1.什么是findbug?
FindBugs 是一个静态分析工具,它检查类或者 JAR 文件,将字节码与一组缺陷模式进行对比以发现可能的问题。有了静态分析工具,就可以在不实际运行程序的情况对软件进行分析。不是通过分析类文件的形式或结构来确定程序的意图,而是通常使用 Visitor 模式来鉴别代码是否符合一些固定的规范。
2.代码工程
实验目的
通过findbug发现程序中存在的问题
pom.xml
通过mvn package执行findbug check命令
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><parent><artifactId>springboot-demo</artifactId><groupId>com.et</groupId><version>1.0-SNAPSHOT</version></parent><modelVersion>4.0.0</modelVersion><artifactId>findbug</artifactId><properties><maven.compiler.source>8</maven.compiler.source><maven.compiler.target>8</maven.compiler.target></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-autoconfigure</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency></dependencies><build><!-- findbugs插件 --><plugins><plugin><groupId>org.codehaus.mojo</groupId><artifactId>findbugs-maven-plugin</artifactId><version>3.0.5</version><configuration><!-- 设置分析工作的等级,可以为Min、Default和Max --><effort>Low</effort><!-- Low、Medium和High (Low最严格) High只扫描严重错误。建议用Medium--><threshold>Medium</threshold><failOnError>true</failOnError><includeTests>true</includeTests><!--findbugs需要忽略的错误的配置文件--><excludeFilterFile>conf/findbugs-exclude-filter.xml</excludeFilterFile></configuration><executions><execution><id>run-findbugs</id><!-- 在package(也可设为compile) 阶段触发执行findbugs检查,比如执行 mvn clean package --><phase>package</phase><goals><goal>check</goal></goals></execution></executions></plugin></plugins>
</build></project>
模拟错误
package com.et.findbug;/*** @author liuhaihua* @version 1.0* @ClassName MockError* @Description todo* @date 2024/06/25/ 17:30*/public class MockError {private static String dbrBO;public final void refresh() {dbrBO = null;}
}
忽略检测
<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter><Match><Class name="com.et.findbug.MockError" /></Match><Match><Package name="com.et.findbug.controller" /></Match><Match><Class name="com.et.findbug.controller" /><Method name="showHelloWorld"></Method></Match><Match><!--装箱后拆箱紧接着装箱,忽略不处理 --><!-- Boxed value is unboxed and then immediately reboxed--><Package name="~.*" /><Bug pattern="BX_UNBOXING_IMMEDIATELY_REBOXED" /></Match></FindBugsFilter>
手工模拟一些错误
package com.et.findbug;import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Random;public class FindBugsDemo {private static final DateFormat yyyyMMdd = new SimpleDateFormat("yyyy-MM-dd");public static String yyyyMMddForMat(Date date) {return yyyyMMdd.format(date);}public static int getRanDom() {return new Random().nextInt();}public static int round(int num) {return Math.round(num);}public static void printMap(Map<?, ?> map) {if (map != null && map.size() > 0) {for (Object key : map.keySet()) {System.out.println("key--->" + key);System.out.println("value--->" + map.get(key));}}}public static String trimString(String str) {str.trim();return str;}@Overridepublic boolean equals(Object obj) {return super.equals(obj);}}
以上只是一些关键代码,所有代码请参见下面代码仓库
代码仓库
- GitHub - Harries/springboot-demo: a simple springboot demo with some components for example: redis,solr,rockmq and so on.
3.测试
执行打包命令
mvn package
返回结果
[INFO]
[INFO] --- findbugs-maven-plugin:3.0.5:check (run-findbugs) @ findbug ---
[INFO] BugInstance size is 3
[INFO] Error size is 0
[INFO] Total bugs: 3
[INFO] Random object created and used only once in com.et.findbug.FindBugsDemo.getRanDom() [com.et.findbug.FindBugsDemo] At FindBugsDemo.java:[line 18] DMI_RANDOM_USED_ONLY_ONCE
[INFO] int value cast to float and then passed to Math.round in com.et.findbug.FindBugsDemo.round(int) [com.et.findbug.FindBugsDemo] At FindBugsDemo.java:[line 22] ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND
[INFO] com.et.findbug.FindBugsDemo.printMap(Map) makes inefficient use of keySet iterator instead of entrySet iterator [com.et.findbug.FindBugsDemo] At FindBugsDemo.java:[line 29] WMI_WRONG_MAP_ITERATOR
[INFO]
To see bug detail using the Findbugs GUI, use the following command "mvn findbugs:gui"
4.引用
- suorceforge 地址:FindBugs™ - Find Bugs in Java Programs
- 官方的文档 :FindBugs™ Manual
- Spring Boot集成findbug快速入门Demo | Harries Blog™