wolfSSL
diff --git a/‎.github/workflows/android_gradle.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/android_gradle.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/spotbugs.yml‎
Lines changed: 95 additions & 0 deletions b/‎.github/workflows/spotbugs.yml‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎build.xml‎
Lines changed: 77 additions & 0 deletions b/‎build.xml‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎jni/include/com_wolfssl_wolfcrypt_WolfCrypt.h‎
Lines changed: 14 additions & 0 deletions b/‎jni/include/com_wolfssl_wolfcrypt_WolfCrypt.h‎
Lines changed: 14 additions & 0 deletions
@@ -65,29 +65,29 @@ jobs:
           path: |
             ~/.android/avd/*
             ~/.android/adb*
-          key: avd-wolfcryptjni-30-x86_64-atd-v1
+          key: avd-wolfcryptjni-30-x86_64-google_apis-v1
 
       # Create AVD and generate snapshot for caching
       - name: Create AVD and generate snapshot
         if: steps.avd-cache.outputs.cache-hit != 'true'
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@v2.37.0
         with:
           api-level: 30
           arch: x86_64
-          target: aosp_atd
+          target: google_apis
           force-avd-creation: false
           emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           disable-animations: true
           script: echo "Generated AVD snapshot for caching"
 
       # Run instrumented tests on Android emulator
       - name: Run Android Instrumented Tests
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@v2.37.0
         timeout-minutes: 15
         with:
           api-level: 30
           arch: x86_64
-          target: aosp_atd
+          target: google_apis
           force-avd-creation: false
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           disable-animations: true
 
@@ -0,0 +1,95 @@
+name: SpotBugs Static Analysis
+
+on:
+  pull_request:
+    branches: [ '*' ]
+    paths:
+      - '**/*.java'
+      - 'build.xml'
+      - 'spotbugs-exclude.xml'
+
+jobs:
+  spotbugs:
+    runs-on: ubuntu-latest
+    name: Run SpotBugs
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Java 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Set up Ant
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ant
+
+      - name: Download JUnit
+        run: |
+          mkdir -p /tmp/junit
+          wget -q -P /tmp/junit \
+            "https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar"
+          echo "JUNIT_HOME=/tmp/junit" >> $GITHUB_ENV
+
+      - name: Download and set up SpotBugs
+        run: |
+          SPOTBUGS_VERSION="4.9.3"
+          wget -q "https://github.com/spotbugs/spotbugs/releases/download/${SPOTBUGS_VERSION}/spotbugs-${SPOTBUGS_VERSION}.tgz"
+          tar xzf "spotbugs-${SPOTBUGS_VERSION}.tgz"
+          echo "SPOTBUGS_HOME=${GITHUB_WORKSPACE}/spotbugs-${SPOTBUGS_VERSION}" >> $GITHUB_ENV
+
+      - name: Run SpotBugs
+        run: |
+          ant spotbugs
+
+      - name: Check for SpotBugs warnings
+        if: always()
+        run: |
+          REPORT="build/reports/spotbugs.html"
+          if [ ! -f "$REPORT" ]; then
+            echo "SpotBugs report not found"
+            exit 1
+          fi
+
+          # Extract warning count from report
+          COUNT=$(python3 -c "
+          import re
+          with open('$REPORT', 'r') as f:
+              content = f.read()
+          m = re.search(r'<b>Total Warnings</b>.*?<b>(\d+)</b>', content, re.DOTALL)
+          print(m.group(1) if m else '0')
+          ")
+
+          if [ "$COUNT" -eq 0 ]; then
+            echo "=================================="
+            echo "SpotBugs: 0 warnings found"
+            echo "=================================="
+            exit 0
+          fi
+
+          echo "=================================="
+          echo "SpotBugs: $COUNT warning(s) found"
+          echo "=================================="
+          echo ""
+
+          # Print each warning
+          python3 -c "
+          import re
+          with open('$REPORT', 'r') as f:
+              content = f.read()
+          pattern = r'priority-(\d)\">([\w]+)</span>.*?</td>\s*<td>(.*?)</td>.*?Bug type (\w+).*?</p>'
+          warnings = re.findall(pattern, content, re.DOTALL)
+          for pri, code, desc, full_type in warnings:
+              d = re.sub(r'<[^>]+>', '', desc).strip()
+              loc = ''
+              m2 = re.search(r'At ([\w.]+:\[line \d+\])', d)
+              print(f'[P{pri}] {full_type}')
+              print(f'  {d[:200]}')
+              print()
+          "
+
+          exit 1
@@ -534,5 +534,82 @@
         description="Build library JAR (JNI + JCE classes)">
     </target>
 
