`
knight_black_bob
  • 浏览: 853296 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

findbugs 常见问题 及解决方案

阅读更多

 

 

 

Bad practice 坏的实践

一些不好的实践,下面列举几个: HE类定义了equals(),却没有hashCode();或类定义了equals(),却使用Object.hashCode();或类定义了hashCode(),却没有equals();或类定义了hashCode(),却使用Object.equals();类继承了equals(),却使用Object.hashCode() 
SQL
Statement execute方法调用了非常量的字符串;或Prepared Statement是由一个非常量的字符串产生。 
DE
方法终止或不处理异常,一般情况下,异常应该被处理或报告,或被方法抛出。 
Malicious code vulnerability
可能受到的恶意攻击

如果代码公开,可能受到恶意攻击的代码,下面列举几个: FI一个类的finalize()应该是protected,而不是public的。 MS:属性是可变的数组;属性是可变的Hashtable;属性应该是package protected的。

Correctness 一般的正确性问题

可能导致错误的代码,下面列举几个: NP空指针被引用;在方法的异常路径里,空指针被引用;方法没有检查参数是否nullnull值产生并被引用;null值产生并在方法的异常路径被引用;传给方法一个声明为@NonNullnull参数;方法的返回值声明为@NonNull实际是null Nm类定义了hashcode()方法,但实际上并未覆盖父类ObjecthashCode();类定义了tostring()方法,但实际上并未覆盖父类ObjecttoString();很明显的方法和构造器混淆;方法名容易混淆。 SQL:方法尝试访问一个Prepared Statement0索引;方法尝试访问一个ResultSet0索引。 UwF:所有的write都把属性置成null,这样所有的读取都是null,这样这个属性是否有必要存在;或属性从没有被write

Dodgy 危险的

具有潜在危险的代码,可能运行期产生错误,下面列举几个: CI类声明为final但声明了protected的属性。 DLS:对一个本地变量赋值,但却没有读取该本地变量;本地变量赋值成null,却没有读取该本地变量。 ICAST整型数字相乘结果转化为长整型数字,应该将整型先转化为长整型数字再相乘。 INT:没必要的整型数字比较,如X <= Integer.MAX_VALUE NPreadline()的直接引用,而没有判断是否null;对方法调用的直接引用,而方法可能返回null REC:直接捕获Exception,而实际上可能是RuntimeException ST从实例方法里直接修改类变量,即static属性。

Performance 性能问题

可能导致性能不佳的代码,下面列举几个: DM:方法调用了低效的Boolean的构造器,而应该用Boolean.valueOf(…);用类似Integer.toString(1) 代替new Integer(1).toString();方法调用了低效的float的构造器,应该用静态的valueOf方法。 SIC:如果一个内部类想在更广泛的地方被引用,它应该声明为static SS如果一个实例属性不被读取,考虑声明为static UrF:如果一个属性从没有被read,考虑从类中去掉。 UuF:如果一个属性从没有被使用,考虑从类中去掉。

Multithreaded correctness 多线程的正确性多线程编程时,可能导致错误的代码,下面列举几个:

ESync:空的同步块,很难被正确使用。 MWN:错误使用notify(),可能导致IllegalMonitorStateException异常;或错误的使用wait() No使用notify()而不是notifyAll(),只是唤醒一个线程而不是所有等待的线程。 SC构造器调用了Thread.start(),当该类被继承可能会导致错误。

Internationalization 国际化当对字符串使用upperlowercase方法,如果是国际的字符串,可能会不恰当的转换。

 

 

 

High

1.DM_DEFAULT_ENCODING

 

1.1 Found reliance on default encoding in com.cmcc.aoi.httprequest.service.HttpRequest.sendGet(String, String): new java.io.InputStreamReader(InputStream)

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

 

new BufferedReader(new InputStreamReader(connection.getInputStream()));

 

修改为: InputStreamReader fileData = new InputStreamReader(file ,"utf-8");

 

 

 

1.2 Found reliance on default encoding in com.cmcc.aoi.httprequest.service.HttpRequest.sendPost(String, JSONObject): new java.io.PrintWriter(OutputStream)

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

 

out = new PrintWriter(conn.getOutputStream());

