This repository has been archived by the owner on Oct 22, 2023. It is now read-only.
New SEI-Cert Detectors #110
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Dear Code Owners,
We at Ericsson evaluated some open source static analyzer tools for java and found that Spotbugs has already a
nice coverage for the SEI CERT Oracle Coding Standard for Java coding guideline (https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java).
We would like to increase this coverage by implementing checkers for yet uncovered rules and contribute these changes back to upstream Spotbugs.
What do you think about this initiative? Would it be a good fit for the other Spotbugs detectors and the future development directions of this tool?
We have initiated some PRs already which you may have noticed... Some you already reviewed. Thanks for that!
Add new rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS
Add new rule set PA_PUBLIC_PRIMITIVE_ATTRIBUTE, PA_PUBLIC_ARRAY_ATTRIBUTE and PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE
Add new rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS
Add new detector for ConstructorThrow
…
Is there a contribution guide that we may need to follow when implementing new detectors (to help the review process)?
Is there is anything we could help the community with, like additional test cases, improving the CI process, reviewing new PRs? Please let us know.
@KengoTODA , @h3xstream your guidance would be highly appreciated.
Thank & Regards,
Daniel
The text was updated successfully, but these errors were encountered: