javascript
java uncked_使用FindBugs对SpringSide1.0m3进行分析的结果
FindBugs是看了ss 論壇上YuLimin的提示,技術活干不了,體力活我來扛
FindBugs
:
這里有兩篇介紹用法的文章:
結果
找到
bug
總數
50,這里的bug,只是按照FindBugs默認定義的pattern找到的結果,
不一定是真正的bug,例如
DSL中有6個是因為HistoryEventListener尚未完成,
造成的誤報,表格后面列出了詳細的位置,請大家有時間核對一下。
代碼
詳細解釋
數量
DSL
Dead store to local variable
This instruction assigns a value to a local variable, but the value is not read by any
subsequent instruction. Often, this indicates an error, because the value computed is never
used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because
FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
8
DM
Method invokes System.exit(...)
Invoking System.exit shuts down the entire Java virtual machine. This should only been done
when it is appropriate. Such calls make it hard or impossible for your code to be invoked by
other code. Consider throwing a RuntimeException instead.
1
EI
Method may expose internal representation by returning reference to mutable object
Returning a reference to a mutable object value stored in one of the object's fields exposes
the internal representation of the object. If instances are accessed by untrusted code, and
unchecked changes to the mutable object would compromise security or other important
properties, you will need to do something different. Returning a new copy of the object is
better approach in many situations.
5
EI2
Method may expose internal representation by incorporating reference to mutable object
This code stores a reference to an externally mutable object into the internal representation
of the object. If instances are accessed by untrusted code, and unchecked changes to the
mutable object would compromise security or other important properties, you will need to do
something different. Storing a copy of the object is better approach in many situations.
8
IJU
TestCase implements tearDown but doesn't call super.tearDown()
Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call
super.tearDown(), but doesn't.
1
MF
Class defines field that obscures a superclass field
This class defines a field with the same name as a visible instance field in a superclass.
This is confusing, and may indicate an error if methods update or access one of the fields
when they wanted the other.
5
MS
Field isn't final but should be
A mutable static field could be changed by malicious code or by accident from another
package. The field could be made final to avoid this vulnerability.
8
NP
Possible null pointer dereference in method
A reference value dereferenced here might be null at runtime. This may lead to a
NullPointerException when the code is executed.
2
ODR
Method may fail to close database resource
The method creates a database resource (such as a database connection or row set), does not
assign it to any fields, pass it to other methods, or return it, and does not appear to close
the object on all paths out of the method. Failure to close database resources on all paths
out of a method may result in poor performance, and could cause the application to have
problems communicating with the database.
2
REC
java.lang.Exception is caught when Exception is not thrown
This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
1
SIC
Should be a static inner class
This class is an inner class, but does not use its embedded reference to the object which
created it. This reference makes the instances of the class larger, and may keep the
reference to the creator object alive longer than necessary. If possible, the class should be
be made static.
1
SS
Unread field: should this field be static?
This class contains an instance final field that is initialized to a compile-time static
value. Consider making the field static.
3
UI
Usage of GetResource may be unsafe if class is extended
Calling this.getClass().getResource(...) could give results other than expected if this class
is extended by a class in another package.
2
UrF
Unread field
This field is never read. Consider removing it from the class.
1
WMI
Inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet
iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the
Map.get(key) lookup.
