diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e81a566879..d4d7a047d7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,25 +1,14 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. name: "CodeQL" +permissions: read-all on: push: - branches: [master] + branches: [master, v2.dev, v3.dev] pull_request: - # The branches below must be a subset of the branches above - branches: [master] + branches: [master, v2.dev, v3.dev] schedule: - cron: '0 0 * * 4' -permissions: - actions: read - contents: read - pull-requests: read - security-events: write - env: DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} JAVA_VERSION: 21 @@ -28,6 +17,15 @@ jobs: analyze: name: Analyze runs-on: ubuntu-latest + permissions: + actions: read + contents: read + pull-requests: read + security-events: write + strategy: + fail-fast: false + matrix: + language: [ actions, java ] steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -53,13 +51,35 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Gradle uses: ./.github/actions/run-gradle + if: ${{ matrix.language == 'java' }} with: java: ${{ env.JAVA_VERSION }} cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} - - name: Initialize CodeQL + - name: Initialize CodeQL (Actions) + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + if: ${{ matrix.language == 'actions' }} + with: + languages: actions + - name: Initialize CodeQL (Java - Fast) + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + if: ${{ matrix.language == 'java' && github.event_name != 'schedule' }} + with: + queries: +security-and-quality,security-extended,security-experimental + languages: java-kotlin + - name: Initialize CodeQL (Java - Thorough) uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + if: ${{ matrix.language == 'java' && github.event_name == 'schedule' }} with: - languages: java + queries: +security-and-quality,security-extended,security-experimental + languages: java-kotlin + packs: > + +codeql/java-queries:., + githubsecuritylab/codeql-java-queries, + githubsecuritylab/codeql-java-extensions, + githubsecuritylab/codeql-java-library-sources, + githubsecuritylab/codeql-java-queries:suites/java-local.qls + config: | + threat-models: local - name: Autobuild uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 - name: Perform CodeQL Analysis diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java index 1dfa6cff56..fd1fc5157a 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/BoundedLocalCacheTest.java @@ -805,7 +805,7 @@ private static void checkContainsInOrder(Cache cache, Iterable ex public void evict_candidate_lru(BoundedLocalCache cache, CacheContext context) { cache.setMainProtectedMaximum(0); cache.setWindowMaximum(context.maximumSize()); - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var oldValue = cache.put(Int.valueOf(i), Int.valueOf(i)); assertThat(oldValue).isNull(); } @@ -851,7 +851,7 @@ public void evict_window_candidates(BoundedLocalCache cache, CacheCont cache.setWindowMaximum(context.maximumSize() / 2); cache.setMainProtectedMaximum(0); - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var value = cache.put(Int.valueOf(i), Int.valueOf(i)); assertThat(value).isNull(); } @@ -876,7 +876,7 @@ public void evict_window_fallback(BoundedLocalCache cache, CacheContex cache.setWindowMaximum(context.maximumSize() / 2); cache.setMainProtectedMaximum(0); - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var value = cache.put(Int.valueOf(i), Int.valueOf(i)); assertThat(value).isNull(); } @@ -900,7 +900,7 @@ public void evict_candidateIsVictim(BoundedLocalCache cache, CacheCont cache.setMainProtectedMaximum(context.maximumSize() / 2); cache.setWindowMaximum(context.maximumSize() / 2); - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var value = cache.put(Int.valueOf(i), Int.valueOf(i)); assertThat(value).isNull(); } @@ -933,7 +933,7 @@ public void evict_candidateIsVictim(BoundedLocalCache cache, CacheCont maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED, removalListener = Listener.CONSUMING) public void evict_toZero(BoundedLocalCache cache, CacheContext context) { - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var value = cache.put(Int.valueOf(i), Int.valueOf(i)); assertThat(value).isNull(); } @@ -1016,7 +1016,7 @@ public void