 

修改为: out = new PrintWriter(new OutputStreamWriter(conn.getOutputStream(), "utf-8"));

 

 

 

1.3 Found reliance on default encoding in com.cmcc.aoi.selfhelp.action.DeliverWebRequestAction.calculateUserCount(HttpServletRequest): String.getBytes()

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

fileName = new String(req.getParameter("fileName").getBytes(), "UTF-8");

修改为

fileName = new String(req.getParameter("fileName").getBytes("UTF-8"), "UTF-8");

 

 

1.4Found reliance on default encoding in com.cmcc.aoi.selfhelp.action.servlet.AoeRegAction.report(HttpServletRequest, HttpServletResponse): java.io.ByteArrayOutputStream.toString()

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

logger.info("RECV STR: " + baos.toString());

修改为

logger.info("RECV STR: " + baos.toString("utf-8"));

 

 

1.5 Found reliance on default encoding in com.cmcc.aoi.selfhelp.action.servlet.AoeUploadLogAction.report(HttpServletRequest, HttpServletResponse): new java.io.FileWriter(File)

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

new FileWriter(f).append(baos.toString("UTF-8")).close();

修改

BufferedWriter out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f, true))); 

out.write(baos.toString("UTF-8")); 

out.close();

 

BufferedWriter bw= new BufferedWriter( new OutputStreamWriter(new FileOutputStream(filePath, true), "utf-8"));

 

 

1.6 Found reliance on default encoding in new com.cmcc.aoi.util.TokenZipFileUtil(String): new java.io.FileReader(String)

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

FileReader in = new FileReader(file);

改为

BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(file), "UTF-8")); 

       

2.MS_SHOULD_BE_FINAL

 

com.cmcc.aoi.selfhelp.action.DeliverWebRequestAction.logger isn't final but should be

This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

 

protected static   Logger logger = LoggerFactory.getLogger(DeliverWebRequestAction.class);

修改为 protected static final Logger logger = LoggerFactory.getLogger(DeliverWebRequestAction.class);

 

 

 

 

3.DLS_DEAD_LOCAL_STORE

 

Dead store to s in com.cmcc.aoi.selfhelp.action.DeliverWebRequestAction.textSend(WebSendTextForm, HttpServletRequest)

This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

ShopMappingDeliver shopMappingDeliver = null;

删除即可

 

4.ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD

Write to static field com.cmcc.aoi.selfhelp.action.MultipleMediaAoeAction.linkRoot from instance method com.cmcc.aoi.selfhelp.action.MultipleMediaAoeAction.afterPropertiesSet()

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

linkRoot = sysConfigService.getDomainName() + "/";

修改改为:

publicstatic String getLinkRoot() {

        returnlinkRoot;

    }

 

    publicstaticvoid setLinkRoot(String linkRoot) {

        MultipleMediaAoeAction.linkRoot = linkRoot;

    }

   MultipleMediaAoeAction.setLinkRoot(sysConfigService.getDomainName() + "/");

 

 

5. J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION

Store of non serializable com.cmcc.aoi.selfhelp.action.UploadFileAction$FileUploadStatus into HttpSession in new com.cmcc.aoi.selfhelp.action.UploadFileAction$MyProgressListener(UploadFileAction, HttpServletRequest)

This code seems to be storing a non-serializable object into an HttpSession. If this session is passivated or migrated, an error will result.

修改为 FileUploadStatus implements Serializable

 

 

6.  RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

Redundant nullcheck of rtr, which is known to be non-null in com.cmcc.aoi.selfhelp.action.servlet.AoeReportApplistAction.device(HttpServletRequest, HttpServletResponse)

This method contains a redundant check of a known non-null value against the constant null.

if (rtr != null) {

            Writer writer;

            try {

                writer = response.getWriter();

                if (rtr != null) {

                    try {

 

                        String s = JSONUtil.objToJson(rtr);

                        if (LOGGER.isDebugEnabled()) {

                            LOGGER.debug("SEND STR: " + s);

                        }

                        writer.write(s);

                        writer.flush();

                    } catch (IOException e) {

                        LOGGER.warn("", e);