2
合計
50
附詳細列表:
DLS: Dead store to date in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)HistoryEventListener.javaspringside/springside-core/src/org/springside/core/commons/support/auditline 252006年8月11日 11:28:4629678
DLS: Dead store to id in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)HistoryEventListener.javaspringside/springside-core/src/org/springside/core/commons/support/auditline 182006年8月11日 11:28:4629675
DLS: Dead store to limit in method org.springside.plugins.webwork.action.SSActionSupport.prepareECTable(com.bba96.tiger.util.Page)SSActionSupport.javaspringside/springside-core/src/org/springside/plugins/webwork/actionline 642006年8月11日 11:28:5029690
DLS: Dead store to loginid in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)HistoryEventListener.javaspringside/springside-core/src/org/springside/core/commons/support/auditline 242006年8月11日 11:28:4629674
DLS: Dead store to newValues in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)HistoryEventListener.javaspringside/springside-core/src/org/springside/core/commons/support/auditline 292006年8月11日 11:28:4629677
DLS: Dead store to session in method org.springside.plugins.security.intercept.support.AuthenticationDetailsSourceHelper.buildDetails(javax.servlet.http.HttpServletRequest)AuthenticationDetailsSourceHelper.javaspringside/springside-core/src/org/springside/plugins/security/intercept/supportline 192006年8月11日 11:28:4929688
DLS: Dead store to type in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)HistoryEventListener.javaspringside/springside-core/src/org/springside/core/commons/support/auditline 192006年8月11日 11:28:4629676
DLS: Dead store to v in method org.springside.bookstore.plugins.jms.service.StorageCheckImpl.asynGetResidual(OrderSerializable,ResultListener)StorageCheckImpl.javaspringside/springside-bookstore/src/org/springside/bookstore/plugins/jms/serviceline 292006年8月11日 11:28:4329668
Dm: org.springside.bookstore.plugins.jms.service.ActiveMQSecurityAdapter.(boolean) invokes System.exit(...), which shuts down the entire virtual machineActiveMQSecurityAdapter.javaspringside/springside-bookstore/src/org/springside/bookstore/plugins/jms/serviceline 402006年8月11日 11:28:4229667
EI: org.springside.bookstore.commons.domain.Order.getOrderDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.orderDateOrder.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 872006年8月11日 11:28:4029655
EI: org.springside.bookstore.commons.domain.Order.getShipDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.shipDateOrder.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 132006
年
8
月
11
日
11:28:4029657
EI: org.springside.bookstore.commons.domain.Product.getCreateTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.createTimeProduct.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 1302006年8月11日 11:28:4029659
EI: org.springside.bookstore.commons.domain.Product.getModifyTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.modifyTimeProduct.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 1382006年8月11日 11:28:4029661
EI: org.springside.plugins.security.resourcedetails.Resource.getAuthorities() may expose internal representation by returning org.springside.plugins.security.resourcedetails.Resource.authoritiesResource.javaspringside/springside-core/src/org/springside/plugins/security/resourcedetailsline 652006年8月11日 11:28:5029689
EI2: org.springside.bookstore.commons.domain.Order.setOrderDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.orderDateOrder.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 92006
年
8
月
11
日
11:28:4029656
EI2: org.springside.bookstore.commons.domain.Order.setShipDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.shipDateOrder.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 1352006年8月11日 11:28:4029658
EI2: org.springside.bookstore.commons.domain.Product.setCreateTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.createTimeProduct.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 1342006年8月11日 11:28:4029660
EI2: org.springside.bookstore.commons.domain.Product.setModifyTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.modifyTimeProduct.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 1422006年8月11日 11:28:4029662
EI2: org.springside.core.commons.BusinessException.(String,String[],Throwable) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgsBusinessException.javaspringside/springside-core/src/org/springside/core/commonsline 62006
年
8
月
11
日
11:28:4629672
EI2: org.springside.core.commons.BusinessException.(String,String[]) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgsBusinessException.javaspringside/springside-core/src/org/springside/core/commonsline 502006年8月11日 11:28:4629671
EI2: org.springside.plugins.aopcache.FlushingInterceptor.setCacheKeys(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.aopcache.FlushingInterceptor.cacheKeysFlushingInterceptor.javaspringside/springside-core/src/org/springside/plugins/aopcacheline 322006年8月11日 11:28:4829680
EI2: org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.setRuleFiles(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.ruleFilesAbstractFileRuleBaseLoader.javaspringside/springside-core/src/org/springside/plugins/jbossrules/supportline 392006年8月11日 11:28:4829681
IJU: TestCase org.springside.core.test.BaseXFireTest implements tearDown but doesn't call super.tearDown()BaseXFireTest.javaspringside/springside-core/src/org/springside/core/testline 372006年8月11日 11:28:4729679
MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jarspringside/lib/core2006年8月11日 11:08:1229618
MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jarspringside/lib/core2006年8月11日 11:28:4529670
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.defaultAclObjectIdentityClassAbstractBasicAclCreator.javaspringside/springside-core/src/org/springside/plugins/security/acl/creator2006年8月11日 11:28:4929687
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processDomainObjectClassAbstractBasicAclCreator.javaspringside/springside-core/src/org/springside/plugins/security/acl/creator2006年8月11日 11:28:4929685
MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processReturnedObjectClassAbstractBasicAclCreator.javaspringside/springside-core/src/org/springside/plugins/security/acl/creator2006年8月11日 11:28:4929686
MS: org.springside.bookstore.admin.exception.OrderException.LACK_INVENTORY isn't final but should beOrderException.javaspringside/springside-bookstore/src/org/springside/bookstore/admin/exceptionline 162006年8月11日 11:28:5029691
MS: org.springside.bookstore.commons.domain.Order.statusEnum isn't final but should beOrder.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/domainline 22006
年
8
月
11
日
11:28:5029692
MS: org.springside.bookstore.commons.web.support.HsqlListener.logger isn't final but should beHsqlListener.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/web/supportline 272006年8月11日 11:28:5029693
MS: org.springside.core.commons.BaseHibernateDao.COUNT_MODE isn't final but should beBaseHibernateDao.javaspringside/springside-core/src/org/springside/core/commonsline 302006年8月11日 11:28:5029694
MS: org.springside.core.commons.BaseHibernateDao.LIST_MODE isn't final but should beBaseHibernateDao.javaspringside/springside-core/src/org/springside/core/commonsline 322006年8月11日 11:28:5029696
MS: org.springside.core.commons.BaseHibernateDao.SCROLL_MODE isn't final but should beBaseHibernateDao.javaspringside/springside-core/src/org/springside/core/commonsline 32006
年
8
月
11
日
11:28:5029695
MS: org.springside.core.commons.ConfigurableConstants.logger isn't final but should beConfigurableConstants.javaspringside/springside-core/src/org/springside/core/commonsline 292006年8月11日 11:28:5029697
MS: org.springside.core.commons.ConfigurableConstants.p isn't final but should beConfigurableConstants.javaspringside/springside-core/src/org/springside/core/commonsline 302006年8月11日 11:28:5029698
NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)SimpleAclCreator.javaspringside/springside-core/src/org/springside/plugins/security/acl/creatorline 1032006年8月11日 11:28:4929683
NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)SimpleAclCreator.javaspringside/springside-core/src/org/springside/plugins/security/acl/creatorline 1052006年8月11日 11:28:4929684
ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resourceHsqlListener.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/web/supportline 1252006年8月11日 11:28:429664
ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resourceHsqlListener.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/web/supportline 1272006年8月11日 11:28:429665
REC: Method org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caughtHsqlListener.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/web/supportline 1292006年8月11日 11:28:429666
SIC: Should org.springside.core.utils.BeanUtilsTest$TestChildBean be a _static_ inner class?BeanUtilsTest.javaspringside/springside-core/test/unit/org/springside/core/utilsline 372006年8月11日 11:28:5029700
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialCreateSuccessResult; should this field be static?SSModelActionSupport.javaspringside/springside-core/src/org/springside/plugins/webwork/action2006年8月11日 11:28:5029701
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialRemoveSuccessResult; should this field be static?SSModelActionSupport.javaspringside/springside-core/src/org/springside/plugins/webwork/action2006年8月11日 11:28:5029702
SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialUpdateSuccessResult; should this field be static?SSModelActionSupport.javaspringside/springside-core/src/org/springside/plugins/webwork/action2006年8月11日 11:28:5029703
UI: Usage of GetResource in org.springside.bookstore.commons.web.support.HsqlListener.contextInitialized(javax.servlet.ServletContextEvent) may be unsafe if class is extendedHsqlListener.javaspringside/springside-bookstore/src/org/springside/bookstore/commons/web/supportline 722006年8月11日 11:28:429663
UI: Usage of GetResource in org.springside.plugins.jbossrules.support.DSLRuleBaseLoader.buildRuleBase() may be unsafe if class is extendedDSLRuleBaseLoader.javaspringside/springside-core/src/org/springside/plugins/jbossrules/supportline 322006年8月11日 11:28:4829682
UrF: Unread field: org.springside.TestBean.private_nameTestBean.javaspringside/springside-core/test/unit/org/springside2006年8月11日 11:28:5029699
WMI: Method org.springside.core.commons.AbstractHibernateDao$1.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iteratorAbstractHibernateDao.javaspringside/springside-core/src/org/springside/core/commonsline 1482006年8月11日 11:28:4529669
WMI: Method org.springside.core.commons.support.CriteriaSetup.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iteratorCriteriaSetup.javaspringside/springside-core/src/org/springside/core/commons/supportline 182006年8月11日 11:28:4629673
posted on 2006-08-11 13:21 leon du 閱讀(5689) 評論(3) ?編輯 ?收藏
總結
以上是生活随笔為你收集整理的java uncked_使用FindBugs对SpringSide1.0m3进行分析的结果的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java当数值超过byte时_java试
- 下一篇: java nio.2群发_JAVA NI