xiaoven / codegex Goto Github PK
View Code? Open in Web Editor NEWA light-weight tools like spotbugs
License: GNU Lesser General Public License v2.1
A light-weight tools like spotbugs
License: GNU Lesser General Public License v2.1
warning 行
private final long serialVersionUID = 1L;
final 应该包含在static里面
fastjson/src/main/java/com/alibaba/fastjson/util/UTF8Decoder.java
int uc = ((b1 & 0x07) << 18) | ((b2 & 0x3f) << 12) | ((b3 & 0x3f) << 06) | (b4 & 0x3f);
现在的 pattern 为
\(\s*([~-]?(?:(?P<aux1>\((?:[^()]++|(?&aux1))*\))|[\w.-])++)\s*&\s*([~-]?(?:(?&aux1)|[\w.])++)\s*\)\s*([><=!]+)\s*0
它匹配上述例子中的 (b3 & 0x3f) << 0
部分。应在逻辑中加入判断 ([><=!]+)
部分提取到的是否是 >, <, >=, <=, ==, !=
之一,如果不是,则返回
// https://github.com/tcgone/carddb/pull/100/files#diff-6c19d66c31bb9986c633ad36b5edc2518ae400fb7d585b8a99c4cad7e3d6d5ddR394
card.order = order++;
// https://github.com/apache/lucene-solr/blob/0a22341ee21ea24fed0d38a58136314472a1c587/lucene/analysis/common/src/test/org/apache/lucene/analysis/hunspell/SpellCheckerTest.java#L42
InputStream affixStream =
Objects.requireNonNull(getClass().getResourceAsStream(name + ".aff"), name);
// https://github.com/apache/lucene-solr/blob/0a22341ee21ea24fed0d38a58136314472a1c587/lucene/analysis/common/src/test/org/apache/lucene/analysis/hunspell/SpellCheckerTest.java#L44
InputStream dictStream =
Objects.requireNonNull(getClass().getResourceAsStream(name + ".dic"), name);
// https://github.com/OpenAPITools/openapi-generator/pull/8505/files
typeMapping.put("enum", "NSString");
// https://github.com/SufficientlySecure/calendar-import-export/pull/91/files
Log.d(TAG, "Ignore enum-property: " + evName + "=" + dbName + ": " + ignored.toString());
private static final String ASYNCAPI_JSON_HYPERSCHEMA = "{\n" +
" \"enum\": [\n" +
//https://github.com/tlaplus/tlaplus/pull/574/files https://github.com/tlaplus/tlaplus/pull/574/files #107
public static final BoolValue ValTrue = new BoolValue(true);
BoolValue.ValTrue;
public class ICUCollationKeywordFieldMapper extends FieldMapper {
public static class Builder extends FieldMapper.Builder {
...
}
}
在 spotbugs 中,外层的 ICUCollationKeywordFieldMapper
没有和 FieldMapper
重simple name时, 内部类的重名是不会报warnigns 的。
考虑判断 class definition statement 前面的空格数目?如果有空格,就把 priority 降至 ignore?
https://github.com/BanShot/5im19b-NicolaWerlen/pull/2/files
EchoServer/EchoServer/src/MyEchoServer.java
line 133
位置不对
目前 DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES
和 SA_SELF_COMPARISON
都会识别 contains
方法。可以通过搜索 object 的用法来辅助判断它是否是 collection,如果是,则报 DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES
.
下面的例子会同时报 DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES
和 SA_SELF_COMPARISON
void tmp(Collection c){
if (c.contains(c)){
System.out.println("collection yes");
} else{
System.out.println("no");
}
}
希望能改一下 local search 机制,在 engine 初始化 detector 的时候,检查 detector 是否需要 local search,如需要,则把 patch_set 信息传给它,让它在自己的 class 内加工保存自己需要用的信息, 而不是像现在local search 方法和相关变量都定义和保存在 engine 内
rocketmq/tools/src/main/java/org/apache/rocketmq/tools/monitor/MonitorService.java#137
private String instanceName() {
String name =
System.currentTimeMillis() + new Random().nextInt() + this.monitorConfig.getNamesrvAddr();
return "MonitorService_" + name.hashCode();
}
Improve by using get_exact_lineno
method.
