<Match>
<Bug pattern="DLS_OVERWRITTEN_INCREMENT"/>
</Match>
+ <Match>
+ <Bug pattern="AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION"/>
+ </Match>
+ <Match>
+ <Bug pattern="BX_UNBOXING_IMMEDIATELY_REBOXED"/>
+ </Match>
+ <Match>
+ <Bug pattern="CO_COMPARETO_RESULTS_MIN_VALUE"/>
+ </Match>
+ <Match>
+ <Bug pattern="DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD"/>
+ </Match>
+ <Match>
+ <Bug pattern="DMI_ARGUMENTS_WRONG_ORDER"/>
+ </Match>
+ <Match>
+ <Bug pattern="DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE"/>
+ </Match>
+ <Match>
+ <Bug pattern="DMI_DOH"/>
+ </Match>
+ <Match>
+ <Bug pattern="DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS"/>
+ </Match>
+ <Match>
+ <Bug pattern="DM_DEFAULT_ENCODING"/>
+ </Match>
+ <Match>
+ <Bug pattern="ICAST_INT_2_LONG_AS_INSTANT"/>
+ </Match>
+ <Match>
+ <Bug pattern="INT_BAD_COMPARISON_WITH_INT_VALUE"/>
+ </Match>
+ <Match>
+ <Bug pattern="JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT"/>
+ </Match>
+ <Match>
+ <Bug pattern="NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"/>
+ </Match>
+ <Match>
+ <Bug pattern="OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE"/>
+ </Match>
+ <Match>
+ <Bug pattern="PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS"/>
+ </Match>
+ <Match>
+ <Bug pattern="RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE"/>
+ </Match>
+ <Match>
+ <Bug pattern="RV_NEGATING_RESULT_OF_COMPARETO"/>
+ </Match>
+ <Match>
+ <Bug pattern="RV_RETURN_VALUE_IGNORED_INFERRED"/>
+ </Match>
+ <Match>
+ <Bug pattern="SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD"/>
+ </Match>
+ <Match>
+ <Bug pattern="URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD"/>
+ </Match>
+ <Match>
+ <Bug pattern="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"/>
+ </Match>
+ <Match>
+ <Bug pattern="UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"/>
+ </Match>
+ <Match>
+ <Bug pattern="VA_FORMAT_STRING_USES_NEWLINE"/>
+ </Match>
+ <Match>
+ <Bug pattern="VO_VOLATILE_INCREMENT"/>
+ </Match>
</FindBugsFilter>
\ No newline at end of file
<configKey><![CDATA[LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE]]></configKey>
</rule>
+
+ <rule key="AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Sequence of calls to concurrent abstraction may not be atomic]]></name>
+ <configKey><![CDATA[AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION]]></configKey>
+
+ </rule>
+
+ <rule key="BX_UNBOXING_IMMEDIATELY_REBOXED">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Boxed value is unboxed and then immediately reboxed]]></name>
+ <configKey><![CDATA[BX_UNBOXING_IMMEDIATELY_REBOXED]]></configKey>
+
+ </rule>
+
+ <rule key="CO_COMPARETO_RESULTS_MIN_VALUE">
+ <priority>MAJOR</priority>
+ <name><![CDATA[compareTo()/compare() returns Integer.MIN_VALUE]]></name>
+ <configKey><![CDATA[CO_COMPARETO_RESULTS_MIN_VALUE]]></configKey>
+
+ </rule>
+
+ <rule key="DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Dead store to local variable that shadows field]]></name>
+ <configKey><![CDATA[DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD]]></configKey>
+
+ </rule>
+
+ <rule key="DMI_ARGUMENTS_WRONG_ORDER">
+ <priority>MINOR</priority>
+ <name><![CDATA[Reversed method arguments]]></name>
+ <configKey><![CDATA[DMI_ARGUMENTS_WRONG_ORDER]]></configKey>
+
+ </rule>
+
+ <rule key="DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE">
+ <priority>MAJOR</priority>
+ <name><![CDATA[BigDecimal constructed from double that isn't represented precisely]]></name>
+ <configKey><![CDATA[DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE]]></configKey>
+
+ </rule>
+
+ <rule key="DMI_DOH">
+ <priority>MAJOR</priority>
