当前位置: 首页 > 工具软件 > FindBugs > 使用案例 >

FindBugs Bug Descriptions

糜鸿风
2023-12-01

FindBugs Bug Descriptions

This document lists the standard bug patterns reported byFindBugs version 1.3.9.

Summary

DescriptionCategory
AM: Creates an empty jar file entryBad practice
AM: Creates an empty zip file entryBad practice
BC: Equals method should not assume anything about the type of its argumentBad practice
BC: Random object created and used only onceBad practice
BIT: Check for sign of bitwise operationBad practice
CN: Class implements Cloneable but does not define or use clone methodBad practice
CN: clone method does not call super.clone()Bad practice
CN: Class defines clone() but doesn't implement CloneableBad practice
Co: Abstract class defines covariant compareTo() methodBad practice
Co: Covariant compareTo() method definedBad practice
DE: Method might drop exceptionBad practice
DE: Method might ignore exceptionBad practice
DMI: Don't use removeAll to clear a collectionBad practice
DP: Classloaders should only be created inside doPrivileged blockBad practice
DP: Method invoked that should be only be invoked inside a doPrivileged blockBad practice
Dm: Method invokes System.exit(...)Bad practice
Dm: Method invokes dangerous method runFinalizersOnExitBad practice
ES: Comparison of String parameter using == or !=Bad practice
ES: Comparison of String objects using == or !=Bad practice
Eq: Abstract class defines covariant equals() methodBad practice
Eq: Equals checks for noncompatible operandBad practice
Eq: Class defines compareTo(...) and uses Object.equals()Bad practice
Eq: equals method fails for subtypesBad practice
Eq: Covariant equals() method definedBad practice
FI: Empty finalizer should be deletedBad practice
FI: Explicit invocation of finalizerBad practice
FI: Finalizer nulls fieldsBad practice
FI: Finalizer only nulls fieldsBad practice
FI: Finalizer does not call superclass finalizerBad practice
FI: Finalizer nullifies superclass finalizerBad practice
FI: Finalizer does nothing but call superclass finalizerBad practice
GC: Unchecked type in generic callBad practice
HE: Class defines equals() but not hashCode()Bad practice
HE: Class defines equals() and uses Object.hashCode()Bad practice
HE: Class defines hashCode() but not equals()Bad practice
HE: Class defines hashCode() and uses Object.equals()Bad practice
HE: Class inherits equals() and uses Object.hashCode()Bad practice
IC: Superclass uses subclass during initializationBad practice
IMSE: Dubious catching of IllegalMonitorStateExceptionBad practice
ISC: Needless instantiation of class that only supplies static methodsBad practice
It: Iterator next() method can't throw NoSuchElementExceptionBad practice
J2EE: Store of non serializable object into HttpSessionBad practice
JCIP: Fields of immutable classes should be finalBad practice
NP: Method with Boolean return type returns explicit nullBad practice
NP: Clone method may return nullBad practice
NP: equals() method does not check for null argumentBad practice
NP: toString method may return nullBad practice
Nm: Class names should start with an upper case letterBad practice
Nm: Class is not derived from an Exception, even though it is named as suchBad practice
Nm: Confusing method namesBad practice
Nm: Field names should start with a lower case letterBad practice
Nm: Use of identifier that is a keyword in later versions of JavaBad practice
Nm: Use of identifier that is a keyword in later versions of JavaBad practice
Nm: Method names should start with a lower case letterBad practice
Nm: Class names shouldn't shadow simple name of implemented interfaceBad practice
Nm: Class names shouldn't shadow simple name of superclassBad practice
Nm: Very confusing method names (but perhaps intentional)Bad practice
Nm: Method doesn't override method in superclass due to wrong package for parameterBad practice
ODR: Method may fail to close database resourceBad practice
ODR: Method may fail to close database resource on exceptionBad practice
OS: Method may fail to close streamBad practice
OS: Method may fail to close stream on exceptionBad practice
RC: Suspicious reference comparison to constantBad practice
RC: Suspicious reference comparison of Boolean valuesBad practice
RR: Method ignores results of InputStream.read()Bad practice
RR: Method ignores results of InputStream.skip()Bad practice
RV: Method ignores exceptional return valueBad practice
SI: Static initializer creates instance before all static final fields assignedBad practice
SW: Certain swing methods needs to be invoked in Swing threadBad practice
Se: Non-transient non-serializable instance field in serializable classBad practice
Se: Non-serializable class has a serializable inner classBad practice
Se: Non-serializable value stored into instance field of a serializable classBad practice
Se: Comparator doesn't implement SerializableBad practice
Se: Serializable inner classBad practice
Se: serialVersionUID isn't finalBad practice
Se: serialVersionUID isn't longBad practice
Se: serialVersionUID isn't staticBad practice
Se: Class is Serializable but its superclass doesn't define a void constructorBad practice
Se: Class is Externalizable but doesn't define a void constructorBad practice
Se: The readResolve method must be declared with a return type of Object. Bad practice
Se: Transient field that isn't set by deserialization. Bad practice
SnVI: Class is Serializable, but doesn't define serialVersionUIDBad practice
UI: Usage of GetResource may be unsafe if class is extendedBad practice
BC: Impossible castCorrectness
BC: Impossible downcastCorrectness
BC: Impossible downcast of toArray() resultCorrectness
BC: instanceof will always return falseCorrectness
BIT: Bitwise add of signed byte valueCorrectness
BIT: Incompatible bit masksCorrectness
BIT: Check to see if ((...) & 0) == 0Correctness
BIT: Incompatible bit masksCorrectness
BIT: Bitwise OR of signed byte valueCorrectness
BIT: Check for sign of bitwise operationCorrectness
BOA: Class overrides a method implemented in super class Adapter wronglyCorrectness
BSHIFT: 32 bit int shifted by an amount not in the range 0..31Correctness
Bx: Primitive value is unboxed and coerced for ternary operatorCorrectness
DLS: Dead store of class literalCorrectness
DLS: Overwritten incrementCorrectness
DMI: Bad constant value for monthCorrectness
DMI: hasNext method invokes nextCorrectness
DMI: Collections should not contain themselvesCorrectness
DMI: Invocation of hashCode on an arrayCorrectness
DMI: Double.longBitsToDouble invoked on an intCorrectness
DMI: Vacuous call to collectionsCorrectness
Dm: Can't use reflection to check for presence of annotation without runtime retentionCorrectness
Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutorCorrectness
Dm: Creation of ScheduledThreadPoolExecutor with zero core threadsCorrectness
Dm: Useless/vacuous call to EasyMock methodCorrectness
EC: equals() used to compare array and nonarrayCorrectness
EC: Invocation of equals() on an array, which is equivalent to ==Correctness
EC: equals(...) used to compare incompatible arraysCorrectness
EC: Call to equals() with null argumentCorrectness
EC: Call to equals() comparing unrelated class and interfaceCorrectness
EC: Call to equals() comparing different interface typesCorrectness
EC: Call to equals() comparing different typesCorrectness
EC: Using pointer equality to compare different typesCorrectness
Eq: equals method always returns falseCorrectness
Eq: equals method always returns trueCorrectness
Eq: equals method compares class names rather than class objectsCorrectness
Eq: Covariant equals() method defined for enumCorrectness
Eq: equals() method defined that doesn't override equals(Object)Correctness
Eq: equals() method defined that doesn't override Object.equals(Object)Correctness
Eq: equals method overrides equals in superclass and may not be symmetricCorrectness
Eq: Covariant equals() method defined, Object.equals(Object) inheritedCorrectness
FE: Doomed test for equality to NaNCorrectness
FS: Format string placeholder incompatible with passed argumentCorrectness
FS: The type of a supplied argument doesn't match format specifierCorrectness
FS: MessageFormat supplied where printf style format expectedCorrectness
FS: More arguments are passed than are actually used in the format stringCorrectness
FS: Illegal format stringCorrectness
FS: Format string references missing argumentCorrectness
FS: No previous argument for format stringCorrectness
GC: No relationship between generic parameter and method argumentCorrectness
HE: Signature declares use of unhashable class in hashed constructCorrectness
HE: Use of class without a hashCode() method in a hashed data structureCorrectness
ICAST: integral value cast to double and then passed to Math.ceilCorrectness
ICAST: int value cast to float and then passed to Math.roundCorrectness
IJU: JUnit assertion in run method will not be noticed by JUnitCorrectness
IJU: TestCase declares a bad suite method Correctness
IJU: TestCase has no testsCorrectness
IJU: TestCase defines setUp that doesn't call super.setUp()Correctness
IJU: TestCase implements a non-static suite method Correctness
IJU: TestCase defines tearDown that doesn't call super.tearDown()Correctness
IL: A collection is added to itselfCorrectness
IL: An apparent infinite loopCorrectness
IL: An apparent infinite recursive loopCorrectness
IM: Integer multiply of result of integer remainderCorrectness
INT: Bad comparison of nonnegative value with negative constantCorrectness
INT: Bad comparison of signed byteCorrectness