evict_zeroWeight_candidate(BoundedLocalCache cache, CacheC return Math.abs(value.intValue()); }); - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { assertThat(cache.put(Int.valueOf(i), Int.valueOf(1))).isNull(); } @@ -1042,7 +1042,7 @@ public void evict_zeroWeight_victim(BoundedLocalCache cache, CacheCont return Math.abs(value.intValue()); }); - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { assertThat(cache.put(Int.valueOf(i), Int.valueOf(1))).isNull(); } @@ -1673,7 +1673,7 @@ public void exceedsMaximumBufferSize_onWrite( public void fastpath(BoundedLocalCache cache, CacheContext context) { assertThat(cache.skipReadBuffer()).isTrue(); - for (int i = 0; i < (context.maximumSize() / 2) - 1; i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize() / 2) - 1; i++) { var oldValue = cache.put(Int.valueOf(i), Int.valueOf(-i)); assertThat(oldValue).isNull(); } @@ -1766,7 +1766,7 @@ public void drain_blocksClear(BoundedLocalCache cache, CacheContext co public void drain_blocksOrderedMap(BoundedLocalCache cache, CacheContext context, Eviction eviction) { checkDrainBlocks(cache, () -> { - var results = eviction.coldest(((int) context.maximumSize())); + var results = eviction.coldest(Math.toIntExact(context.maximumSize())); assertThat(results).isEmpty(); }); } @@ -2130,8 +2130,8 @@ public void unschedule_invalidateAll(BoundedLocalCache cache, CacheCon @CacheSpec(population = Population.EMPTY, expireAfterAccess = Expire.ONE_MINUTE, maximumSize = {Maximum.DISABLED, Maximum.FULL}, weigher = CacheWeigher.DISABLED) public void expirationDelay_window(BoundedLocalCache cache, CacheContext context) { - int maximum = cache.evicts() ? (int) context.maximumSize() : 100; - long stepSize = context.expireAfterAccess().timeNanos() / (2 * maximum); + int maximum = cache.evicts() ? Math.toIntExact(context.maximumSize()) : 100; + long stepSize = context.expireAfterAccess().timeNanos() / (2L * maximum); for (int i = 0; i < maximum; i++) { var key = intern(Int.valueOf(i)); var value = cache.put(key, key); @@ -2166,7 +2166,7 @@ public void expirationDelay_window(BoundedLocalCache cache, CacheConte maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED) public void expirationDelay_probation(BoundedLocalCache cache, CacheContext context) { long stepSize = context.expireAfterAccess().timeNanos() / (2 * context.maximumSize()); - for (int i = 0; i < (int) context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var key = intern(Int.valueOf(i)); var value = cache.put(key, key); assertThat(value).isNull(); @@ -2198,7 +2198,7 @@ public void expirationDelay_probation(BoundedLocalCache cache, CacheCo maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED) public void expirationDelay_protected(BoundedLocalCache cache, CacheContext context) { long stepSize = context.expireAfterAccess().timeNanos() / (2 * context.maximumSize()); - for (int i = 0; i < (int) context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var key = intern(Int.valueOf(i)); var value = cache.put(key, key); assertThat(value).isNull(); @@ -2231,7 +2231,7 @@ public void expirationDelay_protected(BoundedLocalCache cache, CacheCo maximumSize = Maximum.FULL, weigher = CacheWeigher.DISABLED) public void expirationDelay_writeOrder(BoundedLocalCache cache, CacheContext context) { long stepSize = context.expireAfterWrite().timeNanos() / (2 * context.maximumSize()); - for (int i = 0; i < (int) context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { var key = intern(Int.valueOf(i)); var value = cache.put(key, key); assertThat(value).isNull(); @@ -2254,8 +2254,8 @@ public void expirationDelay_writeOrder(BoundedLocalCache cache, CacheC expiry = CacheExpiry.WRITE, expiryTime = Expire.ONE_MINUTE) public void expirationDelay_varTime(BoundedLocalCache cache, CacheContext context) { long startTime = context.ticker().read(); - int maximum = cache.evicts() ? (int) context.maximumSize() : 100; - long stepSize = context.expiryTime().timeNanos() / (2 * maximum); + int maximum = cache.evicts() ? Math.toIntExact(context.maximumSize()) : 100; + long stepSize = context.expiryTime().timeNanos() / (2L * maximum); for (int i = 0; i < maximum; i++) { var key = intern(Int.valueOf(i)); var value = cache.put(key, key); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CacheTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CacheTest.java