The new home of the FindBugs project

The FindBugs project

Last update: Dec 21, 2022

Related tags

Code Analysis findbugs

Overview

FindBugs is now SpotBugs

Old FindBugs site.

New SpotBugs site.

Project development continues here: https://github.com/spotbugs/spotbugs

Please read this for details:

Comments

Java 9 support
[x] Need updated ASM (6.0 snapshot works fine)

[x] We should temporarily host and build against a snapshot build, I can upload one

[x] Need updated BCEL ?(current snapshot seem to work but probably lacks some new constructs). See #106 for BCEL update evaluation.

[x] Need JRT FS support (I have a patch, missing: multi-module packages)

[x] Need update of runtime requirements and build to Java 8 (I have a patch)

[x] Need Eclipse plugin support (I have a patch)

[x] Need proper update of JavaVersion parser (see #75 , must be adopted)

[x] Requires minor version number increase (3.0 -> 3.1) at least.

enhancement java9
opened by iloveeclipse 22
Clarify the license of com.google.code.findbugs : jsr305 : 3.0.1

The maven artifact containing the JSR 305 annotations on Maven Central [1] declares the Apache License 2 as the license to use for the JSR305 annotations. However, the FindBugs project states that all source code is licensed under the LGPL [2].

Which one is true?

[1] http://search.maven.org/#artifactdetails|com.google.code.findbugs|jsr305|3.0.1|jar [2] http://findbugs.sourceforge.net/

opened by ctron 14
Evaluate BCEL 6 update strategies

BCEL 6 broke every single API by moving all types in different package structure, see https://issues.apache.org/jira/browse/BCEL-222. No comments about that move.

However, to get up to date with latest Java 9 fixes in BCEL we have either to break every FB plugin/user (because we exposed BCEL in FB API all over the place, see for example use of org.apache.bcel.classfile.JavaClass) and ship totally incompatible FB 4.0, or we need to backport BCEL 6 changes to the "old" package structure.

I'm investigating the later one.

OK, I've managed to rename the packages back (see https://github.com/iloveeclipse/commons-bcel/tree/old_structure) and with few (not committed) FB changes I was able to run FB with that BCEL version. Problem: it simply doesn't work in few cases anymore, neither on Java 8 nor on Java 9. I had few different exceptions, which I'm not sure where the root cause is - new BCEL code or missing adoption on FB side: bcel_test_result.txt

Now I'm going to break FB API and use BCEL as is, just to test if BCEL 6 "unchanged" will work with FB.
java9