                        if (writer != null) {

                            try {

                                writer.write(JSONUtil.objToJson(rtr));

                            } catch (IOException e1) {

                                LOGGER.warn("", e1);

                            }

                        }

                    }

                } else {

                    response.getWriter().write("{\"errorCode\":401}");

                }

            } catch (IOException e2) {

                LOGGER.warn("", e2);

            }

        }

修改为

if (rtr != null) {

            Writer writer;

            try {

                writer = response.getWriter();

                try {

 

                    String s = JSONUtil.objToJson(rtr);

                    if (LOGGER.isDebugEnabled()) {

                        LOGGER.debug("SEND STR: " + s);

                    }

                    writer.write(s);

                    writer.flush();

                } catch (IOException e) {

                    LOGGER.warn("", e);

                    if (writer != null) {

                        try {

                            writer.write(JSONUtil.objToJson(rtr));

                        } catch (IOException e1) {

                            LOGGER.warn("", e1);

                        }

                    }

                }

 

            } catch (IOException e2) {

                LOGGER.warn("", e2);

            }

        } else {

            response.getWriter().write("{\"errorCode\":401}");

        }

 

7. RU_INVOKE_RUN

com.cmcc.aoi.selfhelp.action.servlet.UploadTokensAction$TokenFileThread.run() explicitly invokes run on a thread (did you mean to start it instead?)

This method explicitly invokes run() on an object.  In general, classes implement the Runnable interface because they are going to have their run() method invoked in a new thread, in which case Thread.start() is the right method to call.

 

ti.run();

修改为:

ti.start();

try {

    ti.join();

} catch (InterruptedException e) {

     e.printStackTrace();

}

 

 

8. NM_SAME_SIMPLE_NAME_AS_SUPERCLASS

The class name com.cmcc.aoi.selfhelp.dao.BaseDao shadows the simple name of the superclass org.slave4j.orm.hibernate.BaseDao

This class has a simple name that is identical to that of its superclass, except that its superclass is in a different package (e.g., alpha.Foo extends beta.Foo). This can be exceptionally confusing, create lots of situations in which you have to look at import statements to resolve references and creates many opportunities to accidentally define methods that do not override methods in their superclasses

com.cmcc.aoi.selfhelp.dao.BaseDao

修改为

com.cmcc.aoi.selfhelp.dao.BasisDao

 

9. SE_BAD_FIELD_INNER_CLASS

com.cmcc.aoi.selfhelp.action.UploadFileAction$FileUploadStatus is serializable but also an inner class of a non-serializable class

This Serializable class is an inner class of a non-serializable class. Thus, attempts to serialize it will also attempt to associate instance of the outer class with which it is associated, leading to a runtime error.

If possible, making the inner class a static inner class should solve the problem. Making the outer class serializable might also work, but that would mean serializing an instance of the inner class would always also serialize the instance of the outer class, which it often not what you really want.

修改外部类

UploadFileAction extends BaseAction implements Serializable

 

 

10. DM_BOXED_PRIMITIVE_FOR_PARSING

Boxing/unboxing to parse a primitive com.cmcc.aoi.selfhelp.dao.StatAppEveryHourDao.findWeekList(String)

A boxed primitive is created from a String, just to extract the unboxed primitive value. It is more efficient to just call the static parseXXX method.

statAppEveryHour.setNewnumber(Integer.valueOf(String.valueOf(objects[2])));                statAppEveryHour.setAccnumber(Integer.valueOf(String.valueOf(objects[3])));

修改为

statAppEveryHour.setStattime(sdf.parse(String.valueOf(objects[1])));

                    statAppEveryHour

                            .setNewnumber(Integer.parseInt(String.valueOf(objects[2]) != null

                                    && !"".equals(String.valueOf(objects[2]))

                                            ? String.valueOf(objects[2]) : "0"));

                    statAppEveryHour

                            .setAccnumber(Integer.parseInt(String.valueOf(objects[3]) != null

                                    && !"".equals(String.valueOf(objects[3]))

                                            ? String.valueOf(objects[3]) : "0"));

 

 

 

 

 

 

 

 

 

