FindBugs是看了ss 論壇上YuLimin的提示,技術活干不了,體力活我來扛
FindBugs
:
http://findbugs.sourceforge.net/
這里有兩篇介紹用法的文章:
http://dev2dev.bea.com.cn/bbsdoc/20060124186.html
http://www-128.ibm.com/developerworks/cn/java/j-findbug1/index.html
?
結果
找到
bug
總數
50,這里的bug,只是按照FindBugs默認定義的pattern找到的結果,
不一定是真正的bug,例如
DSL中有6個是因為HistoryEventListener尚未完成,
造成的誤報,表格后面列出了詳細的位置,請大家有時間核對一下。
|
代碼
|
詳細解釋
|
數量
|
|
DSL
|
Dead store to local variable
This instruction assigns a value to a local variable, but the value is not read by any
?subsequent instruction. Often, this indicates an error, because the value computed is never
?used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because
?FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
|
8
|
|
DM
|
Method invokes System.exit(...)
Invoking System.exit shuts down the entire Java virtual machine. This should only been done
?when it is appropriate. Such calls make it hard or impossible for your code to be invoked by
?other code. Consider throwing a RuntimeException instead.
|
1
|
|
EI
|
Method may expose internal representation by returning reference to mutable object
Returning a reference to a mutable object value stored in one of the object's fields exposes
?the internal representation of the object. If instances are accessed by untrusted code, and
?unchecked changes to the mutable object would compromise security or other important
?properties, you will need to do something different. Returning a new copy of the object is
?better approach in many situations.
|
5
|
|
EI2
|
Method may expose internal representation by incorporating reference to mutable object
This code stores a reference to an externally mutable object into the internal representation
?of the object. If instances are accessed by untrusted code, and unchecked changes to the
?mutable object would compromise security or other important properties, you will need to do
?something different. Storing a copy of the object is better approach in many situations.
|
8
|
|
IJU
|
TestCase implements tearDown but doesn't call super.tearDown()
Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call
?super.tearDown(), but doesn't.
|
1
|
|
MF
|
Class defines field that obscures a superclass field
This class defines a field with the same name as a visible instance field in a superclass.
?This is confusing, and may indicate an error if methods update or access one of the fields
?when they wanted the other.
|
5
|
|
MS
|
Field isn't final but should be
A mutable static field could be changed by malicious code or by accident from another
?package. The field could be made final to avoid this vulnerability.
|
8
|
|
NP
|
Possible null pointer dereference in method
A reference value dereferenced here might be null at runtime. This may lead to a
?NullPointerException when the code is executed.
|
2
|
|
ODR
|
Method may fail to close database resource
The method creates a database resource (such as a database connection or row set), does not
?assign it to any fields, pass it to other methods, or return it, and does not appear to close
?the object on all paths out of the method. Failure to close database resources on all paths
?out of a method may result in poor performance, and could cause the application to have
?problems communicating with the database.
|
2
|
|
REC
|
java.lang.Exception is caught when Exception is not thrown
This method uses a try-catch block that catches Exception objects, but Exception is not
?thrown within the try block, and RuntimeException is not explicitly caught. It is a common
?bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
?a number of types of exception each of whose catch blocks is identical, but this construct
?also accidentally catches RuntimeException as well, masking potential bugs.
|
1
|
|
SIC
|
Should be a static inner class
This class is an inner class, but does not use its embedded reference to the object which
?created it. This reference makes the instances of the class larger, and may keep the
?reference to the creator object alive longer than necessary. If possible, the class should be
?be made static.
|
1
|
|
SS
|
Unread field: should this field be static?
This class contains an instance final field that is initialized to a compile-time static
?value. Consider making the field static.
|
3
|
|
UI
|
Usage of GetResource may be unsafe if class is extended
Calling this.getClass().getResource(...) could give results other than expected if this class
?is extended by a class in another package.
|
2
|
|
UrF
|
Unread field
This field is never read. Consider removing it from the class.
|
1
|
|
WMI
|
Inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet
?iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the
?Map.get(key) lookup.
|
2
|
|
合計
|
50
|
附詳細列表:
DLS: Dead store to date in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)?????? HistoryEventListener.java????? springside/springside-core/src/org/springside/core/commons/support/audit?????? line 25???? 2006年8月11日 11:28:46?????? 29678
?
DLS: Dead store to id in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)?????? HistoryEventListener.java????? springside/springside-core/src/org/springside/core/commons/support/audit?????? line 18???? 2006年8月11日 11:28:46?????? 29675
?
DLS: Dead store to limit in method org.springside.plugins.webwork.action.SSActionSupport.prepareECTable(com.bba96.tiger.util.Page)???? SSActionSupport.java?????? springside/springside-core/src/org/springside/plugins/webwork/action?????? line 64???? 2006年8月11日 11:28:50? 29690
?
DLS: Dead store to loginid in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)?????? HistoryEventListener.java????? springside/springside-core/src/org/springside/core/commons/support/audit?????? line 24???? 2006年8月11日 11:28:46?????? 29674
?
