软件构造第五次学习博客——SpotBugs概述
SpotBugs 介绍
SpotBugs是Findbugs的继任者(用于对代码进行静态分析,查找相关的漏洞。
SpotBugs官方文档的bug描述
目前SpotBugs 自带检测器,其中有90余种Bad practice,155余种Correctness,9种Experimental, 2种 Internationalization,17种Malicious code vulnerability,46种Multithreaded correctness,4种 Bogus random noise,37种Performance,11种 Security,87种Dodgy。
Malicious code vulnerability (MALICIOUS_CODE)恶意代码漏洞
code that is vulnerable to attacks from untrusted code
代码有漏洞,可能被攻击
Multithreaded correctness (MT_CORRECTNESS)多线程的正确性
code flaws having to do with threads, locks, and volatiles
可能导致线程、死锁及不稳定的
Performance (PERFORMANCE)性能
code that is not necessarily incorrect but may be inefficient
可能代码正确但是性能会有问题的地方
Security (SECURITY)安全
A use of untrusted input in a way that could create a remotely exploitable security vulnerability.