IO: Doomed attempt to append to an object output streamCorrectness
IP: A parameter is dead upon entry to a method but overwrittenCorrectness
MF: Class defines field that masks a superclass fieldCorrectness
MF: Method defines a variable that obscures a fieldCorrectness
NP: Null pointer dereferenceCorrectness
NP: Null pointer dereference in method on exception pathCorrectness
NP: Method does not check for null argumentCorrectness
NP: close() invoked on a value that is always nullCorrectness
NP: Null value is guaranteed to be dereferencedCorrectness
NP: Value is null and guaranteed to be dereferenced on exception pathCorrectness
NP: Method call passes null to a nonnull parameter Correctness
NP: Method may return null, but is declared @NonNullCorrectness
NP: A known null value is checked to see if it is an instance of a typeCorrectness
NP: Possible null pointer dereferenceCorrectness
NP: Possible null pointer dereference in method on exception pathCorrectness
NP: Method call passes null for nonnull parameterCorrectness
NP: Method call passes null for nonnull parameterCorrectness
NP: Non-virtual method call passes null for nonnull parameterCorrectness
NP: Store of null value into field annotated NonNullCorrectness
NP: Read of unwritten fieldCorrectness
Nm: Class defines equal(Object); should it be equals(Object)?Correctness
Nm: Class defines hashcode(); should it be hashCode()?Correctness
Nm: Class defines tostring(); should it be toString()?Correctness
Nm: Apparent method/constructor confusionCorrectness
Nm: Very confusing method namesCorrectness
Nm: Method doesn't override method in superclass due to wrong package for parameterCorrectness
QBA: Method assigns boolean literal in boolean expressionCorrectness
RC: Suspicious reference comparisonCorrectness
RCN: Nullcheck of value previously dereferencedCorrectness
RE: Invalid syntax for regular expressionCorrectness
RE: File.separator used for regular expressionCorrectness
RE: "." used for regular expressionCorrectness
RV: Random value from 0 to 1 is coerced to the integer 0Correctness
RV: Bad attempt to compute absolute value of signed 32-bit hashcode Correctness
RV: Bad attempt to compute absolute value of signed 32-bit random integerCorrectness
RV: Exception created and dropped rather than thrownCorrectness
RV: Method ignores return valueCorrectness
RpC: Repeated conditional testsCorrectness
SA: Double assignment of fieldCorrectness
SA: Self assignment of fieldCorrectness
SA: Self comparison of field with itselfCorrectness
SA: Nonsensical self computation involving a field (e.g., x & x)Correctness
SA: Self comparison of value with itselfCorrectness
SA: Nonsensical self computation involving a variable (e.g., x & x)Correctness
SF: Dead store due to switch statement fall throughCorrectness
SF: Dead store due to switch statement fall through to throwCorrectness
SIC: Deadly embrace of non-static inner class and thread localCorrectness
SIO: Unnecessary type check done using instanceof operatorCorrectness
SQL: Method attempts to access a prepared statement parameter with index 0Correctness
SQL: Method attempts to access a result set field with index 0Correctness
STI: Unneeded use of currentThread() call, to call interrupted() Correctness
STI: Static Thread.interrupted() method invoked on thread instanceCorrectness
Se: Method must be private in order for serialization to workCorrectness
Se: The readResolve method must not be declared as a static method. Correctness
TQ: Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is requiredCorrectness
TQ: Value that might not carry a type qualifier is always used in a way requires that type qualifierCorrectness
TQ: Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifierCorrectness
TQ: Value annotated as never carrying a type qualifier used where value carrying that qualifier is requiredCorrectness
UMAC: Uncallable method defined in anonymous classCorrectness
UR: Uninitialized read of field in constructorCorrectness
UR: Uninitialized read of field method called from constructor of superclassCorrectness
USELESS_STRING: Invocation of toString on an arrayCorrectness
USELESS_STRING: Invocation of toString on an arrayCorrectness
USELESS_STRING: Array formatted in useless way using format stringCorrectness
UwF: Field only ever set to nullCorrectness
UwF: Unwritten fieldCorrectness
VA: Primitive array passed to function expecting a variable number of object argumentsCorrectness
LG: Potential lost logger changes due to weak reference in OpenJDKExperimental
OBL: Method may fail to clean up stream or resourceExperimental
Dm: Consider using Locale parameterized version of invoked methodInternationalization
EI: May expose internal representation by returning reference to mutable objectMalicious code vulnerability