opened by iloveeclipse 12
IllegalArgumentException in OpcodeStack.constantToInt

Using findbugs-3.0.1, we run into the following situation during analysis: [findbugs] Executing findbugs FindBugsTask from ant task [findbugs] Running FindBugs... [findbugs] The following errors occurred during analysis: [findbugs] Error processing2 < I, 1 >iadd< Ljava/lang/String;, "", r4 > @ 706 in workflow.fileupload.swift.mt101.Mt101MultibankingWorkflowTest.testMultibankingOkWithMultipleASeqs : ()V [findbugs] java.lang.IllegalArgumentException: [findbugs] At edu.umd.cs.findbugs.OpcodeStack.constantToInt(OpcodeStack.java:2179) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.pushByIntMath(OpcodeStack.java:3198) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.sawOpcode(OpcodeStack.java:1644) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory$JumpStackComputation.sawOpcode(OpcodeStack.java:2846) [findbugs] At edu.umd.cs.findbugs.visitclass.DismantleBytecode.visit(DismantleBytecode.java:883) [findbugs] At edu.umd.cs.findbugs.visitclass.BetterVisitor.visitCode(BetterVisitor.java:218) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitCode(PreorderVisitor.java:235) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory$JumpStackComputation.visitCode(OpcodeStack.java:2832) [findbugs] At org.apache.bcel.classfile.Code.accept(Code.java:135) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.doVisitMethod(PreorderVisitor.java:307) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory.computeJumpInfo(OpcodeStack.java:2876) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory.analyze(OpcodeStack.java:2806) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory.analyze(OpcodeStack.java:2789) [findbugs] At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369) [findbugs] At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.getJumpInfo(OpcodeStack.java:3007) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.resetForMethodEntry(OpcodeStack.java:2978) [findbugs] At edu.umd.cs.findbugs.bcel.OpcodeStackDetector.visitCode(OpcodeStackDetector.java:62) [findbugs] At org.apache.bcel.classfile.Code.accept(Code.java:135) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.doVisitMethod(PreorderVisitor.java:307) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitJavaClass(PreorderVisitor.java:395) [findbugs] At org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:215) [findbugs] At edu.umd.cs.findbugs.BytecodeScanningDetector.visitClassContext(BytecodeScanningDetector.java:38) [findbugs] At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76) [findbugs] At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089) [findbugs] At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283) [findbugs] At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:402) [findbugs] At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1200) [findbugs] Error processing2 < I, 1 >iadd< Ljava/lang/String;, "", r4 > @ 706 in workflow.fileupload.swift.mt101.Mt101MultibankingWorkflowTest.testMultibankingOkWithMultipleASeqs : ()V [findbugs] java.lang.IllegalArgumentException: [findbugs] At edu.umd.cs.findbugs.OpcodeStack.constantToInt(OpcodeStack.java:2179) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.pushByIntMath(OpcodeStack.java:3198) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.sawOpcode(OpcodeStack.java:1644) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory$JumpStackComputation.sawOpcode(OpcodeStack.java:2846) [findbugs] At edu.umd.cs.findbugs.visitclass.DismantleBytecode.visit(DismantleBytecode.java:883) [findbugs] At edu.umd.cs.findbugs.visitclass.BetterVisitor.visitCode(BetterVisitor.java:218) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitCode(PreorderVisitor.java:235) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory$JumpStackComputation.visitCode(OpcodeStack.java:2832) [findbugs] At org.apache.bcel.classfile.Code.accept(Code.java:135) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.doVisitMethod(PreorderVisitor.java:307) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory.computeJumpInfo(OpcodeStack.java:2876) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory.analyze(OpcodeStack.java:2806) [findbugs] At edu.umd.cs.findbugs.OpcodeStack$JumpInfoFactory.analyze(OpcodeStack.java:2789) [findbugs] At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369) [findbugs] At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.getJumpInfo(OpcodeStack.java:3007) [findbugs] At edu.umd.cs.findbugs.OpcodeStack.resetForMethodEntry(OpcodeStack.java:2978) [findbugs] At edu.umd.cs.findbugs.bcel.OpcodeStackDetector.visitCode(OpcodeStackDetector.java:62) [findbugs] At org.apache.bcel.classfile.Code.accept(Code.java:135) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.doVisitMethod(PreorderVisitor.java:307) [findbugs] At edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitJavaClass(PreorderVisitor.java:395) [findbugs] At org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:215) [findbugs] At edu.umd.cs.findbugs.BytecodeScanningDetector.visitClassContext(BytecodeScanningDetector.java:38) [findbugs] At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76) [findbugs] At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089) [findbugs] At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283) [findbugs] At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:402) [findbugs] At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1200) [findbugs] [findbugs] Calculating exit code... [findbugs] Exit code set to: 0

opened by MascPip 10
Value-Based Classes
:bangbang: THIS PULL REQUEST IS NOT COMPLETE YET

This is my shot at implementing Feature Request #313: Warn about identity-sensitive operations on value based classes.

For brevity's sake I'll use vbi for value-based instance(s), i.e. an instance of a value-based class.

Current State

The annotation @ValueBased can be used to mark own value-based classes. These classes and those from the JDK are processed uniformly when it comes to the following checks:

:white_check_mark: no reference comparison

:white_check_mark: serialization of vbi

:white_check_mark: no non-transient field in serializable class (works out of the box)

:white_check_mark: no direct serialization via ObjectOutputStream.writeObject (works out of the box)

:red_circle: identity hash code

:white_check_mark: no argument to System.identityHashCode

:red_circle: no key in an IdentityHashMap

:white_check_mark: no locking on a vbi

:white_check_mark: no use in synchronized block

:white_check_mark: no calls to Object.wait

:white_check_mark: no calls to Object.notify

:white_check_mark: no calls to Object.notifyAll

Notes

Ensuring that a class annotated with @ValueBased has all properties described in the official documentation is not in the scope of #313 and hence also not of this pull request.
opened by nipafx 9

Error parsing signature of lambda

This is a followup to https://sourceforge.net/p/findbugs/bugs/1415/ I tried if the error still occurs with findbugs 3.1.0_preview2 that contains a newer bcel - it still occurs, but now with a different error message.

Steps to reproduce: 1.) compile the following code using Eclipse 4.6

public interface HasUniqueKey<Key> {
  Key getInternId();
}

public class Util {
  public static List<Integer> toIntegerList(List<? extends HasUniqueKey<Integer>> entities) {
    return entities.stream().map(m -> m.getInternId()).collect(Collectors.toList());
  }
}

Note that compiling the code with javac will NOT show the problem, as javac produces quite different byte code when compiling the lambda.

2.) let findbugs analyse the resulting class files (e.g. through the gui). This results in the following stacktrace:

The following errors occurred during analysis:
  Error parsing signature !+LHasUniqueKey<Ljava/lang/Integer;>;
    java.lang.IllegalStateException: Invalid method signature: '(!+LHasUniqueKey<Ljava/lang/Integer;>;)V' : !+LHasUniqueKey<Ljava/lang/Integer;>;)V 
      At edu.umd.cs.findbugs.ba.generic.GenericSignatureParser$ParameterSignatureIterator.next(GenericSignatureParser.java:120)
      At edu.umd.cs.findbugs.ba.generic.GenericSignatureParser$ParameterSignatureIterator.next(GenericSignatureParser.java:45)
      At edu.umd.cs.findbugs.ba.generic.GenericSignatureParser.getNumParameters(GenericSignatureParser.java:184)
      At edu.umd.cs.findbugs.ba.generic.GenericUtilities.getType(GenericUtilities.java:263)
      At edu.umd.cs.findbugs.ba.type.TypeFrameModelingVisitor.getLocalVariable(TypeFrameModelingVisitor.java:827)
      At edu.umd.cs.findbugs.ba.type.TypeFrameModelingVisitor.handleLoadInstruction(TypeFrameModelingVisitor.java:889)
      At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.visitALOAD(AbstractFrameModelingVisitor.java:452)
      At org.apache.bcel.generic.ALOAD.accept(ALOAD.java:56)
      At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.analyzeInstruction(AbstractFrameModelingVisitor.java:84)
      At edu.umd.cs.findbugs.ba.type.TypeFrameModelingVisitor.analyzeInstruction(TypeFrameModelingVisitor.java:197)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transferInstruction(TypeAnalysis.java:406)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transferInstruction(TypeAnalysis.java:86)
      At edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:135)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:414)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:86)
      At edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:376)
      At edu.umd.cs.findbugs.classfile.engine.bcel.TypeDataflowFactory.analyze(TypeDataflowFactory.java:83)
      At edu.umd.cs.findbugs.classfile.engine.bcel.TypeDataflowFactory.analyze(TypeDataflowFactory.java:43)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322)
      At edu.umd.cs.findbugs.classfile.engine.bcel.CFGFactory.analyze(CFGFactory.java:160)
      At edu.umd.cs.findbugs.classfile.engine.bcel.CFGFactory.analyze(CFGFactory.java:65)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322)
      At edu.umd.cs.findbugs.ba.ClassContext.getMethodAnalysis(ClassContext.java:1005)
      At edu.umd.cs.findbugs.ba.ClassContext.getMethodAnalysisNoDataflowAnalysisException(ClassContext.java:990)
      At edu.umd.cs.findbugs.ba.ClassContext.getCFG(ClassContext.java:303)
      At edu.umd.cs.findbugs.detect.BuildNonnullReturnDatabase.analyzeMethod(BuildNonnullReturnDatabase.java:87)
      At edu.umd.cs.findbugs.detect.BuildNonnullReturnDatabase.considerMethod(BuildNonnullReturnDatabase.java:76)
      At edu.umd.cs.findbugs.detect.BuildNonnullReturnDatabase.visitClassContext(BuildNonnullReturnDatabase.java:67)
      At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
      At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283)
      At edu.umd.cs.findbugs.gui2.BugLoader.doAnalysis(BugLoader.java:101)
      At edu.umd.cs.findbugs.gui2.AnalyzingDialog$AnalysisThread.run(AnalyzingDialog.java:275)
  Error parsing signature !+LHasUniqueKey<Ljava/lang/Integer;>;
    java.lang.IllegalStateException: Invalid method signature: '(!+LHasUniqueKey<Ljava/lang/Integer;>;)V' : !+LHasUniqueKey<Ljava/lang/Integer;>;)V 
      At edu.umd.cs.findbugs.ba.generic.GenericSignatureParser$ParameterSignatureIterator.next(GenericSignatureParser.java:120)
      At edu.umd.cs.findbugs.ba.generic.GenericSignatureParser$ParameterSignatureIterator.next(GenericSignatureParser.java:45)
      At edu.umd.cs.findbugs.ba.generic.GenericSignatureParser.getNumParameters(GenericSignatureParser.java:184)
      At edu.umd.cs.findbugs.ba.generic.GenericUtilities.getType(GenericUtilities.java:263)
      At edu.umd.cs.findbugs.ba.type.TypeFrameModelingVisitor.getLocalVariable(TypeFrameModelingVisitor.java:827)
      At edu.umd.cs.findbugs.ba.type.TypeFrameModelingVisitor.handleLoadInstruction(TypeFrameModelingVisitor.java:889)
      At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.visitALOAD(AbstractFrameModelingVisitor.java:452)
      At org.apache.bcel.generic.ALOAD.accept(ALOAD.java:56)
      At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.analyzeInstruction(AbstractFrameModelingVisitor.java:84)
      At edu.umd.cs.findbugs.ba.type.TypeFrameModelingVisitor.analyzeInstruction(TypeFrameModelingVisitor.java:197)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transferInstruction(TypeAnalysis.java:406)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transferInstruction(TypeAnalysis.java:86)
      At edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:135)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:414)
      At edu.umd.cs.findbugs.ba.type.TypeAnalysis.transfer(TypeAnalysis.java:86)
      At edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:376)
      At edu.umd.cs.findbugs.detect.FindRefComparison.analyzeMethod(FindRefComparison.java:769)
      At edu.umd.cs.findbugs.detect.FindRefComparison.visitClassContext(FindRefComparison.java:696)
      At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
      At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283)
      At edu.umd.cs.findbugs.gui2.BugLoader.doAnalysis(BugLoader.java:101)
      At edu.umd.cs.findbugs.gui2.AnalyzingDialog$AnalysisThread.run(AnalyzingDialog.java:275)