// https://github.com/eclipsesource/J2V8/pull/504/files#diff-a892003576f3e242006668a1b63c89dff9144c4e4b343020847ad103b53e6b03R79
@Override protected void finalize() {
try {
super.finalize();
} catch (Throwable t) { }
if (!receiver.isReleased()) {
receiver.release();
}
if (!function.isReleased()) {
function.release();
}
}
finalize
如果 ImageView.ScaleType.CENTER
是定义在 library 的,那么即使我们用了 online search,也是搜索不到的
ImageRequest imageRequest = new ImageRequest(
img_urls.get(i),
listener2, 50, 50, ImageView.ScaleType.CENTER,
Bitmap.Config.ARGB_8888, null);
queue.add(imageRequest);
}
(\b\w[\w.]*(?P<aux1>\((?:[^()]++|(?&aux1))*\))*)\s*([|^&-])\s*([\w.]+(?&aux1)*)
由于正则匹配提取的是 disjoint groups, 会造成 False Negatives
return i | j & j;
提取的groups为 i | j
return i | j & j | z;
提取的groups为 i | j
和 j | z
,但其实 &
的优先级更高,j & j
本应该会触发 warnings 的// https://github.com/AzureSDKAutomation/azure-sdk-for-java/pull/7314/files
@@ -733,6 +734,7 @@ public WorkspaceInner createOrUpdate(
new IllegalArgumentException(
"Parameter this.client.getSubscriptionId() is required and cannot be null."));
原因:该 exception 作为参数传递,但是 patch 没有显示它前面的 method ,导致它被单独划分一个 statement。
解决办法:做括号匹配,再检查分号
// https://github.com/apache/pulsar/blob/85675c8c31ec7529c7877778b73ddeea72772a2c/pulsar-broker/src/test/java/org/apache/pulsar/broker/stats/ConsumerStatsTest.java#L182
long expectUnacked = msgOutCounter - (i - i % cumulativeInterval);
if (expectedSha.equals(sha) == false) {
final String exceptionMessage = String.format(
Locale.ROOT,
"SHA has changed! Expected %s for %s but got %s."
+ "\nThis usually indicates a corrupt dependency cache or artifacts changed upstream."
+ "\nEither wipe your cache, fix the upstream artifact, or delete %s and run updateShas",
expectedSha,
jarName,
sha,
shaFile
);
public static Parameter<Boolean> norms(boolean defaultValue, Function<FieldMapper, Boolean> initializer) {
return Parameter.boolParam("norms", true, initializer, defaultValue)
.setMergeValidator((o, n, c) -> o == n || (o && n == false)); // norms can be updated from 'true' to 'false' but not vv
}
// https://github.com/alibaba/fastjson/pull/2655/files#diff-16b3c16c736dce233aa4cfbdf1fce6e9485df5afc86c5434697bff31facb36d2R11
private String[] jstrUnionOfRightArray = { " [ ]", "[\"Today\"]", "[1234]", "[-0]", "[1.2333]", " [3.14e+0]",
" [-3.14E-0]", "[0e0]", "[true]", "[false]", "[null]", "[\"\\u1234\"]", " [{\"name\":\"test\"}]",
"[{}, [{}, []]] " , " "};
org/nanohttpd/junit/protocols/http/LoadKeyStoreTest.java
@Test
public void loadKeyStoreFromResources() throws Exception {
String keyStorePath = "/keystore.jks";
InputStream resourceAsStream = this.getClass().getResourceAsStream(keyStorePath);
不明。在 regex101 检查表达式是可以匹配的,或许需要检查 parser 划分结果?