EI2: May expose internal representation by incorporating reference to mutable objectMalicious code vulnerability
FI: Finalizer should be protected, not publicMalicious code vulnerability
MS: May expose internal static state by storing a mutable object into a static fieldMalicious code vulnerability
MS: Field isn't final and can't be protected from malicious codeMalicious code vulnerability
MS: Public static method may expose internal representation by returning arrayMalicious code vulnerability
MS: Field should be both final and package protectedMalicious code vulnerability
MS: Field is a mutable arrayMalicious code vulnerability
MS: Field is a mutable HashtableMalicious code vulnerability
MS: Field should be moved out of an interface and made package protectedMalicious code vulnerability
MS: Field should be package protectedMalicious code vulnerability
MS: Field isn't final but should beMalicious code vulnerability
DC: Possible double check of fieldMultithreaded correctness
DL: Synchronization on Boolean could lead to deadlockMultithreaded correctness
DL: Synchronization on boxed primitive could lead to deadlockMultithreaded correctness
DL: Synchronization on interned String could lead to deadlockMultithreaded correctness
DL: Synchronization on boxed primitive valuesMultithreaded correctness
Dm: Monitor wait() called on ConditionMultithreaded correctness
Dm: A thread was created using the default empty run methodMultithreaded correctness
ESync: Empty synchronized blockMultithreaded correctness
IS: Inconsistent synchronizationMultithreaded correctness
IS: Field not guarded against concurrent accessMultithreaded correctness
JLM: Synchronization performed on LockMultithreaded correctness
LI: Incorrect lazy initialization of static fieldMultithreaded correctness
LI: Incorrect lazy initialization and update of static fieldMultithreaded correctness
ML: Synchronization on field in futile attempt to guard that fieldMultithreaded correctness
ML: Method synchronizes on an updated fieldMultithreaded correctness
MSF: Mutable servlet fieldMultithreaded correctness
MWN: Mismatched notify()Multithreaded correctness
MWN: Mismatched wait()Multithreaded correctness
NN: Naked notifyMultithreaded correctness
NP: Synchronize and null check on the same field.Multithreaded correctness
No: Using notify() rather than notifyAll()Multithreaded correctness
RS: Class's readObject() method is synchronizedMultithreaded correctness
RV: Return value of putIfAbsent ignored, value passed to putIfAbsent reusedMultithreaded correctness
Ru: Invokes run on a thread (did you mean to start it instead?)Multithreaded correctness
SC: Constructor invokes Thread.start()Multithreaded correctness
SP: Method spins on fieldMultithreaded correctness
STCAL: Call to static CalendarMultithreaded correctness
STCAL: Call to static DateFormatMultithreaded correctness
STCAL: Static CalendarMultithreaded correctness
STCAL: Static DateFormatMultithreaded correctness
SWL: Method calls Thread.sleep() with a lock heldMultithreaded correctness
TLW: Wait with two locks heldMultithreaded correctness
UG: Unsynchronized get method, synchronized set methodMultithreaded correctness
UL: Method does not release lock on all pathsMultithreaded correctness
UL: Method does not release lock on all exception pathsMultithreaded correctness
UW: Unconditional waitMultithreaded correctness
VO: A volatile reference to an array doesn't treat the array elements as volatileMultithreaded correctness
WL: Sychronization on getClass rather than class literalMultithreaded correctness
WS: Class's writeObject() method is synchronized but nothing else isMultithreaded correctness
Wa: Condition.await() not in loop Multithreaded correctness
Wa: Wait not in loop Multithreaded correctness
Bx: Primitive value is boxed and then immediately unboxedPerformance
Bx: Primitive value is boxed then unboxed to perform primitive coercionPerformance
Bx: Method allocates a boxed primitive just to call toStringPerformance
Bx: Method invokes inefficient floating-point Number constructor; use static valueOf insteadPerformance
Bx: Method invokes inefficient Number constructor; use static valueOf insteadPerformance
Dm: The equals and hashCode methods of URL are blockingPerformance
Dm: Maps and sets of URLs can be performance hogsPerformance
Dm: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) insteadPerformance
Dm: Explicit garbage collection; extremely dubious except in benchmarking codePerformance
Dm: Method allocates an object, only to get the class objectPerformance
Dm: Use the nextInt method of Random rather than nextDouble to generate a random integerPerformance
Dm: Method invokes inefficient new String(String) constructorPerformance
Dm: Method invokes toString() method on a StringPerformance
