Merge branch 'master' of https://gitbox.apache.org/repos/asf/commons-…

…lang.git

.github/workflows/codeql-analysis.yml

@@ -57,7 +57,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93    # 3.26.6
+      uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d    # 3.26.7
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -68,7 +68,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93    # 3.26.6
+      uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d    # 3.26.7
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -82,4 +82,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93    # 3.26.6
+      uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d    # 3.26.7

.github/workflows/maven.yml

@@ -49,7 +49,7 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-maven-
     - name: Set up JDK ${{ matrix.java }}
-      uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
+      uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
       with:
         distribution: 'temurin'      
         java-version: ${{ matrix.java }}

.github/workflows/scorecards-analysis.yml

@@ -57,13 +57,13 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a    # 4.3.6
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874    # 4.4.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93    # 3.26.6
+        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d    # 3.26.7
         with:
           sarif_file: results.sarif

src/changes/changes.xml

@@ -49,6 +49,8 @@ The <action> type attribute can be add,update,fix,remove.
     <!-- FIX -->
     <action                   type="fix" dev="ggregory" due-to="Gary Gregory">Fix flaky FileUtilsWaitForTest.testWaitForNegativeDuration().</action>
     <action                   type="fix" dev="ggregory" due-to="Gary Gregory">Pick up exec-maven-plugin version from parent POM.</action>
+    <action                   type="fix" dev="ggregory" due-to="Gary Gregory">Speed up and sanitize StopWatchTest.</action>
+    <action                   type="fix" dev="ggregory" due-to="Fabrice Benhamouda">Fix handling of non-ASCII letters & numbers in RandomStringUtils #1273.</action> 
     <!-- ADD -->
     <!-- UPDATE -->
     <action                   type="update" dev="ggregory" due-to="Gary Gregory, Dependabot">Bump org.apache.commons:commons-parent from 73 to 74 #1267.</action>

src/main/java/org/apache/commons/lang3/ArrayUtils.java

@@ -4214,7 +4214,7 @@ public static int lastIndexOf(final short[] array, final short valueToFind, int
         return INDEX_NOT_FOUND;
     }
 
-    private static int max0(int other) {
+    private static int max0(final int other) {
         return Math.max(0, other);
     }
 

src/main/java/org/apache/commons/lang3/CachedRandomBits.java

@@ -90,9 +90,9 @@ public int nextBits(final int bits) {
             }
             // generatedBitsInIteration is the number of bits that we will generate
             // in this iteration of the while loop
-            int generatedBitsInIteration = Math.min(8 - (bitIndex & 0x7), bits - generatedBits);
+            final int generatedBitsInIteration = Math.min(8 - (bitIndex & 0x7), bits - generatedBits);
             result = result << generatedBitsInIteration;
-            result |= (cache[bitIndex >> 3] >> (bitIndex & 0x7)) & ((1 << generatedBitsInIteration) - 1);
+            result |= cache[bitIndex >> 3] >> (bitIndex & 0x7) & (1 << generatedBitsInIteration) - 1;
             generatedBits += generatedBitsInIteration;
             bitIndex += generatedBitsInIteration;
         }

src/main/java/org/apache/commons/lang3/RandomStringUtils.java

@@ -93,6 +93,11 @@ public class RandomStringUtils {
             'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1',
             '2', '3', '4', '5', '6', '7', '8', '9' };
 
+    private static final int ASCII_0 = '0';
+    private static final int ASCII_9 = '9';
+    private static final int ASCII_A = 'A';
+    private static final int ASCII_z = 'z';
+
     /**
      * Gets the singleton instance based on {@link ThreadLocalRandom#current()}; <b>which is not cryptographically
      * secure</b>; use {@link #secure()} to use an algorithms/providers specified in the
@@ -277,45 +282,45 @@ public static String random(int count, int start, int end, final boolean letters
             end = Character.MAX_CODE_POINT;
         }
 
-        // Optimize generation of full alphanumerical characters
-        // Normally, we would need to pick a 7-bit integer, since gap = 'z' - '0' + 1 = 75 > 64
-        // In turn, this would make us reject the sampling with probability 1 - 62 / 2^7 > 1 / 2
-        // Instead we can pick directly from the right set of 62 characters, which requires
-        // picking a 6-bit integer and only rejecting with probability 2 / 64 = 1 / 32
-        if (chars == null && letters && numbers && start <= '0' && end >= 'z' + 1) {
-            return random(count, 0, 0, false, false, ALPHANUMERICAL_CHARS, random);
-        }
+        // Optimizations and tests when chars == null and using ASCII characters (end <= 0x7f)
+        if (chars == null && end <= 0x7f) {
+            // Optimize generation of full alphanumerical characters
+            // Normally, we would need to pick a 7-bit integer, since gap = 'z' - '0' + 1 = 75 > 64
+            // In turn, this would make us reject the sampling with probability 1 - 62 / 2^7 > 1 / 2
+            // Instead we can pick directly from the right set of 62 characters, which requires
+            // picking a 6-bit integer and only rejecting with probability 2 / 64 = 1 / 32
+            if (letters && numbers && start <= ASCII_0 && end >= ASCII_z + 1) {
+                return random(count, 0, 0, false, false, ALPHANUMERICAL_CHARS, random);
+            }
 