opened by barney2k7 8

Supports android.support.annotation.Nullable/NonNull

Hi, this introduces support for FindBugs to recognize android.support.annotation.Nullable as CHECK_FOR_NULL and android.support.annotation.NonNull as NONNULL. While it is annoying that there are so many nullability annotations out in the wild and these are just another set of them, these are the only nullability annotations supported by Android Studio, so even if you develop on another IDE, but share code with Android Studio developers, these are the only way to go. Hopefully soon there will be a Java standard for null annotations ...

opened by martin-rust 7
Exception analyzing com.groupgti.shared.router.dao.PostDaoImpl using detector edu.umd.cs.findbugs.detect.FindUnsatisfiedObligation

When running FB 3.1.0 Preview from the command line with: "C:\Program Files\Java\jdk1.8.0_92\jre\bin\java.exe" -Xmx512m -Dfile.encoding=UTF8 -classpath C:\Users\njt\Downloads\findbugs-noUpdateChecks-3.1.0-dev-20160609-91ad577\findbugs-3.1.0-dev-20160609-91ad577\lib\findbugs.jar;C:\Users\njt\.m2\repository\net\jcip\jcip-annotations\1.0\jcip-annotations-1.0.jar;C:\Users\njt\Downloads\findbugs-noUpdateChecks-3.1.0-dev-20160609-91ad577\findbugs-3.1.0-dev-20160609-91ad577\lib\jsr305.jar;C:\Users\njt\Downloads\findbugs-noUpdateChecks-3.1.0-dev-20160609-91ad577\findbugs-3.1.0-dev-20160609-91ad577\lib\bcel-6.0-SNAPSHOT.jar;C:\Users\njt\Downloads\findbugs-noUpdateChecks-3.1.0-dev-20160609-91ad577\findbugs-3.1.0-dev-20160609-91ad577\lib\jFormatString.jar;C:\Users\njt\Downloads\findbugs-noUpdateChecks-3.1.0-dev-20160609-91ad577\findbugs-3.1.0-dev-20160609-91ad577\lib\dom4j-1.6.1.jar;C:\Users\njt\.m2\repository\xml-apis\xml-apis\1.0.b2\xml-apis-1.0.b2.jar;C:\Users\njt\.m2\repository\org\ow2\asm\asm-debug-all\5.0.2\asm-debug-all-5.0.2.jar;C:\Users\njt\.m2\repository\org\ow2\asm\asm-commons\5.0.2\asm-commons-5.0.2.jar;C:\Users\njt\.m2\repository\org\ow2\asm\asm-tree\5.0.2\asm-tree-5.0.2.jar;C:\Users\njt\.m2\repository\org\ow2\asm\asm\5.0.2\asm-5.0.2.jar;C:\Users\njt\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar;C:\Users\njt\.m2\repository\com\apple\AppleJavaExtensions\1.4\AppleJavaExtensions-1.4.jar;C:\Users\njt\.m2\repository\jaxen\jaxen\1.1.6\jaxen-1.1.6.jar;C:\Users\njt\.m2\repository\org\apache\ant\ant\1.9.4\ant-1.9.4.jar;C:\Users\njt\.m2\repository\org\apache\ant\ant-launcher\1.9.4\ant-launcher-1.9.4.jar;C:\Users\njt\.m2\repository\org\codehaus\groovy\groovy-all\2.4.3\groovy-all-2.4.3.jar;C:\Users\njt\.m2\repository\org\apache\maven\reporting\maven-reporting-impl\2.1\maven-reporting-impl-2.1.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-project\2.0.10\maven-project-2.0.10.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-settings\2.0.10\maven-settings-2.0.10.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-profile\2.0.10\maven-profile-2.0.10.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-plugin-registry\2.0.10\maven-plugin-registry-2.0.10.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.1\plexus-interpolation-1.1.jar;C:\Users\njt\.m2\repository\commons-validator\commons-validator\1.2.0\commons-validator-1.2.0.jar;C:\Users\njt\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar;C:\Users\njt\.m2\repository\commons-digester\commons-digester\1.6\commons-digester-1.6.jar;C:\Users\njt\.m2\repository\commons-logging\commons-logging\1.0.4\commons-logging-1.0.4.jar;C:\Users\njt\.m2\repository\oro\oro\2.0.8\oro-2.0.8.jar;C:\Users\njt\.m2\repository\org\apache\maven\reporting\maven-reporting-api\3.0\maven-reporting-api-3.0.