使用FindBugs对SpringSide1.0m3进行分析的结果

使用FindBugs对SpringSide1.0m3进行分析的结果

FindBugs是看了ss 论坛上YuLimin的提示，技术活干不了，体力活我来扛

FindBugs ： http://findbugs.sourceforge.net/

这里有两篇介绍用法的文章：

http://dev2dev.bea.com.cn/bbsdoc/20060124186.html

http://www-128.ibm.com/developerworks/cn/java/j-findbug1/index.html

 

结果

找到 bug 总数 50，这里的bug，只是按照FindBugs默认定义的pattern找到的结果，
不一定是真正的bug，例如 DSL中有6个是因为HistoryEventListener尚未完成，

造成的误报，表格后面列出了详细的位置，请大家有时间核对一下。

代码	详细解释	数量
DSL	Dead store to local variable This instruction assigns a value to a local variable, but the value is not read by any  subsequent instruction. Often, this indicates an error, because the value computed is never  used. Note that Sun's javac compiler often generates dead stores for final local variables. Because  FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.	8
DM	Method invokes System.exit(...) Invoking System.exit shuts down the entire Java virtual machine. This should only been done  when it is appropriate. Such calls make it hard or impossible for your code to be invoked by  other code. Consider throwing a RuntimeException instead.	1
EI	Method may expose internal representation by returning reference to mutable object Returning a reference to a mutable object value stored in one of the object's fields exposes  the internal representation of the object. If instances are accessed by untrusted code, and  unc hec ked changes to the mutable object would compromise security or other important  properties, you will need to do something different. Returning a new copy of the object is  better approach in many situations.	5
EI2	Method may expose internal representation by incorporating reference to mutable object This code stores a reference to an externally mutable object into the internal representation  of the object. If instances are accessed by untrusted code, and unc hec ked changes to the  mutable object would compromise security or other important properties, you will need to do  something different. Storing a copy of the object is better approach in many situations.	8
IJU	TestCase implements tearDown but doesn't call super.tearDown() Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call  super.tearDown(), but doesn't.	1
MF	Class defines field that obscures a superclass field This class defines a field with the same name as a visible instance field in a superclass.  This is confusing, and may indicate an error if methods update or access one of the fields  when t hey wanted the other.	5
MS	Field isn't final but should be A mutable static field could be changed by malicious code or by accident from another  package. The field could be made final to avoid this vulnerability.	8
NP	Possible null pointer dereference in method A reference value dereferenced here might be null at runtime. This may lead to a  NullPointerException when the code is executed.	2
ODR	Method may fail to close database resource The method creates a database resource (such as a database connection or row set), does not  assign it to any fields, pass it to other methods, or return it, and does not appear to close  the object on all paths out of the method. Failure to close database resources on all paths  out of a method may result in poor performance, and could cause the application to have  problems communicating with the database.	2
REC	java.lang.Exception is caught when Exception is not thrown This method uses a try-catch block that catches Exception objects, but Exception is not  thrown within the try block, and RuntimeException is not explicitly caught. It is a common  bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching  a number of types of exception each of whose catch blocks is identical, but this construct  also accidentally catches RuntimeException as well, masking potential bugs.	1
SIC	Should be a static inner class This class is an inner class, but does not use its embedded reference to the object which  created it. This reference makes the instances of the class larger, and may keep the  reference to the creator object alive longer than necessary. If possible, the class should be  be made static.	1
SS	Unread field: should this field be static? This class contains an instance final field that is initialized to a compile-time static  value. Consider making the field static.	3
UI	Usage of GetResource may be unsafe if class is extended Calling this.getClass().getResource(...) could give results other than expected if this class  is extended by a class in another package.	2
UrF	Unread field This field is never read. Consider removing it from the class.	1
WMI	Inefficient use of keySet iterator instead of entrySet iterator This method accesses the value of a Map entry, using a key that was retrieved from a keySet  iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the  Map.get(key) lookup.	2
合计		50

