findbugs | 易学教程

Getting rid of NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE?

阅读更多关于 Getting rid of NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE?

问题 I'm getting NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE in this snippet final Integer id = Ints.tryParse(idString); FailReason.NO_SUCH_THING.checkCondition(id!=null); something.setId(id.intValue()); Here, checkCondition works just like Preconditions.checkArgument except for it throws my own exception. Throwing NPE or IAE is not appropriate here, as it's checking an external input rather than a programming error. FindBugs complains that "The return value from a method is dereferenced without a null

How to Fix FindBug error 'May expose internal representation by incorporating reference to mutable object' while setting Array of Objects? [duplicate]

阅读更多关于 How to Fix FindBug error 'May expose internal representation by incorporating reference to mutable object' while setting Array of Objects? [duplicate]

问题 This question already has answers here : Malicious code vulnerability - May expose internal representation by incorporating reference to mutable object (8 answers) Closed last year . I have a method which takes an Array of object as input and stores it in an instance variable. Here is the code that does it but, FindBugs reports it an error saying "May expose internal representation by incorporating reference to mutable object". public final class HelloWorld { public final Hello objs[]; public

How do I turn off findbugs “Redundant nullcheck” in maven?

阅读更多关于 How do I turn off findbugs “Redundant nullcheck” in maven?

问题 I can't find the name of the detector that reports the "Redundant nullcheck" (RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE) anyone who knows which it is? Googling just gives me tons of project reports... I get a lot of errors on it since I use JetBrains @NotNull annotations tool (it inserts null checks into the bytecode). <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>findbugs-maven-plugin</artifactId> <version>2.5.2</version> <configuration> <omitVisitors>???WhatIsTheDetectorsName???<

How do I turn off findbugs “Redundant nullcheck” in maven?

阅读更多关于 How do I turn off findbugs “Redundant nullcheck” in maven?

Where to find FindBugs Eclipse plugin compatible with Java 1.6 [closed]

阅读更多关于 Where to find FindBugs Eclipse plugin compatible with Java 1.6 [closed]

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 2 years ago . I am not able to upgrade Java to 1.7 but would like to make use of FindBugs plugin for Eclipse (the latest version 3 requires Java 1.7). There doesn't seem to be an old version of the plugin available, anyone any idea where I could obtain it from? 回答1: Take a look at the FindBugs Download site on SourceForge,

How to run findbug on the test code

阅读更多关于 How to run findbug on the test code

问题 I have a test only maven project. The folder structure is as follows project-root |_ src | |_ main | | |_ java | | |_ resources | |_ test | |_ java | |_ resources |_ .classpath |_ .project When I run the findbug plugin It do not pick the classes under test. Is there a way we can instrument the test code which is under test, to find bug? My maven pon has the below plugin under the reporting section <reporting> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>findbugs-maven

Best practice for updating/writing to static variable?

阅读更多关于 Best practice for updating/writing to static variable?

问题 I have a project which displays department documentation. I store all the docs (get from database) in a static arrayList. Every X hour, I have that arrayList rebuilt based on the new doc (if any) from the database. There is also a static variable to control to rebuild that array or not, set and unset in a method which does the rebuild task. Each web browser hit the server will create this class's instance, but the doc arrayList and that control variable is shared among all the class instances

Using fb-contrib library with Gradle's FindBugs plugin

阅读更多关于 Using fb-contrib library with Gradle's FindBugs plugin

问题 Is it possible to integrate the fb-contrib library with Gradle's FindBugs plugin? I've been looking around for a solution for a while but so far I haven't found anything... If it helps, here's the script I have right now. It's a work in progress but the report is generated correctly. apply plugin: "findbugs" task findbugs(type: FindBugs) { classes = fileTree(project.rootDir.absolutePath).include("**/*.class"); source = fileTree(project.rootDir.absolutePath).include("**/*.java"); classpath =

findBugs学习小结

阅读更多关于 findBugs学习小结

今天代码质量再次强调java代码提交SVN前要经过findBugs检查，虽然根据菜单我也基本会有findBugs插件，但为了更全面的学习、更高效的利用，我搜索学习了findbugs的用法。检查原理 Findbugs是一个静态分析工具，它检查类或者JAR 文件，将字节码与一组缺陷模式进行对比以发现可能的问题。Findbugs自带检测器，其中有60余种Bad practice，80余种Correctness，1种 Internationalization，12种Malicious code vulnerability，27种Multithreaded correctness，23种Performance，43种Dodgy。我们还可以自己配置检查规则(做哪些检查,不做哪些检查)，也可以自己来实现独有的校验规则(用户自定义特定的bug模式需要继承它的接口,编写自己的校验类,属于高级技巧)。　白盒测试中的静态检查一般是检查编码标准规范，错误列表。编码规范往往团队会根据自己的经验和风格进行设置一些规范。现在很多IDE工具都会在编辑代码的时候实时的提醒是否符合代码风格。错误列表，一般是代码潜在的bug，由于某种代码写法虽然没有语法错误，但是可能存在错误，比如会导致线程死锁。这些都是错误列表应该检查的。静态检查的可操作方式：　1、代码走查: 　　程序员之间可以隔一定的时间抽取代码进行走查。

用Fortify SCA分析代码漏洞

阅读更多关于用Fortify SCA分析代码漏洞

　　 hyddd原创，转载请说明。　　上次介绍了用FindBugs辅助分析代码漏洞，这次换了一个工具：Fortify SCA Demo 4.0.0。Fortify是一个在安全方面挺出名的公司，这里就不多说了。先介绍一下主角：Fortify SCA Demo 4.0.0，虽然现在不知道Fortify SCA的版本是多少，但可以肯定的是，Fortify SCA Demo 4.0.0是一个比较旧的Fortify SCA分析器了，并且还是Demo版的，所以无论是界面还是功能上都是比较简陋的。由于Fortify SCA不是开源的工具，这里就不提供下载了，大家可以上Fortify主页申请:>。　　这次演示的是用Fortify SCA静态分析Java代码，和FindBugs不同的是Fortify SCA还可以静态分析C/C++，.NET和PL/SQL等代码。一.Fortify SCA静态分析原理　　由于我不是写这个东东的人，并且接触这个工具时间也有限，所以对它的工作原理认知比较浅，很多是通过它的说明文档得来的。　　Fortify SCA静态分析分两个阶段：　　1.Translation: 　　　　把各种语言的源代码转为一种统一的中间语言代码。　　2.Analysis: 　　　　根据中间代码分析代码漏洞，并得出报告。　　Fortify有很多个语言转换器，但核心的静态分析引擎只有一套

订阅 findbugs