Normal

1.SBSC_USE_STRINGBUFFER_CONCATENATION

com.cmcc.aoi.httprequest.service.HttpRequest.sendGet(String, String) concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad

  String s = "";

  for (int i = 0; i < field.length; ++i) {

    s = s + field[i];

  }

 

  // This is better

  StringBuffer buf = new StringBuffer();

  for (int i = 0; i < field.length; ++i) {

    buf.append(field[i]);

  }

  String s = buf.toString();

 

2. WMI_WRONG_MAP_ITERATOR

for (String key : map.keySet()) {

                System.out.println(key + "--->" + map.get(key));

}

改为

for (  Map.Entry<String, List<String>> entry : map.entrySet()) {

                System.out.println(entry.getKey() + "--->" + entry.getValue());

            }

 

3.  EI_EXPOSE_REP

com.cmcc.aoi.selfhelp.entity.Activation.getValidUntil() may expose internal representation by returning Activation.validUntil

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

 

 

    public Date getValidUntil() {

        returnvalidUntil;

}

 

修改为

public Date getValidUntil() {

        if(validUntil == null) {

            returnnull;

        }

        return (Date) validUntil.clone();

}

 

4. EI_EXPOSE_REP2

com.cmcc.aoi.selfhelp.entity.Activation.setValidUntil(Date) may expose internal representation by storing an externally mutable object into Activation.validUntil

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

 

publicvoid setValidUntil(Date validUntil) {

this.validUntil = validUntil;

}

修改为

publicvoid setValidUntil(Date validUntil) {

        if(validUntil == null) {

            this.validUntil = null;

        }else {

            this.validUntil = (Date) validUntil.clone();

        }

    }

 

 

5. BC_VACUOUS_INSTANCEOF

instanceof will always return true for all non-null values in com.cmcc.aoi.selfhelp.entity.AppType.compareTo(AppType), since all com.cmcc.aoi.selfhelp.entity.AppType are instances of com.cmcc.aoi.selfhelp.entity.AppType

This instanceof test will always return true (unless the value being tested is null). Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error. If you really want to test the value for being null, perhaps it would be clearer to do better to do a null test rather than an instanceof test.

 

6. MS_MUTABLE_ARRAY

com.cmcc.aoi.selfhelp.entity.DeviceType.CURRENTUSEDDEVICES is a mutable array

A final static field references an array and can be accessed by malicious code or by accident from another package. This code can freely modify the contents of the array.

 

public static final int[] CURRENTUSEDDEVICES = new int []{Device.iOS.ordinal()Device.Android.ordinal()Device.WP.ordinal()}

修改为

 Public > protected

 

7. EQ_COMPARETO_USE_OBJECT_EQUALS

com.cmcc.aoi.selfhelp.entity.AppType defines compareTo(AppType) and uses Object.equals()

This class defines a compareTo(...) method but inherits its equals() method from java.lang.Object. Generally, the value of compareTo should return zero if and only if equals returns true. If this is violated, weird and unpredictable failures will occur in classes such as PriorityQueue. In Java 5 the PriorityQueue.remove method uses the compareTo method, while in Java 6 it uses the equals method.

From the JavaDoc for the compareTo method in the Comparable interface:

It is strongly recommended, but not strictly required that (x.compareTo(y)==0) == (x.equals(y)). Generally speaking, any class that implements the Comparable interface and violates this condition should clearly indicate this fact. The recommended language is "Note: this class has a natural ordering that is inconsistent with equals."

 

 

修改

添加 hashcode() equals() 代码即可

 

 

8. BC_VACUOUS_INSTANCEOF

instanceof will always return true for all non-null values in com.cmcc.aoi.selfhelp.entity.AppType.compareTo(AppType), since all com.cmcc.aoi.selfhelp.entity.AppType are instances of com.cmcc.aoi.selfhelp.entity.AppType

This instanceof test will always return true (unless the value being tested is null). Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error. If you really want to test the value for being null, perhaps it would be clearer to do better to do a null test rather than an instanceof test.

