findbugs

问题 I am trying to get sonar to work for a project with a quality profile that includes Findbugs rules. However when analyzing the project the sonar anttask chrashes with the following error: Caused by: java.io.IOException: SAX2 driver class org.apache.xerces.parsers.SAXParser not found at edu.umd.cs.findbugs.filter.Filter.<init>(Filter.java:134) at edu.umd.cs.findbugs.FindBugs.configureFilter(FindBugs.java:516) at edu.umd.cs.findbugs.FindBugs2.addFilter(FindBugs2.java:374) at org.sonar.plugins

问题 I had a nasty typo that wasted my time and my colleague's time, it was something like this: for (i = 0; i < blah; i++); // <- I had a semi-colon here, that's the bug! { // Some awesome logic here } First of all, it's very embarrassing, second thing, I should never repeat this. I'm relatively new to C. In Java, I guess I can use FindBugs to catch errors like these, what tool should I use for C code? Lint? 回答1: Yes, PC-Lint is probably the best tool available. 回答2: In addition to Lykathea's PC

问题 I am in the process of evaluating FindBugs and am trying to make use of the excludeFilter so that the tool does not process the test packages or the generated ejb stubs. I have tried the following: <FindBugsFilter> <!-- Match any test packages --> <Match> <Package name="~.*\.test"/> </Match> <Match> <Or> <Class name="~.*\.^_*"/> <Class name="~.*EJS*"/> </Or> <Bug pattern="MALICIOUS_CODE"/> </Match> The generated EJB's are still being looked at. Can someone provide some better direction on

问题 I have an android project. I want to introduce findbugs in my project as a gradle plugin. I tried to edit the project's build.gradle as below. buildscript { repositories { mavenCentral() maven { url 'https://maven.fabric.io/public' } } dependencies { classpath 'com.android.tools.build:gradle:1.0.0+' classpath 'io.fabric.tools:gradle:1.+' } } apply plugin: "java" apply plugin: "findbugs" findbugs { toolVersion = "2.0.1" sourceSets = [sourceSets.main] ignoreFailures = false reportsDir = file("

问题 I use FindBugs for static code analysis in my Android projects. The setup is the following: quality.gradle plugins.apply('findbugs') task findbugs(type: FindBugs) { ignoreFailures = false effort = 'max' reportLevel = 'high' // Report only high priority problems. classes = files("${project.projectDir}/build/intermediates/classes") source = fileTree('src/main/java') classpath = files() reports { xml.enabled = true html.enabled = false } excludeFilter = rootProject.file('quality/findbugs.xml') }

问题 I have a Java class like this: public class Foo { public static int counter = 0; public void bar(int counter) { Foo.counter = counter; } } FindBugs warns me about writing to the static field counter via the instance method bar . However, if I change the code to: public class Foo { public static int counter = 0; public static void setCounter(int counter) { Foo.counter = counter; } public void bar(int counter) { setCounter(counter); } } Then FindBugs won't complain. Isn't that wrong? I'm still

问题 i like to configure Findsbug-Filter to ignore some priority 2 and 3 warnings. Something like this. <?xml version="1.0"?> <FindBugsFilters> <Match> <Bug pattern="SBSC_USE_STRINGBUFFER_CONCATENATION,*some more pattern*" /> <OR> <Priority value="2" /> <Priority value="3" /> </OR> </Match> </FindBugsFilter> But this Filter did not work. Do you know the correct configuration? thanks alot. 回答1: Each Match is something to filter out. Try splitting the filter in two matches: <?xml version="1.0"?>

问题 I'm trying to invoke FindBugs from inside Ant. In order to control the amount of memory available to FindBugs, I've chosen not to use the ant-task. The problem I have now is that I want to pass a number of jars on the command-line to FindBugs: java -jar .../findbugs.jar foo.jar bar.jar fie.jar However, since these jars actually are Eclipse plugins, I don't know the exact name of the jars so I need a way to use a wildcard to obtain the list. This is what I've come up with: <target name=

问题 In our code we usually use the following pattern: Connection conn; try{ conn = getConnection(); //Do databasey stuff }catch(Exceptions that get thrown){ }finally{ try{ conn.close(); }catch(SQLException ex){ logger.error("Failed to cleanup database connection",ex); } } However findbugs doesn't like this. Since conn.close() can throw an exception then the connection isn't guaranteed to be closed. Is findbugs being too pedantic or is there a better way to close database connections. Edit: Added

问题 I ran FindBugs on my Eclipse project and got a potential bug warning that I would like to suppress for a specific reason (outside the context of this question). Here's the code: public class LogItem { private String name; private void setName(final String nm) { name = nm; } } When you run FindBugs on this class is gives you a warning on the name = nm assignment operation, stating: Unread field: com.me.myorg.LogItem.name . So I tried adding this: private void setName(final String nm) { @edu