-        // Optimize start and end when filtering by letters and/or numbers:
-        // The range provided may be too large since we filter anyway afterward.
-        // Note the use of Math.min/max (as opposed to setting start to '0' for example),
-        // since it is possible the range start/end excludes some of the letters/numbers,
-        // e.g., it is possible that start already is '1' when numbers = true, and start
-        // needs to stay equal to '1' in that case.
-        if (chars == null) {
+            if (numbers && end <= ASCII_0 || letters && end <= ASCII_A) {
+                throw new IllegalArgumentException(
+                        "Parameter end (" + end + ") must be greater then (" + ASCII_0 + ") for generating digits "
+                                + "or greater then (" + ASCII_A + ") for generating letters.");
+            }
+
+            // Optimize start and end when filtering by letters and/or numbers:
+            // The range provided may be too large since we filter anyway afterward.
+            // Note the use of Math.min/max (as opposed to setting start to '0' for example),
+            // since it is possible the range start/end excludes some of the letters/numbers,
+            // e.g., it is possible that start already is '1' when numbers = true, and start
+            // needs to stay equal to '1' in that case.
+            // Note that because of the above test, we will always have start < end
+            // even after this optimization.
             if (letters && numbers) {
-                start = Math.max('0', start);
-                end = Math.min('z' + 1, end);
+                start = Math.max(ASCII_0, start);
+                end = Math.min(ASCII_z + 1, end);
             } else if (numbers) {
                 // just numbers, no letters
-                start = Math.max('0', start);
-                end = Math.min('9' + 1, end);
+                start = Math.max(ASCII_0, start);
+                end = Math.min(ASCII_9 + 1, end);
             } else if (letters) {
                 // just letters, no numbers
-                start = Math.max('A', start);
-                end = Math.min('z' + 1, end);
+                start = Math.max(ASCII_A, start);
+                end = Math.min(ASCII_z + 1, end);
             }
         }
 
-        final int zeroDigitAscii = 48;
-        final int firstLetterAscii = 65;
-
-        if (chars == null && (numbers && end <= zeroDigitAscii || letters && end <= firstLetterAscii)) {
-            throw new IllegalArgumentException(
-                    "Parameter end (" + end + ") must be greater then (" + zeroDigitAscii + ") for generating digits "
-                            + "or greater then (" + firstLetterAscii + ") for generating letters.");
-        }
-
         final StringBuilder builder = new StringBuilder(count);
         final int gap = end - start;
         final int gapBits = Integer.SIZE - Integer.numberOfLeadingZeros(gap);

src/main/java/org/apache/commons/lang3/builder/EqualsBuilder.java

@@ -412,11 +412,11 @@ public EqualsBuilder append(final boolean[] lhs, final boolean[] rhs) {
             return this;
         }
         if (lhs == null || rhs == null) {
-            this.setEquals(false);
+            setEquals(false);
             return this;
         }
         if (lhs.length != rhs.length) {
-            this.setEquals(false);
+            setEquals(false);
             return this;
         }
         for (int i = 0; i < lhs.length && isEquals; ++i) {

src/main/java/org/apache/commons/lang3/builder/ReflectionToStringBuilder.java

@@ -551,9 +551,9 @@ public <T> ReflectionToStringBuilder(
             final T object, final ToStringStyle style, final StringBuffer buffer,
             final Class<? super T> reflectUpToClass, final boolean outputTransients, final boolean outputStatics) {
         super(object, style, buffer);
-        this.setUpToClass(reflectUpToClass);
-        this.setAppendTransients(outputTransients);
-        this.setAppendStatics(outputStatics);
+        setUpToClass(reflectUpToClass);
+        setAppendTransients(outputTransients);
+        setAppendStatics(outputStatics);
     }
 
     /**
@@ -582,10 +582,10 @@ public <T> ReflectionToStringBuilder(
             final Class<? super T> reflectUpToClass, final boolean outputTransients, final boolean outputStatics,
             final boolean excludeNullValues) {
         super(object, style, buffer);
-        this.setUpToClass(reflectUpToClass);
-        this.setAppendTransients(outputTransients);
-        this.setAppendStatics(outputStatics);
-        this.setExcludeNullValues(excludeNullValues);
+        setUpToClass(reflectUpToClass);
+        setAppendTransients(outputTransients);
+        setAppendStatics(outputStatics);
+        setExcludeNullValues(excludeNullValues);
     }
 