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-plugin-api\2.0\maven-plugin-api-2.0.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-plugin-descriptor\2.2.1\maven-plugin-descriptor-2.2.1.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-artifact\2.2.1\maven-artifact-2.2.1.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-core\1.4\doxia-core-1.4.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-logging-api\1.4\doxia-logging-api-1.4.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-component-annotations\1.5.5\plexus-component-annotations-1.5.5.jar;C:\Users\njt\.m2\repository\xerces\xercesImpl\2.9.1\xercesImpl-2.9.1.jar;C:\Users\njt\.m2\repository\org\apache\httpcomponents\httpclient\4.0.2\httpclient-4.0.2.jar;C:\Users\njt\.m2\repository\commons-codec\commons-codec\1.3\commons-codec-1.3.jar;C:\Users\njt\.m2\repository\org\apache\httpcomponents\httpcore\4.0.1\httpcore-4.0.1.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-sink-api\1.4\doxia-sink-api-1.4.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-decoration-model\1.4\doxia-decoration-model-1.4.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-site-renderer\1.4\doxia-site-renderer-1.4.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-module-xhtml\1.4\doxia-module-xhtml-1.4.jar;C:\Users\njt\.m2\repository\org\apache\maven\doxia\doxia-module-fml\1.4\doxia-module-fml-1.4.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-i18n\1.0-beta-7\plexus-i18n-1.0-beta-7.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-velocity\1.1.7\plexus-velocity-1.1.7.jar;C:\Users\njt\.m2\repository\org\apache\velocity\velocity\1.5\velocity-1.5.jar;C:\Users\njt\.m2\repository\org\apache\velocity\velocity-tools\2.0\velocity-tools-2.0.jar;C:\Users\njt\.m2\repository\commons-chain\commons-chain\1.1\commons-chain-1.1.jar;C:\Users\njt\.m2\repository\sslext\sslext\1.2-0\sslext-1.2-0.jar;C:\Users\njt\.m2\repository\org\apache\struts\struts-core\1.3.8\struts-core-1.3.8.jar;C:\Users\njt\.m2\repository\antlr\antlr\2.7.2\antlr-2.7.2.jar;C:\Users\njt\.m2\repository\org\apache\struts\struts-taglib\1.3.8\struts-taglib-1.3.8.jar;C:\Users\njt\.m2\repository\org\apache\struts\struts-tiles\1.3.8\struts-tiles-1.3.8.jar;C:\Users\njt\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar;C:\Users\njt\.m2\repository\org\apache\maven\shared\maven-doxia-tools\1.2.1\maven-doxia-tools-1.2.1.jar;C:\Users\njt\.m2\repository\commons-io\commons-io\1.4\commons-io-1.4.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-artifact-manager\2.0.6\maven-artifact-manager-2.0.6.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-repository-metadata\2.0.6\maven-repository-metadata-2.0.6.jar;C:\Users\njt\.m2\repository\org\apache\maven\maven-model\2.0.6\maven-model-2.0.6.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-container-default\1.0-alpha-9\plexus-container-default-1.0-alpha-9.jar;C:\Users\njt\.m2\repository\classworlds\classworlds\1.1-alpha-2\classworlds-1.1-alpha-2.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-resources\1.0-alpha-7\plexus-resources-1.0-alpha-7.jar;C:\Users\njt\.m2\repository\org\codehaus\plexus\plexus-utils\1.5.6\plexus-utils-1.5.6.jar;C:\Users\njt\.m2\repository\org\sonatype\plexus\plexus-build-api\0.0.7\plexus-build-api-0.0.7.jar edu.umd.cs.findbugs.FindBugs2 -xml:withMessages -auxclasspathFromInput -projectName "Content Router Core" -effort:max -low -nested:false -onlyAnalyze com.groupgti.shared.router.- -output D:\Work\shared_content_router\content_router_core\target\findbugsTemp.xml D:\Work\shared_content_router\content_router_core\target\classes

