findbugs

问题 Which maven scopes are available during report generation for a maven site? Are any available. I'm trying to share a FindBugs filter file between several modules without having it end up in any of the application jars. I was thinking of putting in a commons project, which will package it in a separate jar with a classifier of "build-tools" with any other such files we might have. Any projects that need it will import the project with the classifier. 回答1: With the checkstyle plugin, the trick

问题 We have Findbugs configured to run on our Jenkins via Maven. Among other things it complains about SE_BAD_FIELD on the following code line: private boolean logged = false; The description of this bug says Se: Non-transient non-serializable instance field in serializable class (SE_BAD_FIELD) This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject

问题 I downloaded and installed UMD's FindBugs 3.0 in /usr/local/share/findbugs-3.0 : $ ls /usr/local/share/findbugs-3.0/ FindBugs.jar I have a little script to run it: $ cat ./findbugs FINDBUGS_HOME=/usr/local/share/findbugs-3.0 java -jar $FINDBUGS_HOME/FindBugs.jar $* Running the script results in: $ ./findbugs Error: Could not find or load main class edu.umd.cs.findbugs.bluej.FindBugsExtension Dumping the JAR : $ jar tf /usr/local/share/findbugs-3.0/FindBugs.jar | grep "edu/umd/cs/findbugs

问题 1. Regarding PMD: 1.1 How do I set the PMD checks, to ignore some of them, like "Variable name is too short, or too long", "Remove empty constructor, etc" - and if I do that, another warning appears that says the class must have some static methods. Basically, the class was empty, for later development, and I like to leave it that way for now. 1.2 Is it necesarry to follow this warning advice? A class which only has private constructors should be final 1.3 What is that supposed to mean? The

问题 I even refered : Sonar Violation: Security - Array is stored directly My code is as ---> public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList) // Security - Array is stored directly //The user-supplied array 'selectedObjectsList' is stored directly. { if (selectedObjectsList != null) { this.selectedObjectsList = selectedObjectsList.clone(); } else { this.selectedObjectsList = null; } } This is already taking care of defensive copy wonder why sonar is yelling at me

问题 I have a class RequestFilter and @Override methods doFilterInternal. And when i add Header for response, findbugs show error HTTP parameter directly written to HTTP header output. So how can i fix this problem? Thanks all. String rqHd = request.getHeader("Access-Control-Request-Headers"); response.addHeader("Access-Control-Allow-Headers", rqHd); // findbugs error here 回答1: I think this is HRS_REQUEST_PARAMETER_TO_HTTP_HEADER error, and you can fix it like that: String rqHd = request.getHeader

问题 I am trying to integrate FindBugs in a maven project. Does anyone have a sample pom.xml generating a simple findbug HTML report in target? Is it possible to generate this report without having to run site:site ? 回答1: Check out Sonar. It's an open-source, stand-alone, web service that you "submit" your code to and it produces beautiful HTML reports on all kinds of code metrics. It also keeps a history of builds. And best of all, you don't have to modify your builds or poms! There is a maven

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 2 years ago . In Java is this nice tool called FindBugs. Is there something similar in .Net? 回答1: FxCop and StyleCop will advise on usage. For actual bugs, perhaps PEX? There was a PDC video, too. 回答2: Here is Wikipedia List and CodeRush is a nice tool to use for .NET. 回答3: Try PVS-Studio is really great, can find a lot of

问题 If I wanted to research how and where permissions [requested in the Mainfest.xml] were used in an Android app for the purposes of removing them is there an easy way of doing this? Does lint or findbugs offer some sort of support for tracking permissions used/abused in a project? 回答1: I came from the future to save your lives. Here (in the future), LINT does check for missing permissions as you can see on LINT checks. So, go to your AndroidManifest.xml and remove all tags <uses-permission>

问题 I've written quite a lot of DAO class and using the JPA criteria API and its meta model in them, like in this example: @Override public EntityA findByEntityB(EntityB entityB) { CriteriaBuilder builder = this.getCriteriaBuilder(); CriteriaQuery<EntityA> criteriaQuery = builder.createQuery(EntityA.class); Root<EntityA> root = criteriaQuery.from(EntityA.class); criteriaQuery.select(root); criteriaQuery.where(builder.and(builder.equal(root.get(EntityA_.entityB), entityB))); return this