[keycloak-dev] Code cleanup

Thomas Darimont thomas.darimont at googlemail.com
Wed Jun 29 11:55:54 EDT 2016


Hello group,

I just ran findbugs [1] with the find-sec-bugs [0] and found quite a bunch
of rather
suspicious places in the Keycloak codebase.

Note that I don't wont to blame anyone but rather try to improve the
codebase :)

For instance there are some quite prominent (and sensitive) non-final
public static fields that could
be easily changed to something else (in case they aren't inlined).
https://github.com/keycloak/keycloak/blob/3c0f7e2ee2140a9e69e4e95eb24d5a122e63e09a/server-spi/src/main/java/org/keycloak/models/AdminRoles.java#L25

Further more there seem to be some dead code left-overs from merges spread
over the codebase e.g:
https://github.com/keycloak/keycloak/blob/3a669ad7d5b4a72a8eb2bbb23e91083b63f59a2f/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java#L144

Question is how to deal with that?
I could send PRs for those issues - they would contain quite a bunch of
files
with minor changes. Would you be open to such contributions and if so, what
JIRA issue
should one reference here?

Cheers,
Thomas

[0] http://find-sec-bugs.github.io/
[1] https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160629/fb2bf8b0/attachment.html 


More information about the keycloak-dev mailing list