// https://github.com/nus-cs2103-AY1920S1/duke/pull/307/files?file-filters%5B%5D=.java
String content = new String(Files.readAllBytes(Paths.get(filePath)), "UTF-8");
// https://github.com/pablocrcdev/CRC_Guard_App/pull/1/files?file-filters%5B%5D=.java#diff-99e535000b086879e264018751474845afd0da622128af12b630f61b308f959cL242
text = new String(payload, languageCodeLength + 1, payload.length - languageCodeLength - 1, textEncoding);
//https://github.com/apache/nifi/pull/3576/files#diff-e7b9c3cbb08b7642d1c779ec35a7db494b152e7749d2ee17d47ec430c1b1f4bbR457
final String spec = new String(Files.readAllBytes(Paths.get("src/test/resources/TestJoltTransformJson/chainrSpec.json")));
// https://github.com/code-differently/Assessment-PAIN/pull/15/files#diff-478b2349e8da512b9f501d8ece255e9445998876e9bac0eeb9fd8e5f69af77c2R11
data = new String(Files.readAllBytes(Paths.get("RawData.txt")));
// https://github.com/NayeeC/Production-Practice/pull/9/files#diff-c437294bd5b8e57a04746fd38d05769992a55dbe2e6b9c85032dd08a85127a38R23
return new String(src.getBytes("iso-8859-1"), "utf-8");
现在没有考虑两个参数的情况, 但是怎么排除两个参数的情况呢?
https://github.com/sstrickx/yahoofinance-api/pull/152/files#diff-8d68307bdbd437a4c6e7bece19d314248059d2a5d13240a33b631ab83af4b2abR236
public static Calendar parseDateTime(String date, String time, TimeZone timeZone) {
String datetime = date + " " + time;
SimpleDateFormat format = new SimpleDateFormat("M/d/yyyy h:mma", Locale.US);
// https://github.com/jverein/jverein/pull/62/files#diff-edd5519d9f886de3c35f794f0dc70bb8c178ca8ff216110e21ad254ff2083d2aR199
public static GregorianCalendar getBeginnGeschaeftsjahr(GregorianCalendar date) {
GregorianCalendar BeginnGeschaeftsjahr = new GregorianCalendar();
识别 field 定义
com/alibaba/fastjson/parser/deserializer/FieldDeserializer.java
if (collection == Collections.emptySet()
|| collection == Collections.emptyList()
|| collectionClassName == "java.util.ImmutableCollections$ListN"
|| collectionClassName == "java.util.ImmutableCollections$List12"
|| collectionClassName.startsWith("java.util.Collections$Unmodifiable")) {
// skip
return;
}
现在的pattern为
r'((?:(?P<aux1>\((?:[^()]++|(?&aux1))*\))|[\w."])++)\s*[!=]=\s*((?:(?&aux1)|[\w."])+)'
其中 [\w."]
部分不能匹配 $
符号(java 命名规则允许使用字符中比较少用的字符)
nanohttpd/websocket/src/test/java/org/nanohttpd/junit/protocols/websockets/WebSocketResponseHandlerTest.java
this.headers.put("sec-websocket-key", "x3JJHMbDL1EzLkh9GBhXDw==");
等号两边匹配结果 "x3JJHMbDL1EzLkh9GBhXDw
和 "
.
