Questions tagged [spotbugs]

SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.

SpotBugs is a program which uses static analysis to look for bugs in Java, Groovy, Kotlin, Scala, JSP and Closure code.

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with the support of its community. It is free software, distributed under the terms of the Lesser GNU Public License.

SpotBugs requires JRE (or JDK) 1.8.0 or later to run. However, it can analyze programs compiled for any version of Java, from 1.0 to 1.9.

165 questions

votes

1 answer

SpotBugs site report inconsistent with spotbugs:gui goal

I have set up SpotBugs to help us adhere to some standards, but I get different results in my generated site compared to SpotBugs user interface. This is my configuration of SpotBugs in my pom file: …

maven spotbugs

asked Feb 04 '19 at 14:02

jokarl

1,913
2
24
52

votes

1 answer

How to encode response to JSON in filter without failing XSS

BELOW IS THE static code analysis report from SpotBugs XSS_SERVLET: Potential XSS in Servlet A potential XSS was found. It could be used to execute unwanted JavaScript in a client's browser. (See references) Vulnerable Code: protected void…

spring spring-mvc security owasp spotbugs

asked Sep 19 '18 at 09:42

Stin

votes

1 answer

Unable to read repository at https://spotbugs.github.io/eclipse/content.xml

I try to install SpotBugs but below error appeared. Unable to read repository at https://spotbugs.github.io/eclipse/content.xml. java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors…

java eclipse eclipse-plugin spotbugs

asked Jun 24 '18 at 12:01

cuttlas

votes

1 answer

SpotBugs "No value has been specified for property 'spotbugsClasspath'"

I want to use the spotbugs in my android project, but it failed with an exception. Run task: gradle->module->other->spotbugs I have this exception: FAILURE: Build failed with an exception. * What went wrong: A problem was found with the…

java android gradle findbugs spotbugs

asked Jun 22 '18 at 12:50

Roman Aymaletdinov

votes

2 answers

Findbug ES_COMPARING_STRINGS_WITH_EQ not triggering if one string is member of parameter object

public static void findbugDoesNotTrigger(List object) { String string2 = "AnyString"; if(object.get(0) == string2) { System.out.println("Does not matter at all"); } } Here I expected either…

java findbugs spotbugs

asked Apr 26 '18 at 00:56

Pulkit Agarwal

votes

0 answers

findbugs linking report to source code

How to link source code files in Findbugs report generated using maven? The requirement is to navigate from the Findbugs HTML report to source code file cross references generated using jxr plugin or to the actual source code files. maven…

java maven static-analysis findbugs spotbugs

asked Mar 14 '18 at 11:48

Kiran Mohan

2,696
6
36
62

votes

0 answers

SpotBugs Eclipse Plugin Logging

I am trying to log details inside of a custom SpotBugs Plugin being executed inside of Eclipse. However, I can't get anything to output to the console. This is what I have: import edu.umd.cs.findbugs.log.ConsoleLogger; import…

java eclipse spotbugs

asked Nov 09 '17 at 03:53

Derek Brown

4,232
4
27
44

votes

1 answer

How to write custom detector for find sec bug plugin?

How to write custom detector for find sec bug plugin ? It will be help full if someone write a sample detector to detect the use of a word. Thanks in advance

findbugs spotbugs find-sec-bugs

asked Jun 23 '16 at 06:28

niraj

-1

votes

3 answers

Share a single instance of LinkedHashMap in Multithreaded environiment

I need to initialize a single instance of LinkedHashMap while starting my SpringBoot application .I tried to initialize the same in the following way @Getter private Map myMap; @Override public void…

java spotbugs

asked Apr 28 '23 at 06:11

neha chawla

-1

votes

1 answer

Is SonarQube sufficient for static code reviews?

My applications are based on Java, Kotlin and React. Besides SonarQube there are other popular tools like: Amazon CodeGuru helps you improve code quality and automate code reviews by scanning and profiling Java and Python applications. CodeGuru…

sonarqube static-analysis checkstyle pmd spotbugs

asked Feb 06 '23 at 15:18

Joseph Salom

-1

votes

1 answer

SpotBugs warning: Inefficient use of keySet iterator instead of entrySet iterator

Existing Code: Map rolePrincipleMap = cnRoleHolder.getRolePrincipalMap(); Iterator cnRoleIterator = rolePrincipleMap.keySet().iterator(); while (cnRoleIterator.hasNext()) { Object…

java iterator spotbugs keyset entryset

asked Aug 05 '21 at 09:25

Tanvi Sharma

-1

votes

1 answer

how to create a custom task using spotbugs to run static code analysis in gradle?

Im trying to create custom spotbugs task to do static code analysis. since its big project. while in execution, gradle throws out some errors and ultimately leading to build failure. My custom task : apply plugin: "com.github.spotbugs-base" task…

java android gradle static-code-analysis spotbugs

asked Jan 07 '21 at 12:07

Vishal VR

-1

votes

1 answer

getEncryptedData(String) invokes inefficient new String(String) constructor - Findbugs

I'm trying to convert byte[] to String.and its working fine. But FindBugs is pointing me a Minor issue in my code snippet. code snippet: //Encrypt the data withe public key. Cipher cipher = Cipher.getInstance(TRASFORMATION); …

android findbugs spotbugs

asked Jul 13 '18 at 08:53

kavie

2,154
4
28
53

-2

votes

1 answer

Spotbugs - Null pointer dereference issue on Optional

I have simple case, but struggle to understand what is wrong, seems that optional is checked, however Spotbugs sees this as null pointer dereference. Tried orElseThrow() as well, same thing. package com.bam; import java.util.HashSet; import…

java null option-type dereference spotbugs

asked May 14 '21 at 18:59

user2842739

Prev 1 2 3

…