fix: potential finalizer attack (#702)

Signed-off-by: Todd Baert <[email protected]>

Author: toddbaert

providers/flagd/src/main/java/dev/openfeature/contrib/providers/flagd/FlagdProvider.java

@@ -22,7 +22,7 @@
  * OpenFeature provider for flagd.
  */
 @Slf4j
-@SuppressWarnings("PMD.TooManyStaticImports")
+@SuppressWarnings({"PMD.TooManyStaticImports", "checkstyle:NoFinalizer"})
 public class FlagdProvider extends EventProvider implements FeatureProvider {
     private static final String FLAGD_PROVIDER = "flagD Provider";
 
@@ -33,6 +33,10 @@ public class FlagdProvider extends EventProvider implements FeatureProvider {
 
     private EvaluationContext evaluationContext;
 
+    protected final void finalize() {
+        // DO NOT REMOVE, spotbugs: CT_CONSTRUCTOR_THROW
+    }
+
     /**
      * Create a new FlagdProvider instance with default options.
      */

providers/flagd/src/main/java/dev/openfeature/contrib/providers/flagd/resolver/process/targeting/Fractional.java

@@ -93,10 +93,15 @@ private static String distributeValue(final String hashKey, final List<FractionP
     }
 
     @Getter
+    @SuppressWarnings({"checkstyle:NoFinalizer"})
     private static class FractionProperty {
         private final String variant;
         private final int percentage;
 
+        protected final void finalize() {
+            // DO NOT REMOVE, spotbugs: CT_CONSTRUCTOR_THROW
+        }
+
         FractionProperty(final Object from) throws JsonLogicException {
             if (!(from instanceof List<?>)) {
                 throw new JsonLogicException("Property is not an array");

providers/go-feature-flag/src/main/java/dev/openfeature/contrib/providers/gofeatureflag/GoFeatureFlagProvider.java

@@ -59,6 +59,7 @@
  * GoFeatureFlagProvider is the JAVA provider implementation for the feature flag solution GO Feature Flag.
  */
 @Slf4j
+@SuppressWarnings({"checkstyle:NoFinalizer"})
 public class GoFeatureFlagProvider implements FeatureProvider {
     public static final long DEFAULT_CACHE_TTL_MS = 1000;
     public static final int DEFAULT_CACHE_CONCURRENCY_LEVEL = 1;
@@ -81,6 +82,10 @@ public class GoFeatureFlagProvider implements FeatureProvider {
     private Cache<String, ProviderEvaluation<?>> cache;
     private ProviderState state = ProviderState.NOT_READY;
 
+    protected final void finalize() {
+        // DO NOT REMOVE, spotbugs: CT_CONSTRUCTOR_THROW
+    }
+
     /**
      * Constructor of the provider.
      *

providers/go-feature-flag/src/main/java/dev/openfeature/contrib/providers/gofeatureflag/hook/DataCollectorHook.java

@@ -33,6 +33,7 @@
  * DataCollectorHook is an OpenFeature Hook in charge of sending the usage of the flag to GO Feature Flag.
  */
 @Slf4j
+@SuppressWarnings({"checkstyle:NoFinalizer"})
 public class DataCollectorHook implements Hook {
     public static final long DEFAULT_FLUSH_INTERVAL_MS = Duration.ofMinutes(1).toMillis();
     public static final int DEFAULT_MAX_PENDING_EVENTS = 10000;
@@ -45,6 +46,10 @@ public class DataCollectorHook implements Hook {
      */
     private final EventsPublisher<Event> eventsPublisher;
 
+    protected final void finalize() {
+        // DO NOT REMOVE, spotbugs: CT_CONSTRUCTOR_THROW
+    }
+
     /**
      * Constructor of the hook.
      *

providers/jsonlogic-eval-provider/src/main/java/dev/openfeature/contrib/providers/jsonlogic/FileBasedFetcher.java

@@ -19,10 +19,15 @@
         value = "PATH_TRAVERSAL_IN",
         justification = "This is expected to read files based on user input"
 )
+@SuppressWarnings({"checkstyle:NoFinalizer"})
 public class FileBasedFetcher implements RuleFetcher {
     private static final Logger log = Logger.getLogger(String.valueOf(FileBasedFetcher.class));
     private final JSONObject rules;
 
+    protected final void finalize() {
+        // DO NOT REMOVE, spotbugs: CT_CONSTRUCTOR_THROW
+    }
+
     /**
      * Create a file based fetcher give a file URI.
      * @param filename URI to a given file.