+ <name><![CDATA[D'oh! A nonsensical method invocation]]></name>
+ <configKey><![CDATA[DMI_DOH]]></configKey>
+
+ </rule>
+
+ <rule key="DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Adding elements of an entry set may fail due to reuse of Entry objects]]></name>
+ <configKey><![CDATA[DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS]]></configKey>
+
+ </rule>
+
+ <rule key="DM_DEFAULT_ENCODING">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Reliance on default encoding]]></name>
+ <configKey><![CDATA[DM_DEFAULT_ENCODING]]></configKey>
+
+ </rule>
+
+ <rule key="ICAST_INT_2_LONG_AS_INSTANT">
+ <priority>MAJOR</priority>
+ <name><![CDATA[int value converted to long and used as absolute time]]></name>
+ <configKey><![CDATA[ICAST_INT_2_LONG_AS_INSTANT]]></configKey>
+
+ </rule>
+
+ <rule key="INT_BAD_COMPARISON_WITH_INT_VALUE">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Bad comparison of int value with long constant]]></name>
+ <configKey><![CDATA[INT_BAD_COMPARISON_WITH_INT_VALUE]]></configKey>
+
+ </rule>
+
+ <rule key="JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Using monitor style wait methods on util.concurrent abstraction]]></name>
+ <configKey><![CDATA[JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT]]></configKey>
+
+ </rule>
+
+ <rule key="NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Read of unwritten public or protected field]]></name>
+ <configKey><![CDATA[NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD]]></configKey>
+
+ </rule>
+
+ <rule key="OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE">
+ <priority>CRITICAL</priority>
+ <name><![CDATA[Method may fail to clean up stream or resource on checked exception]]></name>
+ <configKey><![CDATA[OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE]]></configKey>
+
+ </rule>
+
+ <rule key="PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Don't reuse entry objects in iterators]]></name>
+ <configKey><![CDATA[PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS]]></configKey>
+
+ </rule>
+
+ <rule key="RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Code checks for specific values returned by compareTo]]></name>
+ <configKey><![CDATA[RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE]]></configKey>
+
+ </rule>
+
+ <rule key="RV_NEGATING_RESULT_OF_COMPARETO">
+ <priority>MINOR</priority>
+ <name><![CDATA[Negating the result of compareTo()/compare()]]></name>
+ <configKey><![CDATA[RV_NEGATING_RESULT_OF_COMPARETO]]></configKey>
+
+ </rule>
+
+ <rule key="RV_RETURN_VALUE_IGNORED_INFERRED">
+ <priority>MINOR</priority>
+ <name><![CDATA[Method ignores return value, is this OK?]]></name>
+ <configKey><![CDATA[RV_RETURN_VALUE_IGNORED_INFERRED]]></configKey>
+
+ </rule>
+
+ <rule key="SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Self assignment of local rather than assignment to field]]></name>
+ <configKey><![CDATA[SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD]]></configKey>
+
+ </rule>
+
+ <rule key="URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD">
+ <priority>INFO</priority>
+ <name><![CDATA[Unread public/protected field]]></name>
+ <configKey><![CDATA[URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD]]></configKey>
+
+ </rule>
+
+ <rule key="UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD">
+ <priority>INFO</priority>
+ <name><![CDATA[Unused public or protected field]]></name>
+ <configKey><![CDATA[UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD]]></configKey>
+
+ </rule>
+
+ <rule key="UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">
+ <priority>MINOR</priority>
+ <name><![CDATA[Unwritten public or protected field]]></name>
