Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: upgrade SpotBugs Contrib to 7.6.0 #726

Merged
merged 2 commits into from
Apr 27, 2023
Merged

deps: upgrade SpotBugs Contrib to 7.6.0 #726

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6a9dd0d
deps: upgrade SpotBugs Contrib to 7.6.0
gtoison Apr 12, 2023
633fded
doc: updated the sb-contrib and findsecbugs project links
gtoison Apr 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

## Description / Features

This plugin requires the [SonarJava Plugin](https://docs.sonarqube.org/display/PLUG/SonarJava), and uses [SpotBugs](https://spotbugs.github.io), [fb-contrib](http://fb-contrib.sourceforge.net/) and [Find Security Bugs](http://h3xstream.github.io/find-sec-bugs/) to provide coding rules.
This plugin requires the [SonarJava Plugin](https://docs.sonarqube.org/display/PLUG/SonarJava), and uses [SpotBugs](https://spotbugs.github.io), [fb-contrib](https://github.com/mebigfatguy/fb-contrib) and [Find Security Bugs](https://find-sec-bugs.github.io/) to provide coding rules.

### Supported Languages

Expand Down
4 changes: 2 additions & 2 deletions generate_profiles/BuildXmlFiles.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ import groovy.json.JsonSlurper;
@Grapes([

@Grab(group='com.github.spotbugs', module='spotbugs', version='4.7.3'),
@Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.4.7'),
@Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.6.0'),
@Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.12.0')]
)


FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.7.3')
CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.4.7')
CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.6.0')
FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.12.0')

def destDir() {
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
Update the version table and the rules count badge in README.md
-->
<spotbugs.version>4.7.3</spotbugs.version>
<sbcontrib.version>7.4.7</sbcontrib.version>
<sbcontrib.version>7.6.0</sbcontrib.version>
<findsecbugs.version>1.12.0</findsecbugs.version>

<jdk.min.version>1.8</jdk.min.version>
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/sonar/plugins/findbugs/rules/FbContribRulesDefinition.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ public class FbContribRulesDefinition implements RulesDefinition {

public static final String REPOSITORY_KEY = "fb-contrib";
public static final String REPOSITORY_NAME = "FindBugs Contrib";
public static final int RULE_COUNT = 307;
public static final int DEACTIVED_RULE_COUNT = 0;
public static final int RULE_COUNT = 312;
public static final int DEACTIVED_RULE_COUNT = 1;

@Override
public void define(Context context) {
Expand Down
27 changes: 21 additions & 6 deletions src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-and-fb-contrib.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1634,9 +1634,6 @@
<Match>
<Bug pattern='SPP_STRINGBUFFER_WITH_EMPTY_STRING' />
</Match>
<Match>
<Bug pattern='SPP_EQUALS_ON_ENUM' />
</Match>
<Match>
<Bug pattern='SPP_INVALID_BOOLEAN_NULL_CHECK' />
</Match>
Expand All @@ -1658,6 +1655,9 @@
<Match>
<Bug pattern='SPP_USE_ZERO_WITH_COMPARATOR' />
</Match>
<Match>
<Bug pattern='SPP_PASSING_THIS_AS_PARM' />
</Match>
<Match>
<Bug pattern='MUI_USE_CONTAINSKEY' />
</Match>
Expand Down Expand Up @@ -2216,6 +2216,9 @@
<Match>
<Bug pattern='WI_MANUALLY_ALLOCATING_AN_AUTOWIRED_BEAN' />
</Match>
<Match>
<Bug pattern='WI_WIRING_OF_STATIC_FIELD' />
</Match>
<Match>
<Bug pattern='CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY' />
</Match>
Expand Down Expand Up @@ -2243,6 +2246,9 @@
<Match>
<Bug pattern='OI_OPTIONAL_ISSUES_USES_ORELSEGET_WITH_NULL' />
</Match>
<Match>
<Bug pattern='OI_OPTIONAL_ISSUES_ISPRESENT_PREFERRED' />
</Match>
<Match>
<Bug pattern='UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT' />
</Match>
Expand Down Expand Up @@ -2273,9 +2279,6 @@
<Match>
<Bug pattern='LUI_USE_COLLECTION_ADD' />
</Match>
<Match>
<Bug pattern='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' />
</Match>
<Match>
<Bug pattern='FII_USE_METHOD_REFERENCE' />
</Match>
Expand Down Expand Up @@ -2303,4 +2306,16 @@
<Match>
<Bug pattern='SAT_SUSPICIOUS_ARGUMENT_TYPES' />
</Match>
<Match>
<Bug pattern='ENMI_EQUALS_ON_ENUM' />
</Match>
<Match>
<Bug pattern='ENMI_NULL_ENUM_VALUE' />
</Match>
<Match>
<Bug pattern='ENMI_ONE_ENUM_VALUE' />
</Match>
<Match>
<Bug pattern='AKI_SUPERFLUOUS_ROUTE_SPECIFICATION' />
</Match>
</FindBugsFilter>
98 changes: 84 additions & 14 deletions src/main/resources/org/sonar/plugins/findbugs/rules-fbcontrib.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -714,7 +714,7 @@ if (!date1.equals( date2 ))
a potential cause of memory bloat.&lt;/p&gt;