index af7ea6bd3c..975e48afb0 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CacheTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/CacheTest.java @@ -348,7 +348,7 @@ final class Key { } var keys = intern(new ArrayList()); - for (int i = 0; i < Population.FULL.size(); i++) { + for (int i = 0; i < Math.toIntExact(Population.FULL.size()); i++) { keys.add(new Key()); } @@ -603,7 +603,7 @@ final class Key { Cache cache = context.build(key -> null); var keys = new ArrayList(); - for (int i = 0; i < Population.FULL.size(); i++) { + for (int i = 0; i < Math.toIntExact(Population.FULL.size()); i++) { keys.add(intern(new Key())); } Key key = requireNonNull(Iterables.getLast(keys)); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/EvictionTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/EvictionTest.java index e72fe319fe..6047d5bdb8 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/EvictionTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/EvictionTest.java @@ -131,7 +131,7 @@ public void evict(Cache cache, CacheContext context) { initialCapacity = InitialCapacity.EXCESSIVE) public void evict_weighted(Cache> cache, CacheContext context) { // Enforce full initialization of internal structures - for (int i = 0; i < context.maximumSize(); i++) { + for (int i = 0; i < Math.toIntExact(context.maximumSize()); i++) { cache.put(Int.valueOf(i), List.of()); } cache.invalidateAll(); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/ExpireAfterAccessTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/ExpireAfterAccessTest.java index 85dffcc2fd..16f92589aa 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/ExpireAfterAccessTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/ExpireAfterAccessTest.java @@ -414,7 +414,7 @@ public void oldest_zero(CacheContext context, @CacheSpec(population = Population.FULL, expireAfterAccess = Expire.ONE_MINUTE) public void oldest_partial(CacheContext context, @ExpireAfterAccess FixedExpiration expireAfterAccess) { - int count = (int) context.initialSize() / 2; + int count = Math.toIntExact(context.initialSize() / 2); assertThat(expireAfterAccess.oldest(count)).hasSize(count); } diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/FrequencySketchTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/FrequencySketchTest.java index d6e851be8c..c9124e89b6 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/FrequencySketchTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/FrequencySketchTest.java @@ -57,7 +57,7 @@ public void ensureCapacity_smaller(FrequencySketch sketch) { @Test(dataProvider = "sketch") public void ensureCapacity_larger(FrequencySketch sketch) { int size = sketch.table.length; - sketch.ensureCapacity(2 * size); + sketch.ensureCapacity(2L * size); assertThat(sketch.table).hasLength(2 * size); assertThat(sketch.sampleSize).isEqualTo(10 * 2 * size); assertThat(sketch.blockMask).isEqualTo(((2 * size) >> 3) - 1); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/LoadingCacheTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/LoadingCacheTest.java index 8d5b26975f..6f7fc11d3b 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/LoadingCacheTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/LoadingCacheTest.java @@ -440,7 +440,7 @@ final class Key { LoadingCache cache = context.build(key -> null); var keys = intern(new ArrayList()); - for (int i = 0; i < Population.FULL.size(); i++) { + for (int i = 0; i < Math.toIntExact(Population.FULL.size()); i++) { keys.add(new Key()); } Key key = requireNonNull(Iterables.getLast(keys)); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/RefreshAfterWriteTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/RefreshAfterWriteTest.java index 836a45a4c7..409ac55842 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/RefreshAfterWriteTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/RefreshAfterWriteTest.java @@ -956,7 +956,7 @@ public void getRefreshesAfter(CacheContext context, FixedRefresh refre @Test(dataProvider = "caches") @CacheSpec(refreshAfterWrite = Expire.ONE_MINUTE) - public void setRefreshAfter_negative(Cache cache, + public void setRefreshAfter_negative( CacheContext context, FixedRefresh refreshAfterWrite) { var duration = Duration.ofMinutes(-2); assertThrows(IllegalArgumentException.class, () -> @@ -965,7 +965,7 @@ public void setRefreshAfter_negative(Cache cache, @Test(dataProvider = "caches") @CacheSpec(refreshAfterWrite = Expire.ONE_MINUTE) - public void setRefreshAfter_excessive(Cache cache, + public void setRefreshAfter_excessive( CacheContext context, FixedRefresh refreshAfterWrite) { refreshAfterWrite.setRefreshesAfter(ChronoUnit.FOREVER.getDuration()); assertThat(refreshAfterWrite.getRefreshesAfter(TimeUnit.NANOSECONDS)).isEqualTo(Long.MAX_VALUE); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/issues/Solr10141Test.