+ <configKey><![CDATA[UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD]]></configKey>
+
+ </rule>
+
+ <rule key="VA_FORMAT_STRING_USES_NEWLINE">
+ <priority>MAJOR</priority>
+ <name><![CDATA[Format string should use %n rather than \n]]></name>
+ <configKey><![CDATA[VA_FORMAT_STRING_USES_NEWLINE]]></configKey>
+
+ </rule>
+
+ <rule key="VO_VOLATILE_INCREMENT">
+ <priority>CRITICAL</priority>
+ <name><![CDATA[An increment to a volatile field isn't atomic]]></name>
+ <configKey><![CDATA[VO_VOLATILE_INCREMENT]]></configKey>
+
+ </rule>
</rules>
*/
package org.sonar.plugins.findbugs;
-import static org.hamcrest.core.Is.is;
-import static org.hamcrest.number.OrderingComparisons.greaterThan;
-import static org.junit.Assert.assertThat;
-
import org.junit.Test;
import org.sonar.api.profiles.RulesProfile;
import org.sonar.api.utils.ValidationMessages;
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertThat;
+
public class SonarWayWithFindbugsProfileTest {
@Test
SonarWayWithFindbugsProfile sonarWayWithFindbugs = new SonarWayWithFindbugsProfile(importer);
ValidationMessages validation = ValidationMessages.create();
RulesProfile profile = sonarWayWithFindbugs.createProfile(validation);
- assertThat(profile.getActiveRulesByRepository(FindbugsConstants.REPOSITORY_KEY).size(), greaterThan(300));
+ assertThat(profile.getActiveRulesByRepository(FindbugsConstants.REPOSITORY_KEY).size(), is(399));
assertThat(validation.hasErrors(), is(false));
}
}
rule.findbugs.MS_MUTABLE_ARRAY.name=Malicious code vulnerability - Field is a mutable array
rule.findbugs.SE_INNER_CLASS.name=Bad practice - Serializable inner class
rule.findbugs.OS_OPEN_STREAM_EXCEPTION_PATH.name=Bad practice - Method may fail to close stream on exception
+rule.findbugs.AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION.name=Sequence of calls to concurrent abstraction may not be atomic
+rule.findbugs.BX_UNBOXING_IMMEDIATELY_REBOXED.name=Boxed value is unboxed and then immediately reboxed
+rule.findbugs.CO_COMPARETO_RESULTS_MIN_VALUE.name=compareTo()/compare() returns Integer.MIN_VALUE
+rule.findbugs.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD.name=Dead store to local variable that shadows field
+rule.findbugs.DMI_ARGUMENTS_WRONG_ORDER.name=Reversed method arguments
+rule.findbugs.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE.name=BigDecimal constructed from double that isn't represented precisely
+rule.findbugs.DMI_DOH.name=D'oh! A nonsensical method invocation
+rule.findbugs.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS.name=Adding elements of an entry set may fail due to reuse of Entry objects
+rule.findbugs.DM_DEFAULT_ENCODING.name=Reliance on default encoding
+rule.findbugs.ICAST_INT_2_LONG_AS_INSTANT.name=int value converted to long and used as absolute time
+rule.findbugs.INT_BAD_COMPARISON_WITH_INT_VALUE.name=Bad comparison of int value with long constant
+rule.findbugs.JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT.name=Using monitor style wait methods on util.concurrent abstraction
+rule.findbugs.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD.name=Read of unwritten public or protected field
+rule.findbugs.OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE.name=Method may fail to clean up stream or resource on checked exception
+rule.findbugs.PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS.name=Don't reuse entry objects in iterators
+rule.findbugs.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE.name=Code checks for specific values returned by compareTo
+rule.findbugs.RV_NEGATING_RESULT_OF_COMPARETO.name=Negating the result of compareTo()/compare()
+rule.findbugs.RV_RETURN_VALUE_IGNORED_INFERRED.name=Method ignores return value, is this OK?