DLS: Dead store to newValues in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)?????? HistoryEventListener.java????? springside/springside-core/src/org/springside/core/commons/support/audit?????? line 29???? 2006年8月11日 11:28:46?????? 29677
?
DLS: Dead store to session in method org.springside.plugins.security.intercept.support.AuthenticationDetailsSourceHelper.buildDetails(javax.servlet.http.HttpServletRequest)???? AuthenticationDetailsSourceHelper.javaspringside/springside-core/src/org/springside/plugins/security/intercept/support?????? line 19??? 2006年8月11日 11:28:49? 29688
?
DLS: Dead store to type in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)?????? HistoryEventListener.java????? springside/springside-core/src/org/springside/core/commons/support/audit?????? line 19???? 2006年8月11日 11:28:46?????? 29676
?
DLS: Dead store to v in method org.springside.bookstore.plugins.jms.service.StorageCheckImpl.asynGetResidual(OrderSerializable,ResultListener)?????? StorageCheckImpl.java? springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service???? line 29???? 2006年8月11日 11:28:43?????? 29668
?
Dm: org.springside.bookstore.plugins.jms.service.ActiveMQSecurityAdapter.<init>(boolean) invokes System.exit(...), which shuts down the entire virtual machine???? ActiveMQSecurityAdapter.java?????? springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service???? line 40???? 2006年8月11日 11:28:42?????? 29667
?
EI: org.springside.bookstore.commons.domain.Order.getOrderDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.orderDate????? Order.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 87???? 2006年8月11日 11:28:40?????? 29655
?
EI: org.springside.bookstore.commons.domain.Order.getShipDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.shipDateOrder.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 132006
年
8
月
11
日
11:28:40?????? 29657
?
EI: org.springside.bookstore.commons.domain.Product.getCreateTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.createTimeProduct.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 130?? 2006年8月11日 11:28:40?????? 29659
?
EI: org.springside.bookstore.commons.domain.Product.getModifyTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.modifyTime????? Product.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 138?? 2006年8月11日 11:28:40?????? 29661
?
EI: org.springside.plugins.security.resourcedetails.Resource.getAuthorities() may expose internal representation by returning org.springside.plugins.security.resourcedetails.Resource.authorities?? Resource.java?????? springside/springside-core/src/org/springside/plugins/security/resourcedetails?? line 65???? 2006年8月11日 11:28:50? 29689
?
EI2: org.springside.bookstore.commons.domain.Order.setOrderDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.orderDate????? Order.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 92006
年
8
月
11
日
11:28:40? 29656
?
EI2: org.springside.bookstore.commons.domain.Order.setShipDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.shipDate?????? Order.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 135?? 2006年8月11日 11:28:40?????? 29658
?
EI2: org.springside.bookstore.commons.domain.Product.setCreateTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.createTime?? Product.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 134?? 2006年8月11日 11:28:40?????? 29660
?
EI2: org.springside.bookstore.commons.domain.Product.setModifyTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.modifyTime? Product.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 142?? 2006年8月11日 11:28:40?????? 29662
?
EI2: org.springside.core.commons.BusinessException.<init>(String,String[],Throwable) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs????? BusinessException.java?????? springside/springside-core/src/org/springside/core/commons???? line 62006
年
8
月
11
日
11:28:46? 29672
?
EI2: org.springside.core.commons.BusinessException.<init>(String,String[]) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs?????? BusinessException.java?????? springside/springside-core/src/org/springside/core/commons???? line 50???? 2006年8月11日 11:28:46? 29671
?
EI2: org.springside.plugins.aopcache.FlushingInterceptor.setCacheKeys(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.aopcache.FlushingInterceptor.cacheKeysFlushingInterceptor.java?????? springside/springside-core/src/org/springside/plugins/aopcache? line 32???? 2006年8月11日 11:28:48? 29680
?
EI2: org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.setRuleFiles(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.ruleFiles?????? AbstractFileRuleBaseLoader.java?? springside/springside-core/src/org/springside/plugins/jbossrules/support??? line 39???? 2006年8月11日 11:28:48?????? 29681
?
IJU: TestCase org.springside.core.test.BaseXFireTest implements tearDown but doesn't call super.tearDown()?????? BaseXFireTest.javaspringside/springside-core/src/org/springside/core/test?????? line 37???? 2006年8月11日 11:28:47? 29679
?
MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar?? springside/lib/core???????? 2006年8月11日 11:08:12?????? 29618
?
MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar?? springside/lib/core???????? 2006年8月11日 11:28:45?????? 29670
?
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.defaultAclObjectIdentityClass?? AbstractBasicAclCreator.java?????? springside/springside-core/src/org/springside/plugins/security/acl/creator???????? 2006年8月11日 11:28:49? 29687
?
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processDomainObjectClass????? AbstractBasicAclCreator.java?????? springside/springside-core/src/org/springside/plugins/security/acl/creator???????? 2006年8月11日 11:28:49? 29685
?
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processReturnedObjectClass??? AbstractBasicAclCreator.java?????? springside/springside-core/src/org/springside/plugins/security/acl/creator???????? 2006年8月11日 11:28:49? 29686
?