     /**
@@ -605,11 +605,11 @@ protected boolean accept(final Field field) {
             // Reject field from inner class.
             return false;
         }
-        if (Modifier.isTransient(field.getModifiers()) && !this.isAppendTransients()) {
+        if (Modifier.isTransient(field.getModifiers()) && !isAppendTransients()) {
             // Reject transient fields.
             return false;
         }
-        if (Modifier.isStatic(field.getModifiers()) && !this.isAppendStatics()) {
+        if (Modifier.isStatic(field.getModifiers()) && !isAppendStatics()) {
             // Reject static fields.
             return false;
         }
@@ -641,19 +641,19 @@ protected boolean accept(final Field field) {
      */
     protected void appendFieldsIn(final Class<?> clazz) {
         if (clazz.isArray()) {
-            this.reflectionAppendArray(this.getObject());
+            reflectionAppendArray(getObject());
             return;
         }
         // The elements in the returned array are not sorted and are not in any particular order.
         final Field[] fields = ArraySorter.sort(clazz.getDeclaredFields(), Comparator.comparing(Field::getName));
         AccessibleObject.setAccessible(fields, true);
         for (final Field field : fields) {
             final String fieldName = field.getName();
-            if (this.accept(field)) {
+            if (accept(field)) {
                 try {
                     // Warning: Field.get(Object) creates wrappers objects
                     // for primitive types.
-                    final Object fieldValue = this.getValue(field);
+                    final Object fieldValue = getValue(field);
                     if (!excludeNullValues || fieldValue != null) {
                         this.append(fieldName, fieldValue, !field.isAnnotationPresent(ToStringSummary.class));
                     }
@@ -709,7 +709,7 @@ public Class<?> getUpToClass() {
      * @see java.lang.reflect.Field#get(Object)
      */
     protected Object getValue(final Field field) throws IllegalAccessException {
-        return field.get(this.getObject());
+        return field.get(getObject());
     }
 
     /**
@@ -749,7 +749,7 @@ public boolean isExcludeNullValues() {
      * @return {@code this} instance.
      */
     public ReflectionToStringBuilder reflectionAppendArray(final Object array) {
-        this.getStyle().reflectionAppendArrayDetail(this.getStringBuffer(), null, array);
+        getStyle().reflectionAppendArrayDetail(getStringBuffer(), null, array);
         return this;
     }
 
@@ -843,17 +843,17 @@ public void setUpToClass(final Class<?> clazz) {
      */
     @Override
     public String toString() {
-        if (this.getObject() == null) {
-            return this.getStyle().getNullText();
+        if (getObject() == null) {
+            return getStyle().getNullText();
         }
 
         validate();
 
-        Class<?> clazz = this.getObject().getClass();
-        this.appendFieldsIn(clazz);
-        while (clazz.getSuperclass() != null && clazz != this.getUpToClass()) {
+        Class<?> clazz = getObject().getClass();
+        appendFieldsIn(clazz);
+        while (clazz.getSuperclass() != null && clazz != getUpToClass()) {
             clazz = clazz.getSuperclass();
-            this.appendFieldsIn(clazz);
+            appendFieldsIn(clazz);
         }
         return super.toString();
     }
@@ -863,7 +863,7 @@ public String toString() {
      */
     private void validate() {
         if (ArrayUtils.containsAny(this.excludeFieldNames, (Object[]) this.includeFieldNames)) {
-            ToStringStyle.unregister(this.getObject());
+            ToStringStyle.unregister(getObject());
             throw new IllegalStateException("includeFieldNames and excludeFieldNames must not intersect");
         }
     }

src/main/java/org/apache/commons/lang3/builder/ToStringBuilder.java

@@ -911,7 +911,7 @@ public ToStringBuilder append(final String fieldName, final short[] array, final
      * @since 2.0
      */
     public ToStringBuilder appendAsObjectToString(final Object srcObject) {
-        ObjectUtils.identityToString(this.getStringBuffer(), srcObject);
+        ObjectUtils.identityToString(getStringBuffer(), srcObject);
         return this;
     }
 
@@ -1024,11 +1024,11 @@ public ToStringStyle getStyle() {
      */
     @Override
     public String toString() {
-        if (this.getObject() == null) {
-            this.getStringBuffer().append(this.getStyle().getNullText());
+        if (getObject() == null) {
+            getStringBuffer().append(getStyle().getNullText());
         } else {
-            style.appendEnd(this.getStringBuffer(), this.getObject());
+            style.appendEnd(getStringBuffer(), getObject());
         }
-        return this.getStringBuffer().toString();
+        return getStringBuffer().toString();
     }
 }