+rule.findbugs.SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD.name=Self assignment of local rather than assignment to field
+rule.findbugs.URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD.name=Unread public/protected field
+rule.findbugs.UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD.name=Unused public or protected field
+rule.findbugs.UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD.name=Unwritten public or protected field
+rule.findbugs.VA_FORMAT_STRING_USES_NEWLINE.name=Format string should use %n rather than \n
+rule.findbugs.VO_VOLATILE_INCREMENT.name=An increment to a volatile field isn't atomic
--- /dev/null
+<p>This code contains a sequence of calls to a concurrent abstraction (such as a concurrent hash map). These calls will not be executed atomically.</p>
\ No newline at end of file
--- /dev/null
+<p>A boxed value is unboxed and then immediately reboxed.</p>
\ No newline at end of file
--- /dev/null
+<p>In some situation, this compareTo or compare method returns the constant Integer.MIN_VALUE,
+which is an exceptionally bad practice. The only thing that matters about the return value of
+compareTo is the sign of the result. But people will sometimes negate the return value of compareTo,
+expecting that this will negate the sign of the result. And it will, except in the case where
+the value returned is Integer.MIN_VALUE. So just return -1 rather than Integer.MIN_VALUE.</p>
\ No newline at end of file
--- /dev/null
+<p>This instruction assigns a value to a local variable, but the value is not read or used in
+any subsequent instruction. Often, this indicates an error, because the value computed is never
+used. There is a field with the same name as the local variable. Did you mean to assign to that
+variable instead?</p>
\ No newline at end of file
--- /dev/null
+<p>The arguments to this method call seem to be in the wrong order. For example, a call
+<code>Preconditions.checkNotNull("message", message)</code> has reserved arguments: the value
+to be checked is the first argument.</p>
\ No newline at end of file
--- /dev/null
+<p>This code creates a BigDecimal from a double value that doesn't translate well to a decimal number. For example,
+one might assume that writing <code>new BigDecimal(0.1)</code> in Java creates a BigDecimal which is exactly equal to 0.1
+(an unscaled value of 1, with a scale of 1), but it is actually equal to 0.1000000000000000055511151231257827021181583404541015625.
+You probably want to use the <code>BigDecimal.valueOf(double d)</code> method, which uses the String representation of the double to
+create the BigDecimal (e.g., <code>BigDecimal.valueOf(0.1)</code> gives 0.1).</p>
\ No newline at end of file
--- /dev/null
+<p>This partical method invocation doesn't make sense, for reasons that should be apparent from inspection.</p>
\ No newline at end of file
--- /dev/null
+<p>The entrySet() method is allowed to return a view of the underlying Map in which a single Entry
+ object is reused and returned during the iteration. As of Java 1.6, both IdentityHashMap and EnumMap
+ did so. When iterating through such a Map, the Entry value is only valid until you advance to the
+ next iteration. If, for example, you try to pass such an entrySet to an addAll method, things will
+ go badly wrong.</p>
\ No newline at end of file
--- /dev/null
+<p>Found a call to a method which will perform a byte to String (or String to byte) conversion,
+and will assume that the default platform encoding is suitable. This will cause the application
+behaviour to vary between platforms. Use an alternative API and specify a charset name or
+Charset object explicitly.</p>
\ No newline at end of file
--- /dev/null
+<p>This code converts a 32-bit int value to a 64-bit long value, and then passes that value for a
+method parameter that requires an absolute time value. An absolute time value is the number of
+milliseconds since the standard base time known as "the epoch", namely January 1, 1970, 00:00:00 GMT.
