sbt / sbt-findbugs Goto Github PK

Expected vs Actual Behaviour

When I try to put

findbugsReportType := Some(FindbugsReportType.FancyHtml)

in build.sbt

Instead it...

Complains "Cannot resolve symbol FindbugsReportType"

Solution

Show full working examples of what settings should look like in the build.sbt file instead of PARTIAL examples that are ambiguous

There seems to be a trend with everything SBT related to give ambiguous and incomplete information devoid of clear working examples.

Erics-MBP-2:pci-enclave eric.kolotyluk$ sbt findbugs
[warn] Executing in batch mode.
[warn] For better performance, hit [ENTER] to switch to interactive mode, or
[warn] consider launching sbt without any commands, or explicitly passing 'shell'
[info] Loading project definition from /Users/eric.kolotyluk/perforceRoot/nds/servers/projects/pci-enclave/project
/Users/eric.kolotyluk/perforceRoot/nds/servers/projects/pci-enclave/build.sbt:84: error: not found: value FindbugsReportType
findbugsReportType := Some(FindbugsReportType.FancyHtml)
^
[error] Type error in expression

Version 1.4.0 is referenced in the README but it does not exist in the SBT community repository.

Could you provide an example of setting findbugsReportPath? I would like the report to be generated in target/findbugs/findbugs.xml. Not sure how to do that in Scala.

The README says that the default value is:

Some(crossTarget / "findbugs" / "report.xml"

which seems syntactically incorrect (there is no closing parenthesis) and doesn't seem to match the actual location, which is:

target/scala-2.10/findbugs/findbugs.xml

What line do I put into my build.sbt to set the report path to target/findbugs/findbugs.xml?

Thanks so much

Is there any work underway to customise the findbugs rules for Scala?

I've installed findbugs4sbt but the core findbugs rules produce lots of false positives around class & method naming conventions that are caused by Scala.

I can't be the first person to notice this -- surely all other users of findbugs4sbt must have the same problems?

Is there a project that has a ruleset for findbugs which is customised to work well with Scala? (Both by removing/fixing rules which give false positives in Scala and also by adding new Scala specific rules.)

If so, I would think that we should add it to the README, as it seems likely to be a FAQ.

If not, perhaps we should start one? Would that be considered out of scope for findbugs4sbt itself?

Does anyone has a small documented guide on how to use this tool?

It would be nice if the plugin would work with both scala versions. Need to wait for the sbt release on 2.11

http://stackoverflow.com/questions/23282469/does-sbt-builds-againts-scala-2-11

While findbugs code has a good base set of rules, most of Findbug's bug patterns are defined in findbugs-contrib.

It looks to me like findbugs4sbt doesn't include findbugs-contrib by default. Is that correct?

If so, we should probably add it by default (or at least add easy to follow instructions to the docs on how to include).

The README.md file contains this section:

findbugsReportType
Description: Optionally selects the output format for the FindBugs report.
Accepts: Some(FindbugsReportType.{Xml, Html, PlainHtml, FancyHtml, FancyHistHtml, Emacs, Xdoc})
Default: Some(FindbugsReportType.Xml)

But it seems that FindbugsReportType should be FindbugsReport

It looks like it's been awhile since we've had a release

@jmhofer would you be able to release a new version?

Add support for auto plugins in sbt 0.13.5

Findbugs 3..0 is released.

I am currently unsure of what can be done, suggestions ?

http://findbugs.sourceforge.net/manual/anttask.html#d0e1367

Adding findbugs4sbt and configured with ReportType.Html
does not generate a Html report.
The play-consoles displays:
[play-findbugs4sbt] $ findbugs:findbugsReportType
[info] Some(-html)

The output directory (target/scala-2.10/findbugs/) has only the file "findbugs.xml"
For configuration see https://github.com/carestra/play-findbugs4sbt

Expected vs Actual Behaviour

It should generate HTML output for a report.

Instead it crashes.

Generating the XML works fine though and I can render the XML to HTML with the standalone findbugs binary.

Steps to Reproduce

Configuration is

addSbtPlugin("com.github.sbt" % "sbt-findbugs" % "2.0.0") in project/plugins.sbt, findbugsReportType := Some(FindbugsReport.Html) in build.sbt.

