java uncked_使用FindBugs对SpringSide1.0m3进行分析的结果

FindBugs是看了ss 论坛上YuLimin的提示,技术活干不了,体力活我来扛FindBugs:这里有两篇介绍用法的文章:结果找到bug总数50,这里的bug,只是按照FindBugs默认定义的pattern找到的结果,不一定是真正的bug,例如DSL中有6个是因为HistoryEventListener尚未完成,造成的误报,表格后面列出了详细的位置,请大家有时间核对一下。代码详细解释数量DS...
摘要由CSDN通过智能技术生成

FindBugs是看了ss 论坛上YuLimin的提示,技术活干不了,体力活我来扛

a5b90a7b62301a05a955bddf03c70901.gif

FindBugs

这里有两篇介绍用法的文章:

结果

找到

bug

总数

50,这里的bug,只是按照FindBugs默认定义的pattern找到的结果,

不一定是真正的bug,例如

DSL中有6个是因为HistoryEventListener尚未完成,

造成的误报,表格后面列出了详细的位置,请大家有时间核对一下。

代码

详细解释

数量

DSL

Dead store to local variable

This instruction assigns a value to a local variable, but the value is not read by any

subsequent instruction. Often, this indicates an error, because the value computed is never

used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because

FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

8

DM

Method invokes System.exit(...)

Invoking System.exit shuts down the entire Java virtual machine. This should only been done

when it is appropriate. Such calls make it hard or impossible for your code to be invoked by

other code. Consider throwing a RuntimeException instead.

1

EI

Method may expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes

the internal representation of the object. If instances are accessed by untrusted code, and

unchecked changes to the mutable object would compromise security or other important

properties, you will need to do something different. Returning a new copy of the object is

better approach in many situations.

5

EI2

Method may expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation

of the object. If instances are accessed by untrusted code, and unchecked changes to the

mutable object would compromise security or other important properties, you will need to do

something different. Storing a copy of the object is better approach in many situations.

8

IJU

TestCase implements tearDown but doesn't call super.tearDown()

Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call

super.tearDown(), but doesn't.

1

MF

Class defines field that obscures a superclass field

This class defines a field with the same name as a visible instance field in a superclass.

This is confusing, and may indicate an error if methods update or access one of the fields

when they wanted the other.

5

MS

Field isn't final but should be

A mutable static field could be changed by malicious code or by accident from another

package. The field could be made final to avoid this vulnerability.

8

NP

Possible null pointer dereference in method

A reference value dereferenced here might be null at runtime. This may lead to a

NullPointerException when the code is executed.

2

ODR

Method may fail to close database resource

The method creates a database resource (such as a database connection or row set), does not

assign it to any fields, pass it to other methods, or return it, and does not appear to close

the object on all paths out of the method. Failure to close database resources on all paths

out of a method may result in poor performance, and could cause the application to have

problems communicating with the database.

2

REC

java.lang.Excep

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值