MS: org.springside.bookstore.admin.exception.OrderException.LACK_INVENTORY isn't final but should beOrderException.java?????? springside/springside-bookstore/src/org/springside/bookstore/admin/exception? line 16???? 2006年8月11日 11:28:50? 29691
?
MS: org.springside.bookstore.commons.domain.Order.statusEnum isn't final but should be???? Order.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/domain?????? line 22006
年
8
月
11
日
11:28:50? 29692
?
MS: org.springside.bookstore.commons.web.support.HsqlListener.logger isn't final but should be?? HsqlListener.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/web/support????? line 27???? 2006年8月11日 11:28:50?????? 29693
?
MS: org.springside.core.commons.BaseHibernateDao.COUNT_MODE isn't final but should be????? BaseHibernateDao.java?????? springside/springside-core/src/org/springside/core/commons???? line 30???? 2006年8月11日 11:28:50? 29694
?
MS: org.springside.core.commons.BaseHibernateDao.LIST_MODE isn't final but should be??? BaseHibernateDao.java?????? springside/springside-core/src/org/springside/core/commons???? line 32???? 2006年8月11日 11:28:50? 29696
?
MS: org.springside.core.commons.BaseHibernateDao.SCROLL_MODE isn't final but should be???? BaseHibernateDao.java?????? springside/springside-core/src/org/springside/core/commons???? line 32006
年
8
月
11
日
11:28:50? 29695
?
MS: org.springside.core.commons.ConfigurableConstants.logger isn't final but should beConfigurableConstants.java?????? springside/springside-core/src/org/springside/core/commons???? line 29???? 2006年8月11日 11:28:50? 29697
?
MS: org.springside.core.commons.ConfigurableConstants.p isn't final but should beConfigurableConstants.java?????? springside/springside-core/src/org/springside/core/commons???? line 30???? 2006年8月11日 11:28:50? 29698
?
NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)?????? SimpleAclCreator.java??? springside/springside-core/src/org/springside/plugins/security/acl/creator? line 103?? 2006年8月11日 11:28:49? 29683
?
NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)?????? SimpleAclCreator.java??? springside/springside-core/src/org/springside/plugins/security/acl/creator? line 105?? 2006年8月11日 11:28:49? 29684
?
ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource? HsqlListener.java??? springside/springside-bookstore/src/org/springside/bookstore/commons/web/support?????? line 125?? 2006年8月11日 11:28:429664
?
ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource? HsqlListener.java??? springside/springside-bookstore/src/org/springside/bookstore/commons/web/support?????? line 127?? 2006年8月11日 11:28:429665
?
REC: Method org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught????? HsqlListener.java?????? springside/springside-bookstore/src/org/springside/bookstore/commons/web/support????? line 129?? 2006年8月11日 11:28:429666
?
SIC: Should org.springside.core.utils.BeanUtilsTest$TestChildBean be a _static_ inner class??? BeanUtilsTest.java?????? springside/springside-core/test/unit/org/springside/core/utils?????? line 37???? 2006年8月11日 11:28:50? 29700
?
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialCreateSuccessResult; should this field be static????? SSModelActionSupport.java? springside/springside-core/src/org/springside/plugins/webwork/action????????????? 2006年8月11日 11:28:50?????? 29701
?
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialRemoveSuccessResult; should this field be static????? SSModelActionSupport.java? springside/springside-core/src/org/springside/plugins/webwork/action????????????? 2006年8月11日 11:28:50?????? 29702
?
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialUpdateSuccessResult; should this field be static????? SSModelActionSupport.java? springside/springside-core/src/org/springside/plugins/webwork/action????????????? 2006年8月11日 11:28:50?????? 29703
?
UI: Usage of GetResource in org.springside.bookstore.commons.web.support.HsqlListener.contextInitialized(javax.servlet.ServletContextEvent) may be unsafe if class is extended??? HsqlListener.java??? springside/springside-bookstore/src/org/springside/bookstore/commons/web/support????? line 72??? 2006年8月11日 11:28:429663
?
UI: Usage of GetResource in org.springside.plugins.jbossrules.support.DSLRuleBaseLoader.buildRuleBase() may be unsafe if class is extended? DSLRuleBaseLoader.java?????? springside/springside-core/src/org/springside/plugins/jbossrules/support??? line 32???? 2006年8月11日 11:28:48?????? 29682
?
UrF: Unread field: org.springside.TestBean.private_name???? TestBean.java? springside/springside-core/test/unit/org/springside?????? ?????? 2006年8月11日 11:28:50? 29699
?
WMI: Method org.springside.core.commons.AbstractHibernateDao$1.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iteratorAbstractHibernateDao.java?????? springside/springside-core/src/org/springside/core/commons???? line 148?? 2006年8月11日 11:28:45? 29669
?
WMI: Method org.springside.core.commons.support.CriteriaSetup.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iterator?????? CriteriaSetup.java?????? springside/springside-core/src/org/springside/core/commons/supportline 18???? 2006年8月11日 11:28:46? 29673
posted on 2006-08-11 13:21
leon du 閱讀(6028)
評論(3) 編輯 收藏