SONAR-3699 Upgrade to FindBugs 2.0.1

New rules: * PT_ABSOLUTE_PATH_TRAVERSAL * PT_RELATIVE_PATH_TRAVERSAL * NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR * MS_SHOULD_BE_REFACTORED_TO_BE_FINAL * BC_UNCONFIRMED_CAST_OF_RETURN_VALUE * TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS
author: Evgeny Mandrikov <mandrikov@gmail.com> 2012-08-07 23:15:07 +0600
committer: Evgeny Mandrikov <mandrikov@gmail.com> 2012-08-07 23:47:11 +0600
commit: 2ef978c162f11c5cee5944327568b69bbdea1142 (patch)
tree: ef0eb01c5965368d7fc7ae239a2de39c8ed6aac7 /plugins/sonar-findbugs-plugin
parent: 0675dcef54a8ec3191cbc1fec9b7366dd1f4d54b (diff)
download: sonarqube-2ef978c162f11c5cee5944327568b69bbdea1142.tar.gz
sonarqube-2ef978c162f11c5cee5944327568b69bbdea1142.zip
5 files changed, 66 insertions, 5 deletions
diff --git a/plugins/sonar-findbugs-plugin/pom.xml b/plugins/sonar-findbugs-plugin/pom.xml
index c66633c4e51..0cd10099d69 100644
--- a/plugins/sonar-findbugs-plugin/pom.xml
+++ b/plugins/sonar-findbugs-plugin/pom.xml
@@ -14,7 +14,7 @@
   <description>FindBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.</description>
 
   <properties>
-    <findbugs.version>2.0.0</findbugs.version>
+    <findbugs.version>2.0.1</findbugs.version>
   </properties>
 
   <dependencies>
diff --git a/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/profile-sonar-way-findbugs.xml b/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/profile-sonar-way-findbugs.xml
index 1fc95f1a2ec..8fa5a2696f9 100644
--- a/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/profile-sonar-way-findbugs.xml
+++ b/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/profile-sonar-way-findbugs.xml
@@ -1198,4 +1198,22 @@
   <Match>
     <Bug pattern="VO_VOLATILE_INCREMENT"/>
   </Match>
-</FindBugsFilter>
-\ No newline at end of file
+  <Match>
+    <Bug pattern="PT_ABSOLUTE_PATH_TRAVERSAL"/>
+  </Match>
+  <Match>
+    <Bug pattern="PT_RELATIVE_PATH_TRAVERSAL"/>
+  </Match>
+  <Match>
+    <Bug pattern="NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"/>
+  </Match>
+  <Match>
+    <Bug pattern="MS_SHOULD_BE_REFACTORED_TO_BE_FINAL"/>
+  </Match>
+  <Match>
+    <Bug pattern="BC_UNCONFIRMED_CAST_OF_RETURN_VALUE"/>
+  </Match>
+  <Match>
+    <Bug pattern="TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS"/>
+  </Match>
+</FindBugsFilter>
diff --git a/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/rules.xml b/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/rules.xml
index 44df2180ea9..ddb0a82bbb1 100644
--- a/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/rules.xml
+++ b/plugins/sonar-findbugs-plugin/src/main/resources/org/sonar/plugins/findbugs/rules.xml
@@ -2919,4 +2919,47 @@
     <configKey><![CDATA[VO_VOLATILE_INCREMENT]]></configKey>
 