  @Override

    publicint compareTo(AppType o) {

        if (oinstanceof AppType) {

            AppType p = (AppType) o;

            returnthis.typeId > p.typeId ? 1 : this.typeId == p.typeId ? 0 : -1;

        }

        return 1;

    }

 

 

修改为

  @Override

    publicint compareTo(AppType o) {

        if (null != o) {

            AppType p  = (AppType) o ;

            returnthis.typeId > p.typeId ? 1 : this.typeId == p.typeId ? 0 : -1;

        }

        return 1;

 

    }

 

9. ME_ENUM_FIELD_SETTER

com.cmcc.aoi.selfhelp.dto.ActivationSituation.setSituation(String) unconditionally sets the field situation

This public method declared in public enum unconditionally sets enum field, thus this field can be changed by malicious code or by accident from another package. Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world. Consider removing this method or declaring it package-private.

 

    publicvoid setCode(String code) {

        this.code = code;

    }

 

修改

 删除该无用代码

 

 

10.  IM_BAD_CHECK_FOR_ODD

Check for oddness that won't work for negative numbers in com.cmcc.aoi.selfhelp.dto.WebSendTextForm.toDeliverWebRequest()

The code uses x % 2 == 1 to check to see if a value is odd, but this won't work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0.

DeliverFactory

                                    .createTextOpenApp(this.msgtype, "", this.content,

                                            this.isRingAndVibrate % 2 == 1,

                                            isRingAndVibrate / 2 >= 1, this.activity)

                                    .toJsonString());

 

修改为

DeliverFactory

                                    .createTextOpenApp(this.msgtype, "", this.content,

                                            this.isRingAndVibrate % 2 != 0,

                                            isRingAndVibrate / 2 >= 1, this.activity)

                                    .toJsonString());

 

 

11. MS_EXPOSE_REP

Public static com.cmcc.aoi.selfhelp.dict.DeviceSupported.getSupportedDevs() may expose internal representation by returning DeviceSupported.DEVS

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. One fix is to return a copy of the array.

public static Device[] getSupportedDevs() {

        return DEVS;

    }

修改为

publicstatic Device[] getSupportedDevs() {

        return DeviceSupported.DEVS.clone();

    }

 

12.URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD

Unread public/protected field: com.cmcc.aoi.selfhelp.dict.OperatorDict.countryCode

This field is never read.  The field is public or protected, so perhaps it is intended to be used with classes not seen as part of the analysis. If not, consider removing it from the class.

publicintcode;

    public String enName;

    public String cnName;

    public String countryCode;

 

    public OperatorDict() {

    }

 

    /**

     *

     * @param code

     *            运营商代码,一般是5

     * @param enName

     *            英文名

     * @param countryCode

     *            国家英文代码

     * @param cnName

     *            中文名

     */

    public OperatorDict(intcode, String enName, String countryCode, String cnName) {

        this.code = code;

        this.enName = enName;

        this.countryCode = countryCode;

        this.cnName = cnName == null ? Integer.toString(code) : cnName;

    }

修改为

Public  - private

 

 

 

 

13. ES_COMPARING_STRINGS_WITH_EQ

Comparison of String objects using == or != in com.cmcc.aoi.selfhelp.entity.Provider.compareTo(Object)

This code compares java.lang.String objects for reference equality using the == or != operators. Unless both strings are either constants in a source file, or have been interned using the String.intern() method, the same string value may be represented by two different String objects. Consider using the equals(Object) method instead.

 

return this.spid.compareTo(p.spid) > this.spid == p.spid ? : -1;

修改为

this.spid.compareTo(p.spid) > 0 ? 1 : this.spid.equals(p.spid) ? 0 : -1;

14.DB_DUPLICATE_BRANCHES

com.cmcc.aoi.selfhelp.dao.ShStatTerminalDao.getListQuery(String, int, Date, Date, boolean, int) uses the same code for two branches

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

if (bool) {

                query.setInteger(i++, nodeType);

                query.setInteger(i++, nodeType);

            } else {

                query.setInteger(i++, nodeType);

                query.setInteger(i++, nodeType);

            }

修改为

query.setInteger(i++, nodeType);

query.setInteger(i++, nodeType);

 

 

15. SE_COMPARATOR_SHOULD_BE_SERIALIZABLE

 

com.cmcc.aoi.selfhelp.task.entity.StatAppHabitComparator implements Comparator but not Serializable

This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

修改为

implements Serializable

 

16.  UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD

 

Unwritten public or protected field: com.cmcc.aoi.selfhelp.task.entity.StatDevice.keyname

No writes were seen to this public/protected field.  All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.