is_str_with_quotes
方法现在只判断字符串开头和结尾字符是否为 "
, 没有判断字符串长度,导致只包含"
的字符串蒙混过关。
switch (c) {
case 'a':
case 'A':
if (csName == "ASCII" || equalEncodings(csName, "ASCII")) {
return CS_US_ASCII;
}
break;
case 'c':
constructor
// https://github.com/tlaplus/tlaplus/pull/574/files tlatools/org.lamport.tlatools/test/tlc2/tool/JsonTest.java #37
public JsonTest() {
遇到一个不知道什么版本的 Java 项目,我们的 parser 不能准确地划分它的 statements,但是如果用 get_exact_lineno 还是可以得到准确的行数的
#else
public #class($command.name)(#class($command.getProperty("Requires").getValue()) subsystem) {
public #class($command.name)(#if($command.getProperty("DoubleSupplier 1").getValue() != "None")DoubleSupplier doublesupplier1, #end#if($command.getProperty("DoubleSupplier 2").getValue() != "None")DoubleSupplier doublesupplier2, #end#class($command.getProperty("Requires").getValue()) subsystem) {
#end
#set($params = $command.getProperty("Parameters").getValue())
#macro( klass $cmd )#if( "#type($cmd)" == "" )CommandBase#else#type($cmd)#end#end
import edu.wpi.first.wpilibj2.command.CommandBase;
operator priority 问题
// https://github.com/Vardan2020/VardanHomeWork/pull/20/files#diff-ee711ac873a4cd67ccdf1c4453d4051d8c456f9e7e5b731d021a06c401b5a6c1R7
if (a > b & b>c) {
考虑过滤掉 if 等 condition 语句?@stan6
该 pattern 需要在检查到 getResource 方法调用后,再添加两个搜索功能:
本地全局搜索:搜索 pull request里的 patches 是否 “extends 所在文件名”
网络搜索:通过 Github API (可以用 PyGithub) 发送搜索请求,在 repo 中搜索 “extends 所在文件名”
原因:如果检测到调用到那个 class 没有子类的话,是不造成问题的
测试文件一般没有子类
animated-gif-lib-for-java/src/test/java/com/madgag/gif/fmsware/TestAnimatedGifEncoder.java
private byte[] getExpectedBytes(String name) throws IOException {
File expectedFile = new File(getClass().getResource(name).getFile());
private BufferedImage getImage(String name) throws IOException {
return ImageIO.read(new File(getClass().getResource(name).getFile()));
}
// https://github.com/Catch-PS/Algorithm-PS/pull/25/files
// Section11/programmers_Ïù¥Ï§ëÏö∞ÏцÏàúÏúÑÌÅê_kgh.java 缺少韩语支持,不清楚是哪个文件,以下两个都要试一下
public MaxHeap(int value) {
static int convertTimeToInt(String s){
public MinHeap(int value) {
是否需要跳过文件路径里包含 “ test” 的文件?
// https://github.com/EriolEandur/Animations/pull/2/files#diff-142800dac9917f3c0745c03ab73c4d007f454a841d1d17fa32294da970897172R230
public static long getSerialVersionUID() {
return serialVersionUID;
}
// https://github.com/mhagnumdw/bean-info-generator/pull/5/files#diff-71bf0b35fa483782180f548a1a7d6cc4b3822ed12aa4bb86640f80dde9df3077R13
public static final BeanMetaInfo serialVersionUID = new BeanMetaInfo("serialVersionUID");
if ((flags & mask) == mask && "I".equals(fieldSig)) {
Spotbugs 似乎只当变量类型为int
使才报warnings
对例子1,先匹配是否是 return 语句,如果是则跳过
对例子2,应该检查类型是否是 int 等数字类型?如果不是就可能是故意的
final DownloadManager.Request request = new DownloadManager.Request(uri)
// DownloadManager.Request -> class name
给 patch 新增一个 sha field?
private static int varintSize(int paramInt)
{
if ( ( paramInt & 0xFFFFFF80 ) == 0 )
{
return 1;
}
if ( ( paramInt & 0xFFFFC000 ) == 0 )
{
return 2;
}
if ( ( paramInt & 0xFFE00000 ) == 0 )
{
return 3;
}
if ( ( paramInt & 0xF0000000 ) == 0 )
{
return 4;
}
return 5;
}
It is a regression caused by refactoring in 5584cdb .
The regex before was
\(\s*((?:(?P<aux1>\((?:[^()]++|(?&aux1))*\))|[\w.])++)\s*&\s*((?:(?&aux1)|[\w.])+)\s*\)\s*>\s*0
\(\s*((?:(?P<aux1>\((?:[^()]++|(?&aux1))*\))|[\w.])++)\s*&\s*0\s*\)\s*==\s*0
But now it is
\(\s*(?:(?P<aux1>\((?:[^()]++|(?&aux1))*\))|[\w.])++\s*&\s*(?:(?&aux1)|[\w.])+\s*\)\s*(>|==)\s*0
which replaces the 0
right after &
with a non-capturing group.
Although the old regex wouldn't cause false positives, their ability is limited. First, they only learn the zero value as 0
, and don't understand 0x00000000
. Second, the position of 0
relative to &
is fixed.
