findbugs

FindBugs raises a bug called EI_EXPOSE_REP with the following description : EI: May expose internal representation by returning reference to mutable object Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations. Several questions on SO ( 1 , 2 and 3 ) have

i am new to sonar. i am running sonar from Jenkins with sonar pulgin. When i am running from jenkins i am getting out of memory exception at findbugs below is the error: Out of memory Total memory: 1037M free memory: 30M Analyzed: D:\Victor\autocreated\webapp\WEB-INF\classes Aux: C:\DOCUME~1\NADBHA~1\LOCALS~1\Temp\findbugs4165854405681394173.jar Aux: C:\DOCUME~1\NADBHA~1\LOCALS~1\Temp\findbugs4688505485649811865.jar Total time: 2:04:49.155s Final Memory: 358M/989M Exception in thread "main" org.sonar.batch.bootstrapper.BootstrapException: org.sonar.api.utils.SonarException: Can not execute

Is it possible to detect unused methods in a source tree using FindBugs? I see some posts on SO where users are claiming to do that, some others asking how to do this in FB and others where they claim FB cannot do this. Does anyone know for sure how this is done? I am only interested in methods that are not explicitly called from elsewhere, I don't care about reflection. as a member of the FindBugs team I can tell you that unfortunately FindBugs does not do this. If you search through the bug patterns on our website, the only mentions of "unused" detectors is for unused fields . I have a

I have the simple code below for testing the FindBugs @NonNull annotation with Maven. I execute mvn clean install And it correctly fails to build because print(null) violates the non-null condition. You can set NonNull as default for all method parameters inside a class using the class annotation @DefaultAnnotation(NonNull.class) How can I set NonNull as default for all method parameters inside all classes under a given package (and sub-packages)? src/main/java/test/Hello.java package test; import edu.umd.cs.findbugs.annotations.NonNull; public class Hello { static public void print(@NonNull

I was looking through a Findbugs report on my code base and one of the patterns that was triggered was for an empty synchronzied block (i.e. synchronized (var) {} ). The documentation says : Empty synchronized blocks are far more subtle and hard to use correctly than most people recognize, and empty synchronized blocks are almost never a better solution than less contrived solutions. In my case it occurred because the contents of the block had been commented out, but the synchronized statement was still there. In what situations could an empty synchronized block achieve correct threading

I have an inner class in my Java class. When I run find bugs , it recommends(warns) to make it as static. What's the point of this warning? What's the advantage of making a inner class as static? If the nested class does not access any of the variables of the enclosing class, it can be made static. The advantage of this is that you do not need an enclosing instance of the outer class to use the nested class. An inner class, by default, has an implicit reference to an object of the outer class. If you instantiate an object of this from the code of the outer class, this is all done for you. If

@Data的主要问题，应该是equals()方法，hashCode()方法等的重写问题。 这里，推荐阅读以下，这几篇博客，有助于我们的理解： lombok注解@Data使用在继承类上时出现警告 继承关系中子类使用@Data注解问题 FindBugs引出的Lombok @Data注解使用的问题 来源： oschina 链接： https://my.oschina.net/u/220449/blog/3030183