附详细列表：

DLS: Dead store to date in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 25     2006 年8 月11 日 11:28:46       29678

 

DLS: Dead store to id in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 18     2006 年8 月11 日 11:28:46       29675

 

DLS: Dead store to limit in method org.springside.plugins.webwork.action.SSActionSupport.prepareECTable(com.bba96.tiger.util.Page)     SSActionSupport.java       springside/springside-core/src/org/springside/plugins/webwork/action       line 64     2006 年8 月11 日 11:28:50  29690

 

DLS: Dead store to loginid in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 24     2006 年8 月11 日 11:28:46       29674

 

DLS: Dead store to newValues in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 29     2006 年8 月11 日 11:28:46       29677

 

DLS: Dead store to session in method org.springside.plugins.security.intercept.support.AuthenticationDetailsSourceHelper.buildDetails(javax.servlet.http.HttpServletRequest)     AuthenticationDetailsSourceHelper.javaspringside/springside-core/src/org/springside/plugins/security/intercept/support       line 19    2006 年8 月11 日 11:28:49  29688

 

DLS: Dead store to type in method org.springside.core.commons.support.audit.HistoryEventListener.onPostUpdate(org.hibernate.event.PostUpdateEvent)       HistoryEventListener.java      springside/springside-core/src/org/springside/core/commons/support/audit       line 19     2006 年8 月11 日 11:28:46       29676

 

DLS: Dead store to v in method org.springside.bookstore.plugins.jms.service.StorageC hec kImpl.asynGetResidual(OrderSerializable,ResultListener)       StorageC hec kImpl.java  springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service     line 29     2006 年8 月11 日 11:28:43       29668

 

Dm: org.springside.bookstore.plugins.jms.service.ActiveMQSecurityAdapter.<init>(boolean) invokes System.exit(...), which shuts down the entire virtual machine     ActiveMQSecurityAdapter.java       springside/springside-bookstore/src/org/springside/bookstore/plugins/jms/service     line 40     2006 年8 月11 日 11:28:42       29667

 

EI: org.springside.bookstore.commons.domain.Order.getOrderDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.orderDate      Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 87     2006 年8 月11 日 11:28:40       29655

 

EI: org.springside.bookstore.commons.domain.Order.getShipDate() may expose internal representation by returning org.springside.bookstore.commons.domain.Order.shipDateOrder.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 1320 06 年 8 月 11 日 11:28:40       29657

 

EI: org.springside.bookstore.commons.domain.Product.getCreateTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.createTimeProduct.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 130   2006 年8 月11 日 11:28:40       29659

 

EI: org.springside.bookstore.commons.domain.Product.getModifyTime() may expose internal representation by returning org.springside.bookstore.commons.domain.Product.modifyTime      Product.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 138   2006 年8 月11 日 11:28:40       29661

 

EI: org.springside.plugins.security.resourcedetails.Resource.getAuthorities() may expose internal representation by returning org.springside.plugins.security.resourcedetails.Resource.authorities   Resource.java       springside/springside-core/src/org/springside/plugins/security/resourcedetails   line 65     2006 年8 月11 日 11:28:50  29689

 

EI2: org.springside.bookstore.commons.domain.Order.setOrderDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.orderDate      Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 92006 年 8 月 11 日 11:28:40  29656

 

EI2: org.springside.bookstore.commons.domain.Order.setShipDate(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Order.shipDate       Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 135   2006 年8 月11 日 11:28:40       29658

 

EI2: org.springside.bookstore.commons.domain.Product.setCreateTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.createTime   Product.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 134   2006 年8 月11 日 11:28:40       29660

 

EI2: org.springside.bookstore.commons.domain.Product.setModifyTime(java.util.Date) may expose internal representation by storing an externally mutable object into org.springside.bookstore.commons.domain.Product.modifyTime  Product.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 142   2006 年8 月11 日 11:28:40       29662

 