Dm: Method invokes inefficient new String() constructorPerformance
HSC: Huge string constants is duplicated across multiple class filesPerformance
ITA: Method uses toArray() with zero-length array argumentPerformance
SBSC: Method concatenates strings using + in a loopPerformance
SIC: Should be a static inner classPerformance
SIC: Could be refactored into a named static inner classPerformance
SIC: Could be refactored into a static inner classPerformance
SS: Unread field: should this field be static?Performance
UM: Method calls static Math class method on a constant valuePerformance
UPM: Private method is never calledPerformance
UrF: Unread fieldPerformance
UuF: Unused fieldPerformance
WMI: Inefficient use of keySet iterator instead of entrySet iteratorPerformance
Dm: Hardcoded constant database passwordSecurity
Dm: Empty database passwordSecurity
HRS: HTTP cookie formed from untrusted inputSecurity
HRS: HTTP Response splitting vulnerabilitySecurity
SQL: Nonconstant string passed to execute method on an SQL statementSecurity
SQL: A prepared statement is generated from a nonconstant StringSecurity
XSS: JSP reflected cross site scripting vulnerabilitySecurity
XSS: Servlet reflected cross site scripting vulnerabilitySecurity
XSS: Servlet reflected cross site scripting vulnerabilitySecurity
BC: Questionable cast to abstract collection Dodgy
BC: Questionable cast to concrete collectionDodgy
BC: Unchecked/unconfirmed castDodgy
BC: instanceof will always return trueDodgy
BSHIFT: Unsigned right shift cast to short/byteDodgy
CI: Class is final but declares protected fieldDodgy
DB: Method uses the same code for two branchesDodgy
DB: Method uses the same code for two switch clausesDodgy
DLS: Dead store to local variableDodgy
DLS: Useless assignment in return statementDodgy
DLS: Dead store of null to local variableDodgy
DMI: Code contains a hard coded reference to an absolute pathnameDodgy
DMI: Non serializable object written to ObjectOutputDodgy
DMI: Invocation of substring(0), which returns the original valueDodgy
Dm: Thread passed where Runnable expectedDodgy
Eq: Class doesn't override equals in superclassDodgy
Eq: Unusual equals method Dodgy
FE: Test for floating point equalityDodgy
FS: Non-Boolean argument formatted using %b format specifierDodgy
IA: Ambiguous invocation of either an inherited or outer methodDodgy
IC: Initialization circularityDodgy
ICAST: integral division result cast to double or floatDodgy
ICAST: Result of integer multiplication cast to longDodgy
IM: Computation of average could overflowDodgy
IM: Check for oddness that won't work for negative numbers Dodgy
INT: Integer remainder modulo 1Dodgy
INT: Vacuous comparison of integer valueDodgy
MTIA: Class extends Servlet class and uses instance variablesDodgy
MTIA: Class extends Struts Action class and uses instance variablesDodgy
NP: Dereference of the result of readLine() without nullcheckDodgy
NP: Immediate dereference of the result of readLine()Dodgy
NP: Load of known null valueDodgy
NP: Possible null pointer dereference due to return value of called methodDodgy
NP: Possible null pointer dereference on path that might be infeasibleDodgy
NP: Parameter must be nonnull but is marked as nullableDodgy
NS: Potentially dangerous use of non-short-circuit logicDodgy
NS: Questionable use of non-short-circuit logicDodgy
PZLA: Consider returning a zero length array rather than nullDodgy
QF: Complicated, subtle or wrong increment in for-loop Dodgy
RCN: Redundant comparison of non-null value to nullDodgy
RCN: Redundant comparison of two null valuesDodgy
RCN: Redundant nullcheck of value known to be non-nullDodgy
RCN: Redundant nullcheck of value known to be nullDodgy
REC: Exception is caught when Exception is not thrownDodgy
RI: Class implements same interface as superclassDodgy
RV: Method checks to see if result of String.indexOf is positiveDodgy
RV: Method discards result of readLine after checking if it is nonnullDodgy
RV: Remainder of hashCode could be negativeDodgy
RV: Remainder of 32-bit signed random integerDodgy
SA: Double assignment of local variable Dodgy
SA: Self assignment of local variableDodgy
SF: Switch statement found where one case falls through to the next caseDodgy
SF: Switch statement found where default case is missingDodgy
ST: Write to static field from instance methodDodgy
Se: private readResolve method not inherited by subclassesDodgy
Se: Transient field of class that isn't Serializable. Dodgy
TQ: Explicit annotation inconsistent with useDodgy
TQ: Explicit annotation inconsistent with useDodgy
UCF: Useless control flowDodgy
UCF: Useless control flow to next lineDodgy
UwF: Field not initialized in constructorDodgy
XFB: Method directly allocates a specific implementation of xml interfacesDodgy



 类似资料:

相关阅读

相关文章

相关问答