+    <!-- SpotBugs Static Analysis:
+         Run with 'ant spotbugs' to generate report.
+         Requires SPOTBUGS_HOME environment variable to be set.
+         Download from: https://spotbugs.github.io/
+         Report generated at: build/reports/spotbugs.html -->
+
+    <!-- Only define SpotBugs task if SPOTBUGS_HOME is set -->
+    <condition property="spotbugs.available">
+        <and>
+            <isset property="env.SPOTBUGS_HOME"/>
+            <available
+                file="${env.SPOTBUGS_HOME}/lib/spotbugs-ant.jar"/>
+        </and>
+    </condition>
+
+    <!-- Check if Java version is 11+ (required by SpotBugs 4.8+) -->
+    <condition property="spotbugs.java.compatible">
+        <not>
+            <or>
+                <equals arg1="${ant.java.version}" arg2="1.5"/>
+                <equals arg1="${ant.java.version}" arg2="1.6"/>
+                <equals arg1="${ant.java.version}" arg2="1.7"/>
+                <equals arg1="${ant.java.version}" arg2="1.8"/>
+                <equals arg1="${ant.java.version}" arg2="9"/>
+                <equals arg1="${ant.java.version}" arg2="10"/>
+            </or>
+        </not>
+    </condition>
+
+    <target name="spotbugs-taskdef" if="spotbugs.available">
+        <taskdef
+            resource="edu/umd/cs/findbugs/anttask/tasks.properties">
+            <classpath>
+                <fileset dir="${env.SPOTBUGS_HOME}/lib"
+                         includes="*.jar"/>
+            </classpath>
+        </taskdef>
+    </target>
+
+    <target name="spotbugs-check">
+        <fail unless="spotbugs.java.compatible">
+SpotBugs requires Java 11 or later to run.
+
+Current Java version: ${ant.java.version}
+
+To fix this, run ant with Java 11+:
+  export JAVA_HOME=/path/to/jdk11
+  ant spotbugs
+        </fail>
+        <fail unless="spotbugs.available">
+SpotBugs not found. Please set SPOTBUGS_HOME.
+
+To install SpotBugs:
+  1. Download from https://spotbugs.github.io/
+  2. Extract (e.g., /opt/spotbugs-4.8.6)
+  3. Set SPOTBUGS_HOME=/opt/spotbugs-4.8.6
+  4. Run 'ant spotbugs'
+        </fail>
+    </target>
+
+    <target name="spotbugs"
+        depends="build-jce-debug, spotbugs-check, spotbugs-taskdef"
+        description="Run SpotBugs static analysis">
+        <mkdir dir="${reports.dir}"/>
+        <spotbugs home="${env.SPOTBUGS_HOME}"
+                  output="html"
+                  outputFile="${reports.dir}/spotbugs.html"
+                  effort="max"
+                  reportLevel="medium"
+                  excludeFilter="spotbugs-exclude.xml"
+                  failOnError="false">
+            <sourcePath path="${src.dir}"/>
+            <class location="${lib.dir}/wolfcrypt-jni.jar"/>
+        </spotbugs>
+        <echo message="SpotBugs report: ${reports.dir}/spotbugs.html"/>
+    </target>
+
 </project>