Instead using old regex, I suggest to capture the oprands and try to convert them into integer to see if one of them is zero value.
elasticsearch/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/async/AsyncResponse.java
public interface AsyncResponse<T extends AsyncResponse<?>> extends Writeable {
/**
* When this response will expire as a timestamp in milliseconds since epoch.
*/
long getExpirationTime();
RxJava/src/main/java/io/reactivex/rxjava3/observers/BaseTestConsumer.java
public abstract class BaseTestConsumer<T, U extends BaseTestConsumer<T, U>> {
// https://github.com/rxp90/jsymspell/pull/3/files?file-filters%5B%5D=.java#diff-423e657b915a047bfecd389dcc05d1f71336871ed156c158b730f3bb6c35d15fR42
"abcd == abcde - {e} (distance 1), abcd == abcdef - {ef} (distance 2)"
// https://github.com/hornstein/boardcad-java/pull/5/files#diff-7e74924bbc85100b71c52a1f86b2f7053fdf3474c989e53f27854651d49d359eR674
if (string.startsWith("(cp") == false)
// https://github.com/VikaAdamovska/java-elementary-lesson25-spring-web/pull/1/files#diff-afa4c3044f61274747787df8b223c11d9be17cb312d506ba52b23349da7e9a99R22
childLogger.info("INFO == INFO");
// https://github.com/pablocrcdev/CRC_Guard_App/pull/1/files#diff-b337f2d2b5d4833ee0c2ab0b4fdb3c5646236b84d13867ea55279add0ea4a321R30
@Override
public void onReceive(final Context context, Intent intent) {
/* dbhelper = new DatabaseHandler(context, "RG", null, 1);
mURL = dbhelper.Obt_url();
if (mURL == ""){
mURL = "http://186.96.89.66:9090/crccoding/f?p=2560:9999";
Log.i("SQLL","Url vacio");
}else{
Log.i("SQLL","Url cargado "+mURL);
}*/
WebView gv = new WebView(context);
gv.setWebViewClient(new mWebClient());
gv.getSettings().setJavaScriptEnabled(true);
gv.addJavascriptInterface(new WebInterface(context, gvGPS, null), "Android");
gv.loadUrl(mURL);
}
false positive for if (mURL == ""){
in comments
没找到
编译失败的写法:
只要方法名、参数个数与顺序、参数类型与Object.equals方法相同,不管怎么改返回值和权限修饰符,都会编译失败。
boolean equals(Object obj)
public Boolean equals(Object obj)
报 EQ_SELF_USE_OBJECT:
class Custom{
public boolean equals(Custom c){...}
}
- 变量解释
- hasEqualsObject: 当方法满足 `public boolean equals(Object)` 时为 true,意为有正确重写Object类中的 equals 方法
- hasEqualsSelf: equals 方法只有参数类型不满足标准写法,且参数是当前所在类类型而非Object类型时为 true
- hasEqualsOther: 当参数类型为其他
- usesDefaultEquals: 当该 equals 方法继承自 java.lang.Object,而不是其它 class 重新定义的
- 步骤:
- !hasEqualsObject && !hasEqualsSelf && hasEqualsOther
- usesDefaultEquals
对于参数类型,我们只能判断是否是 Object; 对于参数类型是所在类的情况,对应的是 EQ_SELF_USE_OBJECT pattern. 故决定暂时搁置该 pattern。
欢迎大家提出自己的想法。
System.out.printf 不是要检测的方法
// https://github.com/annsh4/moduleASD/pull/7/files#diff-e0abdcac712be84d9244bb56e857e1e026c6e6486f1daa2f3c7c800f976bbc0dR121
System.out.printf("|%-6s|%-12s|%-12s|\n", "№ з/п", "Вхідний бал", "Результат округлення");
参考SpoBugs实现的那几个packages的方法
可以考虑使用 anti-pattern 来排除
parser 的问题,整个 hunk 都是 * 开头的
// https://github.com/r4b3rt/pinpoint/pull/233/files
@@ -223,8 +232,11 @@
* <tr><td>9202</td><td>ElasticsearchBBossExecutor</td></tr>
2021-02-09 14:13:08.525 | ERROR | rparser:parse:520 - [Parser Error] oshi-core/src/main/java/oshi/software/os/OperatingSystem.java
