Run SpotBugs early in CI code-style gate; suppress model-path PATH_TRAVERSAL_IN

claude · claude · commit 65bbf02a4c91 · 2026-06-26T06:38:28.000Z
spotbugs:check is bound to the Maven verify phase, which only the publish deploy goal reaches, so SpotBugs ran only at snapshot/release publish — a PATH_TRAVERSAL_IN finding red a release after every jar had already built. Add a SpotBugs step to the existing fast code-style job (after Spotless, before the informational jdeps step) so it runs on every PR/push and gates publish (publish-* already needs: code-style). Mirrors the existing early Spotless gate; no needs: change required. Provisionally suppress the PATH_TRAVERSAL_IN finding in OfflineModelGuard / ModelParameters (operator-supplied --model path; same threat model as the existing LlamaLoader suppression) and track an open deep-check in TODO.md for whether it — and the LlamaLoader suppression — can be genuinely resolved. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0137c1LhUbNvW3kt4eF9Kqyb
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -84,6 +84,8 @@ jobs:
           distribution: temurin
       - name: Spotless check (fail fast on format violations)
         run: mvn -B --no-transfer-progress spotless:check
+      - name: SpotBugs check (fail fast on static-analysis findings)
+        run: mvn -B --no-transfer-progress -DskipTests -Denforcer.skip=true compile spotbugs:check
       - name: Print internal package dependency graph (jdeps, informational)
         continue-on-error: true
         run: |
diff --git a/TODO.md b/TODO.md
@@ -13,6 +13,19 @@ cross-cutting initiative.
 
 ## Open — jllama-specific
 
+### PATH_TRAVERSAL_IN suppressions — deep-check whether they can be resolved (open)
+
+Two `PATH_TRAVERSAL_IN` suppressions live in `spotbugs-exclude.xml`: the long-standing
+`LlamaLoader` (native-lib path resolved from three operator-controlled inputs) and the new
+`OfflineModelGuard` / `ModelParameters` (`--model` GGUF path), added when SpotBugs moved from
+the publish-only `verify` phase to the fast early `code-style` CI gate (so the finding now reds
+every PR, not just a release). Both are currently justified as "operator-supplied path, no
+meaningful allowed-root." **Deep-check whether a genuine fix is feasible** — e.g. canonicalize +
+validate, reject `..` traversal where an expected root exists, or otherwise narrow the sink —
+instead of suppressing. If it is, replace the suppression with code + a regression test; if it
+genuinely is not, keep the suppression and record the finalized rationale here (and on the
+`LlamaLoader` block). See [`../workspace/policies/spotbugs-suppressions.md`](../workspace/policies/spotbugs-suppressions.md).
+
 ### PIT gate not hermetic — `value.ContentPart.audioFile(Path)` (open)
 
 The PIT mutation gate reaches 100% **only when the audio test fixture is present**. Without it the
diff --git a/spotbugs-exclude.xml b/spotbugs-exclude.xml
@@ -147,6 +147,29 @@ SPDX-License-Identifier: MIT
         <Bug pattern="PATH_TRAVERSAL_IN"/>
     </Match>
 
+    <!--
+        PROVISIONAL (under review; see java-llama.cpp TODO.md
+        "PATH_TRAVERSAL_IN suppressions deep-check"). Same operator-supplied
+        model-path case as the LlamaLoader suppression above.
+        OfflineModelGuard.check() does Files.exists(Paths.get(model)) where the
+        model path comes from ModelParameters.getModel() (the configured local
+        model file) to verify the GGUF exists before native load; findsecbugs
+        PATH_TRAVERSAL_IN taints that path. The model path is configured by
+        whoever launches the process (CLI flag or builder), not untrusted
+        end-user input, and the whole point of the setting is to let the
+        operator point at an arbitrary GGUF on disk, so there is no meaningful
+        allowed-root to validate against. Suppressed pending a deep check of
+        whether a real resolution (canonicalize / restrict) is feasible for
+        this and the LlamaLoader case.
+    -->
+    <Match>
+        <Or>
+            <Class name="net.ladenthin.llama.loader.OfflineModelGuard"/>
+            <Class name="net.ladenthin.llama.parameters.ModelParameters"/>
+        </Or>
+        <Bug pattern="PATH_TRAVERSAL_IN"/>
+    </Match>
+
     <!--
         LlamaIterator and LlamaModel form a deliberate producer/consumer
         cycle: LlamaModel.generate(...) returns a LlamaIterable that
