I have findbugs plugin for eclipse which when run on my project will show results in Bugs explorer clubbed by the type of bug. I need to be able to do two things: Export all these to excel sheet Find out the bugs reported in a set of files (and be able to do it recursively w/o running for whole project and exporting and finding out th...
Being vaguely familiar with the Java world I was googling for a static analysis tool that would also was intelligent enough to fix the issues it finds. I ran at CodePro tool but, again, I'm new to the Java community and don't know the vendors. What tool can you recommend based on the criteria above? Thank you! ...
I ve been doing code review (mostly using tools like FindBug) of one of our pet projects and FindBug marked following code as errorneus (pseudocode): Connection conn = dataSource.getConnection(); try{ PreparedStatement stmt = conn.prepareStatement(); //initialize the statement stmt.execute(); ResultSet rs = stmt.getRes...
I had a nasty typo that wasted my time and my colleague's time, it was something like this: for (i = 0; i < blah; i++); // <- I had a semi-colon here, that's the bug! { // Some awesome logic here } First of all, it's very embarrassing, second thing, I should never repeat this. I'm relatively new to C. In Java, I guess I can use Find...
FindBugs has found a potential bug in my code. But it is not a bug. Is it possible to mark this occurrence as 'not a bug' AND have it removed from the bug list? I have documented quite clearly why for each case it is not a bug. For example. A class implements the comparable interface. it has the compareTo method. I have however not ov...
I am working on a very large legacy code base. We are looking to introduce findbugs into the development practice. I intend to have findbugs run whenever the code is built by eclipse. I would like to be able to make the findbugs warnings appear as errors in the code much in this way you can change the severity level in eclipse Is it ...
How do I setup an Ant task to generate a Findbugs report when the source folder has many jars in it? I'm looking for a worked example of the ant task required to output the fancy HTML from a folder containing multiple jars ...
When running FindBugs on my project, I got a few instances of the error described above. Namely, my overriding versions of equals cast the RHS object into the same type as the object in which the overriding version is defined. However, I'm not sure whether a better design is possible, since AFAIK Java does not allow variance in method ...
In Java is this nice tool called FindBugs. Is there something similar in .Net? ...
I just installed the FindBugs plugin for Eclipse, with the hope that it will help me find SQL injection vulnerabilities in my code. However, it doesn't seem to be finding anything, even when I deliberately put some in. In the following examples, assume staticFinalBaseQuery is declared as follows: public static final String staticFin...
Which maven scopes are available during report generation for a maven site? Are any available. I'm trying to share a FindBugs filter file between several modules without having it end up in any of the application jars. I was thinking of putting in a commons project, which will package it in a separate jar with a classifier of "build-too...
I'm defining a report configuration in my parent pom which will be run in each child and grandchild project. Like so: <reporting> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>findbugs-maven-plugin</artifactId> <version>1.2</version> <configuration> ...
You have usage: http://mojo.codehaus.org/findbugs-maven-plugin/usage.html <project> [...] <reporting> [...] <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>findbugs-maven-plugin</artifactId> <version>1.2.1</version> <configuration> <xmlOutput>true|false</xmlOutput> <xmlOutput...
I'm now working with code that looks like this public String getName(User user) { user.setSth(...); return user.getName(); } I think it's bad practice to change objects passed as parameters. Is there a tool that detects that kind of code? I looked at findbugs, pmd and checkstyle, but could not find any check for this. P.S....
I have a semi big Java application. It's written quite poorly and I suspect there are quite a lot of simple things I can do that will clean things up a bit and improve performance. For example I recently found the String.matches(regex) function used quite a lot in loops with the same regex. So I've replaced that with precompiled Patt...
I installed findbugs into my ant lib directory and added the following code into my main ANT script: <target name="findbugs" depends="init"> <findbugs home="C:\\findbugs\\" output="html outputFile="C:\\findbugs\\out.html" jvmargs="-Xms512M"> <sourcePath path="${messageaggregator.src}" /> <class location="${messageag...
I was looking through a Findbugs report on my code base and one of the patterns that was triggered was for an empty synchronzied block (i.e. synchronized (var) {}). The documentation says: Empty synchronized blocks are far more subtle and hard to use correctly than most people recognize, and empty synchronized blocks are almost...
Hi guys, I need to set up a filter file for my findbugs ant script that scans only the src/* files and not the test/* files. What is the syntax for checking all classes while ignoring any filename or package name with 'test' in the name? Thanks ...
I'd like to find out about the size of an array being allocated by looking at the bytecode, if that information is known at compile time, of course. Background: I want to write a FindBugs detector (which looks at the compiled bytecode) and report certain occurences of array allocations. In order to filter out false positives I am not in...
I ran findbugs on our code base and it pointed out there are two more Statements that still need to be closed. In this section of the code we run: preparedStatement = connection.prepareStatement(query); for 3 different queries, reusing preparedStatement. In the finally block we do close the resource: finally{ try{ if (resu...