   </rule>
+
+  <rule key="PT_ABSOLUTE_PATH_TRAVERSAL">
+    <priority>MAJOR</priority>
+    <name><![CDATA[Absolute path traversal in servlet]]></name>
+    <configKey><![CDATA[PT_ABSOLUTE_PATH_TRAVERSAL]]></configKey>
+
+  </rule>
+
+  <rule key="PT_RELATIVE_PATH_TRAVERSAL">
+    <priority>MAJOR</priority>
+    <name><![CDATA[Relative path traversal in servlet]]></name>
+    <configKey><![CDATA[PT_RELATIVE_PATH_TRAVERSAL]]></configKey>
+
+  </rule>
+
+  <rule key="NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">
+    <priority>CRITICAL</priority>
+    <name><![CDATA[Nonnull field is not initialized]]></name>
+    <configKey><![CDATA[NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR]]></configKey>
+
+  </rule>
+
+  <rule key="MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">
+    <priority>MAJOR</priority>
+    <name><![CDATA[Field isn't final but should be refactored to be so]]></name>
+    <configKey><![CDATA[MS_SHOULD_BE_REFACTORED_TO_BE_FINAL]]></configKey>
+
+  </rule>
+
+  <rule key="BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">
+    <priority>CRITICAL</priority>
+    <name><![CDATA[Unchecked/unconfirmed cast of return value from method]]></name>
+    <configKey><![CDATA[BC_UNCONFIRMED_CAST_OF_RETURN_VALUE]]></configKey>
+
+  </rule>
+
+  <rule key="TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">
+    <priority>MAJOR</priority>
+    <name><![CDATA[Comparing values with incompatible type qualifiers]]></name>
+    <configKey><![CDATA[TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS]]></configKey>
+
+  </rule>
+
 </rules>
diff --git a/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/FindbugsProfileImporterTest.java b/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/FindbugsProfileImporterTest.java
index 23251154ab4..6920e086a23 100644
--- a/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/FindbugsProfileImporterTest.java
+++ b/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/FindbugsProfileImporterTest.java
@@ -57,7 +57,7 @@ public class FindbugsProfileImporterTest {
     RulesProfile profile = importer.importProfile(new InputStreamReader(input), ValidationMessages.create());
     List<ActiveRule> results = profile.getActiveRules();
 
-    assertThat(results).hasSize(18);
+    assertThat(results).hasSize(19);
     assertThat(profile.getActiveRule(FindbugsConstants.REPOSITORY_KEY, "EC_INCOMPATIBLE_ARRAY_COMPARE")).isNotNull();
     assertThat(profile.getActiveRule(FindbugsConstants.REPOSITORY_KEY, "BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY")).isNotNull();
   }
@@ -135,7 +135,7 @@ public class FindbugsProfileImporterTest {
     RulesProfile profile = importer.importProfile(new StringReader(uncorrectFindbugsXml), messages);
     List<ActiveRule> results = profile.getActiveRules();
 
-    assertThat(results).hasSize(9);
+    assertThat(results).hasSize(10);
     assertThat(messages.getWarnings()).hasSize(1);
   }
 }
diff --git a/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/SonarWayWithFindbugsProfileTest.java b/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/SonarWayWithFindbugsProfileTest.java
index 6b516576fbb..63bbcae1dc0 100644
--- a/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/SonarWayWithFindbugsProfileTest.java
+++ b/plugins/sonar-findbugs-plugin/src/test/java/org/sonar/plugins/findbugs/SonarWayWithFindbugsProfileTest.java
@@ -33,7 +33,7 @@ public class SonarWayWithFindbugsProfileTest {
     SonarWayWithFindbugsProfile sonarWayWithFindbugs = new SonarWayWithFindbugsProfile(importer);
     ValidationMessages validation = ValidationMessages.create();
     RulesProfile profile = sonarWayWithFindbugs.createProfile(validation);
-    assertThat(profile.getActiveRulesByRepository(FindbugsConstants.REPOSITORY_KEY)).hasSize(399);
+    assertThat(profile.getActiveRulesByRepository(FindbugsConstants.REPOSITORY_KEY)).hasSize(405);
     assertThat(validation.hasErrors()).isFalse();
   }
author	Evgeny Mandrikov <mandrikov@gmail.com>	2012-08-07 23:15:07 +0600
committer	Evgeny Mandrikov <mandrikov@gmail.com>	2012-08-07 23:47:11 +0600
commit	2ef978c162f11c5cee5944327568b69bbdea1142 (patch)
tree	ef0eb01c5965368d7fc7ae239a2de39c8ed6aac7 /plugins/sonar-findbugs-plugin
parent	0675dcef54a8ec3191cbc1fec9b7366dd1f4d54b (diff)
download	sonarqube-2ef978c162f11c5cee5944327568b69bbdea1142.tar.gz sonarqube-2ef978c162f11c5cee5944327568b69bbdea1142.zip