&lt;p&gt;
If this collection is a list, set or otherwise of static things (e.g. a List&amp;gt;String&amp;gt; for month names), consider
If this collection is a list, set or otherwise of static things (e.g. a List&amp;lt;String&amp;gt; for month names), consider
adding all of the elements in a static initializer, which can only be called once:&lt;br/&gt;
&lt;pre&gt;&lt;code&gt;
private static List&amp;lt;String&amp;gt; monthNames = new ArrayList&amp;lt;String&amp;gt;();
Expand Down Expand Up @@ -1111,15 +1111,6 @@ if (myString.indexOf('e') != -1) {
<tag>performance</tag>
<tag>bug</tag>
</rule>
<rule key='SPP_EQUALS_ON_ENUM' priority='MAJOR'>
<name>Correctness - Method calls equals on an enum instance</name>
<configKey>SPP_EQUALS_ON_ENUM</configKey>
<description>&lt;p&gt;This method calls the equals(Object) method on an enum instance. Since enums values are singletons,
you can use == to safely compare two enum values. In fact, the implementation for Enum.equals does just
that.&lt;/p&gt;</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='SPP_INVALID_BOOLEAN_NULL_CHECK' priority='MAJOR'>
<name>Correctness - Method uses invalid C++ style null check on Boolean</name>
<configKey>SPP_INVALID_BOOLEAN_NULL_CHECK</configKey>
Expand Down Expand Up @@ -1215,6 +1206,18 @@ if ({{FLAWED_TEST_LOGIC}}) {
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='SPP_PASSING_THIS_AS_PARM' priority='MAJOR'>
<name>Correctness - Method call passes object that the method is called on as a parameter</name>
<configKey>SPP_PASSING_THIS_AS_PARM</configKey>
<description>&lt;p&gt;This method calls an instance method passing the object that the method is called on as a parameter, such as
&lt;code&gt;
foo.someMethod(foo);
&lt;/code&gt;
As you already have access to this object thru this, you don't need to pass it.
&lt;/p&gt;</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='MUI_USE_CONTAINSKEY' priority='MAJOR'>
<name>Correctness - Method calls keySet() just to call contains, use containsKey instead</name>
<configKey>MUI_USE_CONTAINSKEY</configKey>
Expand Down Expand Up @@ -3275,6 +3278,15 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='WI_WIRING_OF_STATIC_FIELD' priority='MAJOR'>
<name>Correctness - Static field is autowired</name>
<configKey>WI_WIRING_OF_STATIC_FIELD</configKey>
<description>&lt;p&gt;Autowiring of static fields does not work using simple @Autowire annotations, not should you attempt to do
so as it's an anti pattern. Use PostConstruct methods to initialize static fields if you must do something
like this.&lt;/p&gt;</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY' priority='MAJOR'>
<name>Correctness - Method gets and sets a value of a ConcurrentHashMap in a racy manner</name>
<configKey>CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY</configKey>
Expand Down Expand Up @@ -3377,6 +3389,28 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='OI_OPTIONAL_ISSUES_ISPRESENT_PREFERRED' priority='MAJOR'>
<name>Correctness - Method uses Optional.equals(Optional.empty()), when Optional.isPresent is more readable</name>
<configKey>OI_OPTIONAL_ISSUES_ISPRESENT_PREFERRED</configKey>
<description>&lt;p&gt;This method uses Optional.equals(Optional.empty()). It is more readable and more clear just to use the Optional.isPresent()
method to determine whether the reference exists or not. Use
&lt;br/&gt;
&lt;pre&gt;&lt;code&gt;
Optional f = getSomeOptional();
if (!f.isPresent()) {
}
&lt;/code&gt;&lt;/pre&gt;
rather than
&lt;br/&gt;
&lt;pre&gt;&lt;code&gt;
Optional f = getSomeOptional();
if (f.equals(Optional.empty()) {
}
&lt;/code&gt;&lt;/pre&gt;
