FindBugs是看了ss 论坛上YuLimin的提示,技术活干不了,体力活我来扛
FindBugs
:
http://findbugs.sourceforge.net/
这里有两篇介绍用法的文章:
http://dev2dev.bea.com.cn/bbsdoc/20060124186.html
http://www-128.ibm.com/developerworks/cn/java/j-findbug1/index.html
结果
找到
bug
总数
50,这里的bug,只是按照FindBugs默认定义的pattern找到的结果,
不一定是真正的bug,例如
DSL中有6个是因为HistoryEventListener尚未完成,
造成的误报,表格后面列出了详细的位置,请大家有时间核对一下。
代码
|
详细解释
|
数量
|
DSL
|
Dead store to local variable
This instruction assigns a value to a local variable, but the value is not read by any
subsequent instruction. Often, this indicates an error, because the value computed is never
used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because
FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
|
8
|
DM
|
Method invokes System.exit(...)
Invoking System.exit shuts down the entire Java virtual machine. This should only been done
when it is appropriate. Such calls make it hard or impossible for your code to be invoked by
other code. Consider throwing a RuntimeException instead.
|
1
|
EI
|
Method may expose internal representation by returning reference to mutable object
Returning a reference to a mutable object value stored in one of the object's fields exposes
the internal representation of the object. If instances are accessed by untrusted code, and
unchecked changes to the mutable object would compromise security or other important
properties, you will need to do something different. Returning a new copy of the object is
better approach in many situations.
|
5
|
EI2
|
Method may expose internal representation by incorporating reference to mutable object
This code stores a reference to an externally mutable object into the internal representation
of the object. If instances are accessed by untrusted code, and unchecked changes to the
mutable object would compromise security or other important properties, you will need to do
something different. Storing a copy of the object is better approach in many situations.
|
8
|
IJU
|
TestCase implements tearDown but doesn't call super.tearDown()
Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call
super.tearDown(), but doesn't.
|
1
|
MF
|
Class defines field that obscures a superclass field
This class defines a field with the same name as a visible instance field in a superclass.
This is confusing, and may indicate an error if methods update or access one of the fields
when they wanted the other.
|
5
|
MS
|
Field isn't final but should be
A mutable static field could be changed by malicious code or by accident from another
package. The field could be made final to avoid this vulnerability.
|
8
|
NP
|
Possible null pointer dereference in method
A reference value dereferenced here might be null at runtime. This may lead to a
NullPointerException when the code is executed.
|
2
|
ODR
|
Method may fail to close database resource
The method creates a database resource (such as a database connection or row set), does not
assign it to any fields, pass it to other methods, or return it, and does not appear to close
the object on all paths out of the method. Failure to close database resources on all paths
out of a method may result in poor performance, and could cause the application to have
problems communicating with the database.
|
2
|
REC
|
java.lang.Exception is caught when Exception is not thrown
This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
|
1
|
SIC
|
Should be a static inner class
This class is an inner class, but does not use its embedded reference to the object which
created it. This reference makes the instances of the class larger, and may keep the
reference to the creator object alive longer than necessary. If possible, the class should be
be made static.
|
1
|
SS
|
Unread field: should this field be static?
This class contains an instance final field that is initialized to a compile-time static
value. Consider making the field static.
|
3
|
UI
|
Usage of GetResource may be unsafe if class is extended
Calling this.getClass().getResource(...) could give results other than expected if this class
is extended by a class in another package.
|
2
|
UrF
|
Unread field
This field is never read. Consider removing it from the class.
|
1
|
WMI
|
Inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet
iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the
Map.get(key) lookup.