+For example, the following method, intended to convert seconds since the epoc into a Date, is badly broken:
+<pre>
+Date getDate(int seconds) { return new Date(seconds * 1000); }
+</pre>
+</p>
+<p>The multiplication is done using 32-bit arithmetic, and then converted to a 64-bit value. When a 32-bit
+value is converted to 64-bits and used to express an absolute time value, only dates in December 1969 and
+January 1970 can be represented.</p>
+<p>Correct implementations for the above method are:
+<pre>
+// Fails for dates after 2037
+Date getDate(int seconds) { return new Date(seconds * 1000L); }
+
+// better, works for all dates
+Date getDate(long seconds) { return new Date(seconds * 1000); }
+</pre>
+</p>
\ No newline at end of file
--- /dev/null
+<p>This code compares an int value with a long constant that is outside the range of values that can
+ be represented as an int value. This comparison is vacuous and possibily to be incorrect.</p>
\ No newline at end of file
--- /dev/null
+<p>This method calls <code>wait()</code>, <code>notify()</code> or <code>notifyAll()</code> on an object that also
+provides an <code>await()</code>, <code>signal()</code>, <code>signalAll()</code> method (such as util.concurrent
+Condition objects). This probably isn't what you want, and even if you do want it, you should consider changing your
+design, as other developers will find it exceptionally confusing.</p>
\ No newline at end of file
--- /dev/null
+<p>The program is dereferencing a public or protected field that does not seem to ever have a non-null
+ value written to it. Unless the field is initialized via some mechanism not seen by the analysis,
+ dereferencing this value will generate a null pointer exception.</p>
\ No newline at end of file
--- /dev/null
+<p>This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an
+explicit cleanup operation.<br/>In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure
+that the stream or resource is cleaned up before the method returns.<p/>
+<p>This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different
+(and hopefully better) static analysis technique. See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes, for a
+description of the analysis technique. .</p>
\ No newline at end of file
--- /dev/null
+<p>The entrySet() method is allowed to return a view of the underlying Map in which an <code>Iterator</code>
+and <code>Map.Entry</code>. This clever idea was used in several Map implementations, but introduces the possibility of
+ nasty coding mistakes. If a map m returns such an iterator for an entrySet, then <code>c.addAll(m.entrySet())</code> will
+ go badly wrong. All of the Map implementations in OpenJDK 1.7 have been rewritten to avoid this, you should to.</p>
\ No newline at end of file
--- /dev/null
+<p>This code invoked a compareTo or compare method, and checks to see if the return value is a specific
+value, such as 1 or -1. When invoking these methods, you should only check the sign of the result, not
+for any specific non-zero value. While many or most compareTo and compare methods only return -1, 0 or 1,
+some of them will return other values.</p>
\ No newline at end of file
--- /dev/null
+<p>This code negatives the return value of a compareTo or compare method. This is a questionable or bad
+programming practice, since if the return value is Integer.MIN_VALUE, negating the return value won't
+negate the sign of the result. You can achieve the same intended result by reversing the order of the
+operands rather than by negating the results.</p>
\ No newline at end of file
--- /dev/null
+<p>This code calls a method and ignores the return value. The return value is the same type as the type the
+method is invoked on, and from our analysis it looks like the return value might be important (e.g., like
+ignoring the return value of <code>String.toLowerCase()</code>).
+</p>
+<p>We are guessing that ignoring the return value might be a bad idea just from a simple analysis of the
+body of the method. You can use a <code>@CheckReturnValue</code> annotation to instruct FindBugs as to whether
+ignoring the return value of this method is important or acceptable.<p>
+<p>Please investigate this closely to decide whether it is OK to ignore the return value. </p>
\ No newline at end of file
--- /dev/null
+<p>This method contains a self assignment of a local variable, and there is a field with an identical name.
+Assignment appears to have been ; e.g.
+<pre>
+ int foo;
+ public void setFoo(int foo) {
+ foo = foo;
+ }
+</pre>
+The assignment is useless. Did you mean to assign to the field instead?</p>
\ No newline at end of file
--- /dev/null
+<p>This field is never read. The field is public or protected, so perhaps it is intended to be
+used with classes not seen as part of the analysis. If not, consider removing it from the class.</p>
\ No newline at end of file
--- /dev/null
+<p>This field is never used. The field is public or protected, so perhaps it is intended to be used
+with classes not seen as part of the analysis. If not, consider removing it from the class.</p>
\ No newline at end of file
--- /dev/null
+<p>No writes were seen to this public/protected field. All reads of it will return the default value.
+Check for errors (should it have been initialized?), or remove it if it is useless.</p>
\ No newline at end of file
--- /dev/null
+<p>This format string include a newline character (\n). In format strings, it is generally preferable
+better to use %n, which will produce the platform-specific line separator.</p>
\ No newline at end of file
--- /dev/null
+<p>This code increments a volatile field. Increments of volatile fields aren't atomic. If more
+than one thread is incrementing the field at the same time, increments could be lost. </p>
\ No newline at end of file
projects / sonarqube.git / commitdiff