&lt;/p&gt;</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT' priority='MAJOR'>
<name>Correctness - Method constructs a Date object, merely to convert it to an Instant object</name>
<configKey>UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT</configKey>
Expand Down Expand Up @@ -3560,8 +3594,8 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' priority='MAJOR'>
<name>Correctness - Method calls contains() on a collected lambda expression</name>
<rule key='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' priority='INFO'>
<name>Experimental - Method calls contains() on a collected lambda expression</name>
<configKey>FII_AVOID_CONTAINS_ON_COLLECTED_STREAM</configKey>
<description>&lt;p&gt;This method builds a collection using lambda expressions with a collect terminal operation. It then immediately
calls the contains() method on it, to see if an item is present. This is sub optimal as the lambda still needs to
Expand All @@ -3578,8 +3612,7 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
baubles.stream().anyMatch(b -&gt; name.equals(b.getName()))
&lt;/pre&gt;&lt;/code&gt;
&lt;/p&gt;</description>
<tag>correctness</tag>
<tag>bug</tag>
<tag>experimental</tag>
</rule>
<rule key='FII_USE_METHOD_REFERENCE' priority='MAJOR'>
<name>Correctness - Method creates an anonymous lambda expression instead of specifying a method reference</name>
Expand Down Expand Up @@ -3729,4 +3762,41 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='ENMI_EQUALS_ON_ENUM' priority='MAJOR'>
<name>Correctness - Method calls equals on an enum instance</name>
<configKey>ENMI_EQUALS_ON_ENUM</configKey>
<description>&lt;p&gt;This method calls the equals(Object) method on an enum instance. Since enums values are singletons,
you can use == to safely compare two enum values. In fact, the implementation for Enum.equals does just
that.&lt;/p&gt;</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='ENMI_NULL_ENUM_VALUE' priority='MAJOR'>
<name>Correctness - Method sets an enum reference to null</name>
<configKey>ENMI_NULL_ENUM_VALUE</configKey>
<description>&lt;p&gt;This method sets the value of an enum reference to null. An enum should never have a null value.
If there is a state where you do not know what the value of an enum should be, than that should be one of the
proper enum value. So add a MyEnum.UNKNOWN or such. This keeps the logic of switch statements, etc, much simpler.</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='ENMI_ONE_ENUM_VALUE' priority='MAJOR'>
<name>Correctness - Enum class only declares one enum value</name>
<configKey>ENMI_ONE_ENUM_VALUE</configKey>
<description>&lt;p&gt;This enum class only declares one value (or perhaps 0!). As such it is pointless, as its value will always be the same thing.
Therefore use of this enum is just bloating the code base. One exception is if you are using a null value as a second value.
This is a mistake, and should be replaced with a second enum value, even if it's NULL, or UNKNOWN, or NON_INTITIALIZED or some other
sentinel value.</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
<rule key='AKI_SUPERFLUOUS_ROUTE_SPECIFICATION' priority='MAJOR'>
<name>Correctness - Method specifies superfluous routes thru route() or concat()</name>
<configKey>AKI_SUPERFLUOUS_ROUTE_SPECIFICATION</configKey>
<description>&lt;p&gt;This method uses the route() or concat() method to build optional routes but only passes 1 route to the method.
This just causes an extra route specification to be created for no reason. Only use route() or concat() when you have more than
one route to combine into one.</description>
<tag>correctness</tag>
<tag>bug</tag>
</rule>
</rules>