EI2: org.springside.core.commons.BusinessException.<init>(String,String[],Throwable) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs      BusinessException.java       springside/springside-core/src/org/springside/core/commons     line 62006 年 8 月 11 日 11:28:46  29672

 

EI2: org.springside.core.commons.BusinessException.<init>(String,String[]) may expose internal representation by storing an externally mutable object into org.springside.core.commons.BusinessException.errorArgs       BusinessException.java       springside/springside-core/src/org/springside/core/commons     line 50     2006 年8 月11 日 11:28:46  29671

 

EI2: org.springside.plugins.aopcache.F lus hingInterceptor.setCacheKeys(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.aopcache.F lus hingInterceptor.cacheKeysF lus hingInterceptor.java       springside/springside-core/src/org/springside/plugins/aopcache  line 32     2006 年8 月11 日 11:28:48  29680

 

EI2: org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.setRuleFiles(String[]) may expose internal representation by storing an externally mutable object into org.springside.plugins.jbossrules.support.AbstractFileRuleBaseLoader.ruleFiles       AbstractFileRuleBaseLoader.java   springside/springside-core/src/org/springside/plugins/jbossrules/support    line 39     2006 年8 月11 日 11:28:48       29681

 

IJU: TestCase org.springside.core.test.BaseXFireTest implements tearDown but doesn't call super.tearDown()       BaseXFireTest.javaspringside/springside-core/src/org/springside/core/test       line 37     2006 年8 月11 日 11:28:47  29679

 

MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar   springside/lib/core         2006 年8 月11 日 11:08:12       29618

 

MF: Class org.springside.core.commons.AbstractHibernateDao defines field that obscures superclass field org.springframework.dao.support.DaoSupport.loggerspring-2.0-rc2.jar   springside/lib/core         2006 年8 月11 日 11:28:45       29670

 

MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.defaultAclObjectIdentityClass   AbstractBasicAclCreator.java       springside/springside-core/src/org/springside/plugins/security/acl/creator         2006 年8 月11 日 11:28:49  29687

 

MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processDomainObjectClass      AbstractBasicAclCreator.java       springside/springside-core/src/org/springside/plugins/security/acl/creator         2006 年8 月11 日 11:28:49  29685

 

MF: Class org.springside.plugins.security.acl.creator.SimpleAclCreator defines field that obscures superclass field org.springside.plugins.security.acl.creator.AbstractBasicAclCreator.processReturnedObjectClass    AbstractBasicAclCreator.java       springside/springside-core/src/org/springside/plugins/security/acl/creator         2006 年8 月11 日 11:28:49  29686

 

MS: org.springside.bookstore.admin.exception.OrderException.LACK_INVENTORY isn't final but should beOrderException.java       springside/springside-bookstore/src/org/springside/bookstore/admin/exception  line 16     2006 年8 月11 日 11:28:50  29691

 

MS: org.springside.bookstore.commons.domain.Order.statusEnum isn't final but should be     Order.java       springside/springside-bookstore/src/org/springside/bookstore/commons/domain       line 22006 年 8 月 11 日 11:28:50  29692

 

MS: org.springside.bookstore.commons.web.support.HsqlListener.logger isn't final but should be   HsqlListener.java       springside/springside-bookstore/src/org/springside/bookstore/commons/web/support      line 27     2006 年8 月11 日 11:28:50       29693

 

MS: org.springside.core.commons.BaseHibernateDao.COUNT_MODE isn't final but should be      BaseHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 30     2006 年8 月11 日 11:28:50  29694

 

MS: org.springside.core.commons.BaseHibernateDao.LIST_MODE isn't final but should be    BaseHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 32     2006 年8 月11 日 11:28:50  29696

 

MS: org.springside.core.commons.BaseHibernateDao.SCROLL_MODE isn't final but should be     BaseHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 32006 年 8 月 11 日 11:28:50  29695

 

