FindBugs是看了ss 论坛上YuLimin的提示,技术活干不了,体力活我来扛
FindBugs
:
这里有两篇介绍用法的文章:
结果
找到
bug
总数
50,这里的bug,只是按照FindBugs默认定义的pattern找到的结果,
不一定是真正的bug,例如
DSL中有6个是因为HistoryEventListener尚未完成,
造成的误报,表格后面列出了详细的位置,请大家有时间核对一下。
代码
详细解释
数量
DSL
Dead store to local variable
This instruction assigns a value to a local variable, but the value is not read by any
subsequent instruction. Often, this indicates an error, because the value computed is never
used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because
FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
8
DM
Method invokes System.exit(...)
Invoking System.exit shuts down the entire Java virtual machine. This should only been done
when it is appropriate. Such calls make it hard or impossible for your code to be invoked by
other code. Consider throwing a RuntimeException instead.
1
EI
Method may expose internal representation by returning reference to mutable object
Returning a reference to a mutable object value stored in one of the object's fields exposes
the internal representation of the object. If instances are accessed by untrusted code, and
unchecked changes to the mutable object would compromise security or other important
properties, you will need to do something different. Returning a new copy of the object is
better approach in many situations.
5
EI2
Method may expose internal representation by incorporating reference to mutable object
This code stores a reference to an externally mutable object into the internal representation
of the object. If instances are accessed by untrusted code, and unchecked changes to the
mutable object would compromise security or other important properties, you will need to do
something different. Storing a copy of the object is better approach in many situations.
8
IJU
TestCase implements tearDown but doesn't call super.tearDown()
Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call
super.tearDown(), but doesn't.
1
MF
Class defines field that obscures a superclass field
This class defines a field with the same name as a visible instance field in a superclass.
This is confusing, and may indicate an error if methods update or access one of the fields
when they wanted the other.
5
MS
Field isn't final but should be
A mutable static field could be changed by malicious code or by accident from another
package. The field could be made final to avoid this vulnerability.
8
NP
Possible null pointer dereference in method
A reference value dereferenced here might be null at runtime. This may lead to a
NullPointerException when the code is executed.
2
ODR
Method may fail to close database resource
The method creates a database resource (such as a database connection or row set), does not
assign it to any fields, pass it to other methods, or return it, and does not appear to close
the object on all paths out of the method. Failure to close database resources on all paths
out of a method may result in poor performance, and could cause the application to have
problems communicating with the database.
2
REC
java.lang.Excep