Then output is as follows (same for the other report types apart from the XML one):

sbt findbugs
[info] Loading settings from credentials.sbt,plugins.sbt,idea.sbt ...
[info] Loading global plugins from /home/olof/.sbt/1.0/plugins
Waiting for lock on /home/olof/.ivy2/.sbt.ivy.lock to be available...
[info] Loading settings from plugins.sbt ...
[info] Loading project definition from /home/olof/src/<project>/project
[info] Loading settings from build.sbt ...
[info] Set current project to libplugin (in build file:/home/olof/src/<project>/)
[info] Compiling 1 Scala source to /home/olof/src/<project>/target/classes ...
[info] Done compiling.
[error] Warning: at xsl:variable on line 349 column 56 of default.xsl:
[error]   SXWN9001: A variable with no following sibling instructions has no effect
[error] Warning: at xsl:variable on line 352 column 59 of default.xsl:
[error]   SXWN9001: A variable with no following sibling instructions has no effect
[error] Error on line 72 of default.xsl:
[error]   SEPM0009: Values of 'standalone' and 'omit-xml-declaration' conflict
[error] The following errors occurred during analysis:
[error]   Could not generate HTML output
[error]     net.sf.saxon.trans.XPathException: Values of 'standalone' and 'omit-xml-declaration' conflict
[error]       At net.sf.saxon.serialize.XMLEmitter.writeDeclaration(XMLEmitter.java:229)
[error]       At net.sf.saxon.serialize.XMLEmitter.openDocument(XMLEmitter.java:162)
[error]       At net.sf.saxon.serialize.XMLEmitter.characters(XMLEmitter.java:576)
[error]       At net.sf.saxon.serialize.XMLIndenter.indent(XMLIndenter.java:315)
[error]       At net.sf.saxon.serialize.XMLIndenter.startElement(XMLIndenter.java:113)
[error]       At net.sf.saxon.event.ProxyReceiver.startElement(ProxyReceiver.java:132)
[error]       At net.sf.saxon.event.NamespaceReducer.startElement(NamespaceReducer.java:73)
[error]       At net.sf.saxon.event.ComplexContentOutputter.startContent(ComplexContentOutputter.java:566)
[error]       At net.sf.saxon.event.ComplexContentOutputter.startElement(ComplexContentOutputter.java:189)
[error]       At net.sf.saxon.expr.instruct.ElementCreator.processLeavingTail(ElementCreator.java:443)
[error]       At net.sf.saxon.expr.instruct.ElementCreator.processLeavingTail(ElementCreator.java:389)
[error]       At net.sf.saxon.expr.instruct.Block.processLeavingTail(Block.java:669)
[error]       At net.sf.saxon.expr.instruct.Instruction.process(Instruction.java:144)
[error]       At net.sf.saxon.expr.instruct.ElementCreator.processLeavingTail(ElementCreator.java:450)
[error]       At net.sf.saxon.expr.instruct.ElementCreator.processLeavingTail(ElementCreator.java:389)
[error]       At net.sf.saxon.expr.instruct.Template.applyLeavingTail(Template.java:336)
[error]       At net.sf.saxon.trans.Mode.applyTemplates(Mode.java:1124)
[error]       At net.sf.saxon.Controller.transformDocument(Controller.java:2106)
[error]       At net.sf.saxon.Controller.transform(Controller.java:1705)
[error]       At net.sf.saxon.s9api.XsltTransformer.transform(XsltTransformer.java:547)
[error]       At net.sf.saxon.jaxp.TransformerImpl.transform(TransformerImpl.java:179)
[error]       At edu.umd.cs.findbugs.HTMLBugReporter.finish(HTMLBugReporter.java:73)
[error]       At edu.umd.cs.findbugs.DelegatingBugReporter.finish(DelegatingBugReporter.java:89)
[error]       At edu.umd.cs.findbugs.DelegatingBugReporter.finish(DelegatingBugReporter.java:89)
[error]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1138)
[error]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283)
[error]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:402)
[error]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1200)
[error]       At edu.umd.cs.findbugs.LaunchAppropriateUI.launch(LaunchAppropriateUI.java:106)
[error]       At edu.umd.cs.findbugs.LaunchAppropriateUI.main(LaunchAppropriateUI.java:198)
[error] Warnings generated: 90
[success] Total time: 24 s, completed 24-May-2018 12:40:35

Environment

• sbt version: 1.0.4
• Plugin version: 2.0.0
• Scala version(s): 2.12.4
• Java version: 1.8.0_171-b11
• Link to project source: not available

Given the poor handling of the recent security incident (https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/) I'm suspending Travis CI integration indefinitely.

Let's move on to GitHub Actions.

There are some java8 related bugs that were fixed in Findbugs 3.0.1, in particular, the current version (3.0.0) throws a medium level warning due to an unused private method when the method is actually used via method reference.

See: https://sourceforge.net/p/findbugs/bugs/1370/

Fixed in Findbugs 3.0.1