1)NP_ALWAYS_NULL: Null pointer dereference
A null pointer is dereferenced here. This will lead to a NullPointerException when the code is executed.
解释:有一条语句的分支,如果执行该分支,则将引用空值,这将在执行代码时生成NullPointerException。当然,可能出该分支或语句不可行,并且永远不会造成空指针异常。认为这超出了FindBugs的能力。
错误代码:
public static String testl(String str) {
if(str!=null){
return "";
}
// doSomething
}
2)RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE: Nullcheck of value previously dereferenced
A value is checked here to see whether it is null, but this value can’t be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
解释:这里会检查一个值是否为空,但是这个值不能为空,因为它之前已经被引用,如果它是空的,那么空指针异常会在之前的取消引用时发生。本质上,对于是否允许该值为null,此代码和前面的取消引用不一致。要么检查是多余的,要么前面的引用是错误的。
错误代码:
myView.setVisibility(View.VISIBLE);
if (null == banner) {
// doSomething
}
3)DM_DEFAULT_ENCODING: Reliance on default encoding
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
解释:找到一个方法的调用,该方法将执行一个字节到字符串(或字符串到字节)的转换,并假设默认的平台编码是合适的。这将导致不同平台之间的应用程序行为不同。使用替代API并显式指定charset名称或charset对象。
错误代码:
// example 1
MessageDigest mdTemp = MessageDigest.getInstance("MD5");
mdTemp.update(string.getBytes());
// example 2
private OutputStream outStream = null;
outStream.write(str.getBytes());
// example 3
String string = new String(bytes);
修改:
// example 1
MessageDigest mdTemp = MessageDigest.getInstance("MD5");
mdTemp.update(string.getBytes(Charset.forName("UTF-8")));
// example 2
private OutputStream outStream = null;
outStream.write(str.getBytes(StandardCharsets.UTF_8));
// example 3
String string = new String(bytes, StandardCharsets.UTF_8);
注:Charset.forName(“UTF-8”) 与 StandardCharsets.UTF_8都可以,第二个要求minAPI 19
4)MS_SHOULD_BE_FINAL: Field isn’t final but should be
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
解释:这个静态字段是公共的,但不是final的,可能被恶意代码或意外地从另一个包中更改。
5)DM_BOXED_PRIMITIVE_FOR_PARSING: Boxing/unboxing to parse a primitive
A boxed primitive is created from a String, just to extract the unboxed primitive value. It is more efficient to just call the static parseXXX method.
学习:Integer.parseInt(s)与Integer.valueOf(s)的区别详解
6)ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
解释:此实例方法写入静态字段。如果操作了多个实例,则很难纠正这种错误,而且通常是不好的实践。
即一个静态变量在普通方法中被赋值,可能多次更改达到不想得到的结果。
7)UC_USELESS_VOID_METHOD: Useless non-empty void method
Our analysis shows that this non-empty void method does not actually perform any useful work. Please check it: probably there’s a mistake in its code or its body can be fully removed.
We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong. Common false-positive cases include:
/ - The method is intended to trigger loading of some class which may have a side effect.
/ - The method is intended to implicitly throw some obscure exception.
解释:我们的分析表明,这个非空void方法实际上没有执行任何有用的工作。请检查:可能是它的代码有错误,或者它的主体可以被完全删除。
我们试图尽可能地减少误报,但在某些情况下,这个警告可能是错误的。常见的假阳性病例包括:
-该方法旨在触发加载某些类,可能有副作用。
-该方法的目的是隐式抛出一些模糊的异常。
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