'NoneType' object has no attribute 'append_sub_line'
Traceback (most recent call last):
File "/Users/audrey/Documents/GitHub/rbugs/rparser.py", line 516, in parse
_parse_hunk(hunk_content, patch.hunks[i - 1])
File "/Users/audrey/Documents/GitHub/rbugs/rparser.py", line 404, in _parse_hunk
_finish_vt_statement(line_obj, del_statement, hunk, '+')
File "/Users/audrey/Documents/GitHub/rbugs/rparser.py", line 161, in _finish_vt_statement
vt_stmt.append_sub_line(line_obj)
AttributeError: 'NoneType' object has no attribute 'append_sub_line'
2021-02-09 14:14:22.717 | ERROR | rparser:parse:520 - [Parser Error] sdks/java/core/src/main/java/org/apache/beam/sdk/state/MapState.java
'NoneType' object has no attribute 'append_sub_line'
Traceback (most recent call last):
File "/Users/audrey/Documents/GitHub/rbugs/rparser.py", line 516, in parse
_parse_hunk(hunk_content, patch.hunks[i - 1])
File "/Users/audrey/Documents/GitHub/rbugs/rparser.py", line 404, in _parse_hunk
_finish_vt_statement(line_obj, del_statement, hunk, '+')
File "/Users/audrey/Documents/GitHub/rbugs/rparser.py", line 161, in _finish_vt_statement
vt_stmt.append_sub_line(line_obj)
AttributeError: 'NoneType' object has no attribute 'append_sub_line'
// https://github.com/PowerOlive/Mysplash/pull/1/files
return newModel instanceof AppObject && ((AppObject) newModel).iconId == iconId;
if (disjunction.get(t).variable == variable)
if (this.matriz[fila][col].valor == valor){
if (isHidden == null || isHidden == Boolean.FALSE) {
final boolean matched = template.patterns().stream().anyMatch(patternMatchPredicate);
if (matched) {
matchedTemplates.add(template);
}
}
用 regex.search 找到第一个匹配就返回了
// https://github.com/apache/ignite/blob/102382ecb9c0b61de629d56e275c115e260bdb34/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/CalciteQueryProcessorTest.java#L148
List<List<?>> res = sql(sql);
// https://github.com/AzureSDKAutomation/azure-sdk-for-java/pull/7321/files#diff-2f2d2be29e8a2e9cdb228b73c747e370dd61449d3220804837b029f856f52edfR24
@JsonSubTypes({
@JsonSubTypes.Type(
name = "#Microsoft.Media.SelectAudioTrackByAttribute",
value = SelectAudioTrackByAttribute.class),
@JsonSubTypes.Type(name = "#Microsoft.Media.SelectAudioTrackById", value = SelectAudioTrackById.class) // wrong line no
})
// https://github.com/powsybl/powsybl-core/pull/1316/files#diff-ec7fd47ba0877273594bf79f852d46fde2adb8c2319c39467c7fe162d4c0c80bR34
Substation substation = network.newSubstation()
.setId("S")
.add();
需要判断 object 和 参数不为空
// https://github.com/tlaplus/tlaplus/pull/574/files
@SuppressWarnings("rawtypes")
也可以说是 parser 的问题,因为 parser 没有考虑到 hunk 所有的行从头到尾都是注释的情况
// https://github.com/checkstyle/checkstyle/pull/9246/files#diff-9bedac2996d0bc061df6fd8e1d2e6486e6009c22fd97ecaa0f2d81fca5e6cda5R91
@@ -89,53 +89,144 @@
* <pre>
* <module name="RequireThis"/>
* </pre>
* <p>Example:</p>
* <pre>
* public class Test {
* // overlapping by method argument
* c = c; // violation, reference to instance variable "c" requires "this"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.