MS: org.springside.core.commons.ConfigurableConstants.logger isn't final but should beConfigurableConstants.java       springside/springside-core/src/org/springside/core/commons     line 29     2006 年8 月11 日 11:28:50  29697

 

MS: org.springside.core.commons.ConfigurableConstants.p isn't final but should beConfigurableConstants.java       springside/springside-core/src/org/springside/core/commons     line 30     2006 年8 月11 日 11:28:50  29698

 

NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)       SimpleAclCreator.java    springside/springside-core/src/org/springside/plugins/security/acl/creator  line 103   2006 年8 月11 日 11:28:49  29683

 

NP: Possible null pointer dereference in org.springside.plugins.security.acl.creator.SimpleAclCreator.supports(Object,Object)       SimpleAclCreator.java    springside/springside-core/src/org/springside/plugins/security/acl/creator  line 105   2006 年8 月11 日 11:28:49  29684

 

ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource  HsqlListener.java    springside/springside-bookstore/src/org/springside/bookstore/commons/web/support       line 125   2006 年8 月11 日 11:28:429664

 

ODR: org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) may fail to close database resource  HsqlListener.java    springside/springside-bookstore/src/org/springside/bookstore/commons/web/support       line 127   2006 年8 月11 日 11:28:429665

 

REC: Method org.springside.bookstore.commons.web.support.HsqlListener.contextDestroyed(javax.servlet.ServletContextEvent) catches Exception, but Exception is not thrown in the try block and RuntimeException is not explicitly caught      HsqlListener.java       springside/springside-bookstore/src/org/springside/bookstore/commons/web/support      line 129   2006 年8 月11 日 11:28:429666

 

SIC: Should org.springside.core.utils.BeanUtilsTest$TestChildBean be a _static_ inner class?   BeanUtilsTest.java       springside/springside-core/test/unit/org/springside/core/utils       line 37     2006 年8 月11 日 11:28:50  29700

 

SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialCreateSuccessResult; should this field be static?     SSModelActionSupport.java  springside/springside-core/src/org/springside/plugins/webwork/action              2006 年8 月11 日 11:28:50       29701

 

SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialRemoveSuccessResult; should this field be static?     SSModelActionSupport.java  springside/springside-core/src/org/springside/plugins/webwork/action              2006 年8 月11 日 11:28:50       29702

 

SS: Unread field: org.springside.plugins.webwork.action.SSModelActionSupport.specialUpdateSuccessResult; should this field be static?     SSModelActionSupport.java  springside/springside-core/src/org/springside/plugins/webwork/action              2006 年8 月11 日 11:28:50       29703

 

UI: Usage of GetResource in org.springside.bookstore.commons.web.support.HsqlListener.contextInitialized(javax.servlet.ServletContextEvent) may be unsafe if class is extended    HsqlListener.java    springside/springside-bookstore/src/org/springside/bookstore/commons/web/support      line 72    2006 年8 月11 日 11:28:429663

 

UI: Usage of GetResource in org.springside.plugins.jbossrules.support.DSLRuleBaseLoader.buildRuleBase() may be unsafe if class is extended  DSLRuleBaseLoader.java       springside/springside-core/src/org/springside/plugins/jbossrules/support    line 32     2006 年8 月11 日 11:28:48       29682

 

UrF: Unread field: org.springside.TestBean.private_name     TestBean.java  springside/springside-core/test/unit/org/springside              2006 年8 月11 日 11:28:50  29699

 

WMI: Method org.springside.core.commons.AbstractHibernateDao$1.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iteratorAbstractHibernateDao.java       springside/springside-core/src/org/springside/core/commons     line 148   2006 年8 月11 日 11:28:45  29669

 

WMI: Method org.springside.core.commons.support.CriteriaSetup.setup(org.hibernate.Criteria,java.util.Map) makes inefficient use of keySet iterator instead of entrySet iterator       CriteriaSetup.java       springside/springside-core/src/org/springside/core/commons/supportline 18     2006 年8 月11 日 11:28:46  29673