Public  String keyname;

修改为

Private  String keyname;

 

16. REC_CATCH_EXCEPTION

Exception is caught when Exception is not thrown in com.cmcc.aoi.selfhelp.task.fileparser.TokenIncrease.parseLine(String[])

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:

  try {

    ...

  } catch (RuntimeException e) {

    throw e;

  } catch (Exception e) {

    ... deal with all non-runtime exceptions ...

  }

 

17.  RV_RETURN_VALUE_IGNORED_BAD_PRACTICE

Exceptional return value of java.io.File.mkdirs() ignored in com.cmcc.aoi.util.FileUtil.moveFile(File, String)

This method returns a value that is not checked. The return value should be checked since it can indicate an unusual or unexpected function execution. For example, the File.delete() method returns false if the file could not be successfully deleted (rather than throwing an Exception). If you don't check the result, you won't notice if the method invocation signals unexpected behavior by returning an atypical return value.

tmp.mkdirs()

修改为

booleanmkdirs = tmp.mkdirs();

logger.debug("debug",mkdirs);

 

18. NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE

 

 

19. ICAST_IDIV_CAST_TO_DOUBLE

Integral division result cast to double or float in com.cmcc.aoi.selfhelp.service.BaseAnalysisService.getInterval(Date, Date, int)

This code casts the result of an integral division (e.g., int or long division) operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. Here is an example:

int x = 2;

int y = 5;

// Wrong: yields result 0.0

double value1 =  x / y;

 

// Right: yields result 0.4

double value2 =  x / (double) y;

 

 

 

 

 

 

 

 

 

 

 

 

捐助开发者

在兴趣的驱动下,写一个免费的东西,有欣喜,也还有汗水,希望你喜欢我的作品,同时也能支持一下。 当然,有钱捧个钱场(右上角的爱心标志,支持支付宝和PayPal捐助),没钱捧个人场,谢谢各位。



 
 
 谢谢您的赞助,我会做的更好!

 

 

 

 

 

0
1
分享到:
评论

相关推荐

    常见的findbugs解决方案

    常见的FindBugs解决方案 FindBugs是一款静态代码分析工具,旨在帮助开发者发现Java代码中的缺陷和错误。本文总结了常见的FindBugs解决方案,希望对开发者有所帮助。 Bad practice Warnings: 1. CoCO_COMPARETO_...

    findbugs常见5种类型报错

    ### FindBugs常见5种类型报错解析 #### 一、Nullpointerdereference (空指针解引用) **1.1 Possiblenullpointerdereferenceduetoreturnvalueofcalledmethod** - **含义**: 当一个方法的返回值被使用前没有进行...

    java代码分析工具findbugs安装使用说明及常见错误

    **Java代码分析工具FindBugs:安装...熟练掌握其安装、使用及问题排查,将有助于开发团队构建更加健壮和可靠的软件系统。通过不断学习和实践,我们可以充分利用FindBugs带来的优势,减少潜在的编程错误,提高开发效率。

    findBugs学习总结

    在提供的"findbugs_bug描述的中英文对照.xls"文件中,你可以找到所有bug模式的详细解释,包括它们的英文名称、中文翻译以及可能出现的问题类型和解决方案。这对于理解和解决findBugs报告中的问题非常有帮助。 **与...

    findbugs2.0插件包

    - **查看报告**:结果会显示在"Problems"视图中,每个问题都有详细的描述、可能的解决方案以及代码位置,帮助开发者理解并修复问题。 5. **提升代码质量** 使用FindBugs 2.0插件可以极大地提高代码质量,减少运行...

    findbugs插件

    在项目中右键选择"FindBugs",即可运行分析,它会显示可能出现问题的代码行,并提供可能的解决方案。 FindBugs能检测的错误类型广泛,包括但不限于空指针异常、未初始化的变量、资源泄露、并发问题、可能的算术溢出...

