkins.model.Jenkins;
 import org.codehaus.groovy.control.CompilationUnit;
 import org.codehaus.groovy.control.CompilerConfiguration;
@@ -83,20 +83,20 @@
 public final class SecureGroovyScript extends AbstractDescribableImpl<SecureGroovyScript> implements Serializable {
 
     private static final long serialVersionUID = -4347442065624787928L;
-    private final @Nonnull String script;
+    private final @NonNull String script;
     private final boolean sandbox;
     private final @CheckForNull List<ClasspathEntry> classpath;
     private transient boolean calledConfiguring;
 
     static final Logger LOGGER = Logger.getLogger(SecureGroovyScript.class.getName());
 
-    @DataBoundConstructor public SecureGroovyScript(@Nonnull String script, boolean sandbox, @CheckForNull List<ClasspathEntry> classpath) {
+    @DataBoundConstructor public SecureGroovyScript(@NonNull String script, boolean sandbox, @CheckForNull List<ClasspathEntry> classpath) {
         this.script = script;
         this.sandbox = sandbox;
         this.classpath = classpath;
     }
 
-    @Deprecated public SecureGroovyScript(@Nonnull String script, boolean sandbox) {
+    @Deprecated public SecureGroovyScript(@NonNull String script, boolean sandbox) {
         this(script, sandbox, null);
     }
 
@@ -105,15 +105,15 @@ private Object readResolve() {
         return this;
     }
 
-    public @Nonnull String getScript() {
+    public @NonNull String getScript() {
         return script;
     }
 
     public boolean isSandbox() {
         return sandbox;
     }
 
-    public @Nonnull List<ClasspathEntry> getClasspath() {
+    public @NonNull List<ClasspathEntry> getClasspath() {
         return classpath != null ? classpath : Collections.<ClasspathEntry>emptyList();
     }
 
@@ -196,7 +196,7 @@ private static void cleanUpClass(Class<?> clazz, Set<ClassLoader> encounteredLoa
 
     // TODO copied with modifications from CpsFlowExecution; need to find a way to share commonalities
 
-    private static void cleanUpGlobalClassValue(@Nonnull ClassLoader loader) throws Exception {
+    private static void cleanUpGlobalClassValue(@NonNull ClassLoader loader) throws Exception {
         Class<?> classInfoC = Class.forName("org.codehaus.groovy.reflection.ClassInfo");
         // TODO switch to MethodHandle for speed
         Field globalClassValueF = classInfoC.getDeclaredField("globalClassValue");
@@ -247,7 +247,7 @@ private static void cleanUpGlobalClassValue(@Nonnull ClassLoader loader) throws
         }
     }
 
-    private static void cleanUpGlobalClassSet(@Nonnull Class<?> clazz) throws Exception {
+    private static void cleanUpGlobalClassSet(@NonNull Class<?> clazz) throws Exception {
         Class<?> classInfoC = Class.forName("org.codehaus.groovy.reflection.ClassInfo"); // or just ClassInfo.class, but unclear whether this will always be there
         Field globalClassSetF = classInfoC.getDeclaredField("globalClassSet");
         globalClassSetF.setAccessible(true);
@@ -279,7 +279,7 @@ private static void cleanUpGlobalClassSet(@Nonnull Class<?> clazz) throws Except
         }
     }
 
-    private static void cleanUpClassHelperCache(@Nonnull Class<?> clazz) throws Exception {
+    private static void cleanUpClassHelperCache(@NonNull Class<?> clazz) throws Exception {
         Field classCacheF = Class.forName("org.codehaus.groovy.ast.ClassHelper$ClassHelperCache").getDeclaredField("classCache");
         classCacheF.setAccessible(true);
         Object classCache = classCacheF.get(null);
@@ -289,7 +289,7 @@ private static void cleanUpClassHelperCache(@Nonnull Class<?> clazz) throws Exce
         classCache.getClass().getMethod("remove", Object.class).invoke(classCache, clazz);
     }
 
-    private static void cleanUpObjectStreamClassCaches(@Nonnull Class<?> clazz) throws Exception {
+    private static void cleanUpObjectStreamClassCaches(@NonNull Class<?> clazz) throws Exception {
         Class<?> cachesC = Class.forName("java.io.ObjectStreamClass$Caches");
         for (String cacheFName : new String[] {"localDescs", "reflectors"}) {
             Field cacheF = cachesC.getDeclaredField(cacheFName);