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/issues/Solr10141Test.java index e3514156ac..d2e76917f3 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/issues/Solr10141Test.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/issues/Solr10141Test.java @@ -107,7 +107,7 @@ void test(Random r) { // thread was just reading/writing lastBlock.set(block); - Long k = block; + long k = block; Val v = cache.getIfPresent(k); if (v != null) { hits.incrementAndGet(); @@ -172,7 +172,7 @@ public void clear() { } void test(Random r) { - Long k = (long) r.nextInt(blocksInTest); + long k = r.nextInt(blocksInTest); Val v = cache.getIfPresent(k); if (v != null) { assertThat(k).isEqualTo(v.key); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/testing/CacheGenerator.java b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/testing/CacheGenerator.java index 9366b7cef6..236524feb4 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/cache/testing/CacheGenerator.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/cache/testing/CacheGenerator.java @@ -217,8 +217,8 @@ private static void populate(CacheContext context, Cache cache) { return; } - int maximum = (int) Math.min(context.maximumSize(), context.population.size()); - int first = BASE + (int) Math.min(0, context.population.size()); + int maximum = Math.toIntExact(Math.min(context.maximumSize(), context.population.size())); + int first = Math.toIntExact(BASE + Math.min(0, context.population.size())); int last = BASE + maximum - 1; int middle = Math.max(first, BASE + ((last - first) / 2)); diff --git a/caffeine/src/test/java/com/github/benmanes/caffeine/eclipse/acceptance/ParallelMapIteratePutAcceptanceTest.java b/caffeine/src/test/java/com/github/benmanes/caffeine/eclipse/acceptance/ParallelMapIteratePutAcceptanceTest.java index fdaf6ed994..c41708b4ff 100644 --- a/caffeine/src/test/java/com/github/benmanes/caffeine/eclipse/acceptance/ParallelMapIteratePutAcceptanceTest.java +++ b/caffeine/src/test/java/com/github/benmanes/caffeine/eclipse/acceptance/ParallelMapIteratePutAcceptanceTest.java @@ -39,7 +39,7 @@ public abstract class ParallelMapIteratePutAcceptanceTest { LoggerFactory.getLogger(ParallelMapIteratePutAcceptanceTest.class); private static final long SEED = 0x12345678ABCDL; - private static final long PUT_REPEAT = 100; + private static final int PUT_REPEAT = 100; private static final int CHUNK_SIZE = 16000; private static final int MAX_THREADS = 48; @@ -90,7 +90,7 @@ private void runAllPutTests(Integer[] contents, Integer[] constContents) { private void runPutTest1(int threadCount, Integer[] contents, Integer[] constContents, ExecutorService executorService, boolean warmup) { - long ops = ((warmup ? 100_000 : 100_000 * PUT_REPEAT) / contents.length) + 1; + int ops = ((warmup ? 100_000 : 100_000 * PUT_REPEAT) / contents.length) + 1; Future[] futures = new Future[threadCount]; for (int i = 0; i < ops; i++) { ConcurrentMutableMap map = newMap(constContents.length); diff --git a/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/admission/countmin4/ClimberResetCountMin4.java b/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/admission/countmin4/ClimberResetCountMin4.java index 4ad3fa6fc6..578e9d8515 100644 --- a/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/admission/countmin4/ClimberResetCountMin4.java +++ b/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/admission/countmin4/ClimberResetCountMin4.java @@ -129,7 +129,7 @@ public int getStep() { } public void setStep(int x) { - this.step = Math.max(1, Math.min(15, step)); + this.step = Math.max(1, Math.min(15, x)); } public int getEventsToCount() {