    findbugs-3.0.1

    同时,findbugs的结果报告详细且直观,不仅列出问题所在位置,还提供了问题的严重程度和可能的解决方案,有助于开发者快速理解和修复问题。 总的来说,findbugs-3.0.1是Java开发者的得力助手,它能够帮助我们提高...

    findbugs报告问题含义

    `FindBugs` 是一款静态代码...以上是 `FindBugs` 报告中的一些常见问题和解决方案。通过理解和修复这些问题,可以提高代码质量、性能和安全性。在开发过程中定期运行 `FindBugs` 分析可以帮助及时发现和修复这些问题。

    FindBugs 3.0

    2. **详尽的错误报告**:FindBugs 提供了详细的错误分类和严重级别,每种问题都有清晰的描述和解决方案建议,帮助开发者理解和解决。 3. **自定义设置**:用户可以根据项目需求调整分析级别,过滤掉不关心的警告,...

    FindBugs-IDEA-1.0.1插件

    5. **易用性**:FindBugs的报告直观且详细,每一个警告都会附带解释和解决方案,使得开发者能够迅速理解问题所在并进行修复。 6. **持续集成支持**:FindBugs不仅可以作为IDE插件使用,还可以集成到持续集成系统中...

    clipse 插件 findbugs-1.3.9 天涯浪子

    3. 快速修复:对于检测到的问题,FindBugs会提供可能的解决方案建议,帮助开发者快速定位和修复问题,提高代码质量。 四、在MyEclipse 6.5和8.0中的兼容性 FindBugs-1.3.9在MyEclipse 6.5及8.0上的良好兼容性是其...

    findbugs1.3.9插件

    - **结果解读**:分析完成后,FindBugs会在项目中生成报告,列出所有检测到的问题,每个问题都有详细的描述、优先级和可能的解决方案。 3. **版本比较** 提供的`findbugs-1.3.8.zip`文件展示了FindBugs的另一个...

    FindBugs-IDEA-1.0 1.1.zip

    它还会提供详细的错误描述和建议的解决方案,便于理解和修复。 3. **自定义配置**:用户可以根据项目的实际需求调整FindBugs的检测规则,例如忽略某些特定类型的警告,或者设置只关注高优先级的错误。 4. **集成...

    eclipse插件findbugs

    FindBugs 分析的结果以报告的形式呈现,报告中包含了每个可疑问题的详细描述、严重程度以及可能的解决方案。 在使用 Eclipse 插件 FindBugs 时,首先需要将其安装到 Eclipse IDE 中。这通常可以通过 Eclipse 的内置...

    findbugs插件eclipse

    分析完成后,结果会显示在Eclipse的Problems视图中,每个问题都有详细的描述、严重级别(比如警告、错误)以及建议的解决方案。这些问题按照优先级排序,帮助开发者优先处理那些最有可能导致程序崩溃的问题。 ...

    Findbugs

    3. **查看报告**:分析完成后,FindBugs会列出所有检测到的问题,并提供详细描述和可能的解决方案。 4. **修复问题**:根据报告,开发者逐个审查问题,决定是否需要修改代码,以及如何修改。 5. **重复分析**:...

    findbugs-1.3.9 java代码检查工具以及eclipse插件

    在Eclipse中,安装FindBugs插件后,开发者可以在项目中运行FindBugs分析,插件会以颜色高亮的形式标记出有问题的代码行,并提供详细的错误描述和建议的解决方案。 FindBugs 1.3.9版本提供的检查类别包括: 1. **...

    edu.umd.cs.findbugs.plugin.eclipse_2.0.2.20121204

    每个问题都有详细的描述、优先级以及可能的解决方案。此外,FindBugs还支持自定义配置,允许开发者根据项目需求选择要检查的错误级别和类型。 对于MyEclipse用户来说,虽然FindBugs原生并不直接支持,但通过Eclipse...

    eclise插件findbugs最新版

    每个 FindBugs 报告都会包含错误类型、严重级别、代码位置以及建议的解决方案。通过双击报告条目,Eclipse 会跳转到相应代码行,方便快速定位和修复问题。 总的来说,FindBugs 是一个强大的工具,能帮助开发者提高...

Global site tag (gtag.js) - Google Analytics