|
2
|
合计
|
50
|
附详细列表:
DLS: Dead store to date in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent) HistoryEventListener.java springside/springside-core/src/org/springside/core/commons/support/audit line 25 2006年8月11日 11:28:46 29678
DLS: Dead store to id in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent) HistoryEventListener.java springside/springside-core/src/org/springside/core/commons/support/audit line 18 2006年8月11日 11:28:46 29675
DLS: Dead store to limit in method org.springside.plugins.webwork.action.SSActionSupport.prepareECTable(com.bba96.tiger.util.Page) SSActionSupport.java springside/springside-core/src/org/springside/plugins/webwork/action line 64 2006年8月11日 11:28:50 29690
DLS: Dead store to loginid in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent) HistoryEventListener.java springside/springside-core/src/org/springside/core/commons/support/audit line 24 2006年8月11日 11:28:46 29674
DLS: Dead store to newValues in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent) HistoryEventListener.java springside/springside-core/src/org/springside/core/commons/support/audit line 29 2006年8月11日 11:28:46 29677
DLS: Dead store to session in method org.springside.plugins.security.intercept.support.AuthenticationDetailsSourceHelper.buildDetails(javax.servlet.http.HttpServletRequest) AuthenticationDetailsSourceHelper.javaspringside/springside-core/src/org/springside/plugins/security/intercept/support line 19 2006年8月11日 11:28:49 29688
DLS: Dead store to type in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent) HistoryEventListener.java springside/springside-core/src/org/springside/core/commons/support/audit line 19 2006年8月11日 11:28:46 29676
DLS: Dead store to v in method org.springside.bookstore.plugins.jms.service.StorageCheckImpl.asynGetResidual(OrderSerializable,ResultListener) StorageCheckImpl.java springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service line 29 2006年8月11日 11:28:43 29668
Dm: org.springside.bookstore.plugins.jms.service.ActiveMQSecurityAdapter.<init>(boolean) invokes System.exit(...), which shuts down the entire virtual machine ActiveMQSecurityAdapter.java springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service line 40 2006年8月11日 11:28:42 29667
EI: org.springside.bookstore.commons.domain.Order.getOrderDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.orderDate Order.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 87 2006年8月11日 11:28:40 29655
EI: org.springside.bookstore.commons.domain.Order.getShipDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.shipDateOrder.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 132006
年
8
月
11
日
11:28:40 29657
EI: org.springside.bookstore.commons.domain.Product.getCreateTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.createTimeProduct.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 130 2006年8月11日 11:28:40 29659
EI: org.springside.bookstore.commons.domain.Product.getModifyTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.modifyTime Product.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 138 2006年8月11日 11:28:40 29661
EI: org.springside.plugins.security.resourcedetails.Resource.getAuthorities() may expose internal representation by returning org.springside.plugins.security.resourcedetails.Resource.authorities Resource.java springside/springside-core/src/org/springside/plugins/security/resourcedetails line 65 2006年8月11日 11:28:50 29689
EI2: org.springside.bookstore.commons.domain.Order.setOrderDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.orderDate Order.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 92006
年
8
月
11
日
11:28:40 29656
EI2: org.springside.bookstore.commons.domain.Order.setShipDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.shipDate Order.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 135 2006年8月11日 11:28:40 29658
EI2: org.springside.bookstore.commons.domain.Product.setCreateTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.createTime Product.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 134 2006年8月11日 11:28:40 29660
EI2: org.springside.bookstore.commons.domain.Product.setModifyTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.modifyTime Product.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 142 2006年8月11日 11:28:40 29662
EI2: org.springside.core.commons.BusinessException.<init>(String,String[],Throwable) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs BusinessException.java springside/springside-core/src/org/springside/core/commons line 62006
年
8
月
11
日
11:28:46 29672
EI2: org.springside.core.commons.BusinessException.<init>(String,String[]) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs BusinessException.java springside/springside-core/src/org/springside/core/commons line 50 2006年8月11日 11:28:46 29671
EI2: org.springside.plugins.aopcache.FlushingInterceptor.setCacheKeys(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.aopcache.FlushingInterceptor.cacheKeysFlushingInterceptor.java springside/springside-core/src/org/springside/plugins/aopcache line 32 2006年8月11日 11:28:48 29680
EI2: org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.setRuleFiles(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.ruleFiles AbstractFileRuleBaseLoader.java springside/springside-core/src/org/springside/plugins/jbossrules/support line 39 2006年8月11日 11:28:48 29681
IJU: TestCase org.springside.core.test.BaseXFireTest implements tearDown but doesn't call super.tearDown() BaseXFireTest.javaspringside/springside-core/src/org/springside/core/test line 37 2006年8月11日 11:28:47 29679
MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar springside/lib/core 2006年8月11日 11:08:12 29618
MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar springside/lib/core 2006年8月11日 11:28:45 29670
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.defaultAclObjectIdentityClass AbstractBasicAclCreator.java springside/springside-core/src/org/springside/plugins/security/acl/creator 2006年8月11日 11:28:49 29687
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processDomainObjectClass AbstractBasicAclCreator.java springside/springside-core/src/org/springside/plugins/security/acl/creator 2006年8月11日 11:28:49 29685
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processReturnedObjectClass AbstractBasicAclCreator.java springside/springside-core/src/org/springside/plugins/security/acl/creator 2006年8月11日 11:28:49 29686
MS: org.springside.bookstore.admin.exception.OrderException.LACK_INVENTORY isn't final but should beOrderException.java springside/springside-bookstore/src/org/springside/bookstore/admin/exception line 16 2006年8月11日 11:28:50 29691
MS: org.springside.bookstore.commons.domain.Order.statusEnum isn't final but should be Order.java springside/springside-bookstore/src/org/springside/bookstore/commons/domain line 22006
年
8
月
11
日
11:28:50 29692
MS: org.springside.bookstore.commons.web.support.HsqlListener.logger isn't final but should be HsqlListener.java springside/springside-bookstore/src/org/springside/bookstore/commons/web/support line 27 2006年8月11日 11:28:50 29693
MS: org.springside.core.commons.BaseHibernateDao.COUNT_MODE isn't final but should be BaseHibernateDao.java springside/springside-core/src/org/springside/core/commons line 30 2006年8月11日 11:28:50 29694
MS: org.springside.core.commons.BaseHibernateDao.LIST_MODE isn't final but should be BaseHibernateDao.java springside/springside-core/src/org/springside/core/commons line 32 2006年8月11日 11:28:50 29696
MS: org.springside.core.commons.BaseHibernateDao.SCROLL_MODE isn't final but should be BaseHibernateDao.java springside/springside-core/src/org/springside/core/commons line 32006
年
8
月
11
日
11:28:50 29695
MS: org.springside.core.commons.ConfigurableConstants.logger isn't final but should beConfigurableConstants.java springside/springside-core/src/org/springside/core/commons line 29 2006年8月11日 11:28:50 29697
MS: org.springside.core.commons.ConfigurableConstants.p isn't final but should beConfigurableConstants.java springside/springside-core/src/org/springside/core/commons line 30 2006年8月11日 11:28:50 29698
NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object) SimpleAclCreator.java springside/springside-core/src/org/springside/plugins/security/acl/creator line 103 2006年8月11日 11:28:49 29683
NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object) SimpleAclCreator.java springside/springside-core/src/org/springside/plugins/security/acl/creator line 105 2006年8月11日 11:28:49 29684
ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource HsqlListener.java springside/springside-bookstore/src/org/springside/bookstore/commons/web/support line 125 2006年8月11日 11:28:429664
ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource HsqlListener.java springside/springside-bookstore/src/org/springside/bookstore/commons/web/support line 127 2006年8月11日 11:28:429665
REC: Method org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught HsqlListener.java springside/springside-bookstore/src/org/springside/bookstore/commons/web/support line 129 2006年8月11日 11:28:429666
SIC: Should org.springside.core.utils.BeanUtilsTest$TestChildBean be a _static_ inner class? BeanUtilsTest.java springside/springside-core/test/unit/org/springside/core/utils line 37 2006年8月11日 11:28:50 29700
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialCreateSuccessResult; should this field be static? SSModelActionSupport.java springside/springside-core/src/org/springside/plugins/webwork/action 2006年8月11日 11:28:50 29701
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialRemoveSuccessResult; should this field be static? SSModelActionSupport.java springside/springside-core/src/org/springside/plugins/webwork/action 2006年8月11日 11:28:50 29702
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialUpdateSuccessResult; should this field be static? SSModelActionSupport.java springside/springside-core/src/org/springside/plugins/webwork/action 2006年8月11日 11:28:50 29703
UI: Usage of GetResource in org.springside.bookstore.commons.web.support.HsqlListener.contextInitialized(javax.servlet.ServletContextEvent) may be unsafe if class is extended HsqlListener.java springside/springside-bookstore/src/org/springside/bookstore/commons/web/support line 72 2006年8月11日 11:28:429663
UI: Usage of GetResource in org.springside.plugins.jbossrules.support.DSLRuleBaseLoader.buildRuleBase() may be unsafe if class is extended DSLRuleBaseLoader.java springside/springside-core/src/org/springside/plugins/jbossrules/support line 32 2006年8月11日 11:28:48 29682
UrF: Unread field: org.springside.TestBean.private_name TestBean.java springside/springside-core/test/unit/org/springside 2006年8月11日 11:28:50 29699
WMI: Method org.springside.core.commons.AbstractHibernateDao$1.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iteratorAbstractHibernateDao.java springside/springside-core/src/org/springside/core/commons line 148 2006年8月11日 11:28:45 29669
WMI: Method org.springside.core.commons.support.CriteriaSetup.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iterator CriteriaSetup.java springside/springside-core/src/org/springside/core/commons/supportline 18 2006年8月11日 11:28:46 29673
posted on 2006-08-11 13:21
leon du 阅读(6009)
评论(3) 编辑 收藏