I get this error: Exception analyzing com.groupgti.shared.router.dao.PostDaoImpl using detector edu.umd.cs.findbugs.detect.FindUnsatisfiedObligation org.apache.bcel.classfile.ClassFormatException: Expected class 'CONSTANT_Class' at index 2 and got CONSTANT_Fieldref[9](class_index = 242, name_and_type_index = 468) At org.apache.bcel.classfile.ConstantPool.getConstant(ConstantPool.java:261) At org.apache.bcel.classfile.ConstantPool.getConstantString(ConstantPool.java:293) At org.apache.bcel.generic.FieldOrMethod.getReferenceType(FieldOrMethod.java:116) At edu.umd.cs.findbugs.ba.obl.InstructionActionCache.getActions(InstructionActionCache.java:107) At edu.umd.cs.findbugs.ba.obl.ObligationAnalysis.transferInstruction(ObligationAnalysis.java:139) At edu.umd.cs.findbugs.ba.obl.ObligationAnalysis.transferInstruction(ObligationAnalysis.java:68) At edu.umd.cs.findbugs.ba.AbstractDataflowAnalysis.transfer(AbstractDataflowAnalysis.java:135) At edu.umd.cs.findbugs.ba.obl.ObligationAnalysis.transfer(ObligationAnalysis.java:160) At edu.umd.cs.findbugs.ba.obl.ObligationAnalysis.transfer(ObligationAnalysis.java:68) At edu.umd.cs.findbugs.ba.Dataflow.execute(Dataflow.java:376) At edu.umd.cs.findbugs.classfile.engine.bcel.ObligationDataflowFactory.analyze(ObligationDataflowFactory.java:75) At edu.umd.cs.findbugs.classfile.engine.bcel.ObligationDataflowFactory.analyze(ObligationDataflowFactory.java:45) At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.analyzeMethod(AnalysisCache.java:369) At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getMethodAnalysis(AnalysisCache.java:322) At edu.umd.cs.findbugs.detect.FindUnsatisfiedObligation$MethodChecker.analyzeMethod(FindUnsatisfiedObligation.java:240) At edu.umd.cs.findbugs.detect.FindUnsatisfiedObligation.visitMethodCFG(FindUnsatisfiedObligation.java:158) At edu.umd.cs.findbugs.bcel.CFGDetector.visitClass(CFGDetector.java:93) At edu.umd.cs.findbugs.detect.FindUnsatisfiedObligation.visitClass(FindUnsatisfiedObligation.java:144) At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1089) At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:283) At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:402) At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1200) At edu.umd.cs.findbugs.LaunchAppropriateUI.launch(LaunchAppropriateUI.java:106)
java8

opened by Yaytay 7
bcel updates
I'm not sure where the custom bcel code is for findbugs anymore, but you may want to check your version of Constants.java for these changes... i think they are not included

Index: dev/bcel/src/main/java/org/apache/commons/bcel6/Constants.java

--- dev/bcel/src/main/java/org/apache/commons/bcel6/Constants.java (revision 1745834) +++ dev/bcel/src/main/java/org/apache/commons/bcel6/Constants.java (revision 1741710) @@ -1037,10 +1037,6 @@ /** Java VM opcode. * @see * Opcode definitions in The Java Virtual Machine Specification */

public static final short INVOKEDYNAMIC = 186;

/** Java VM opcode.

* @see

* Opcode definitions in The Java Virtual Machine Specification / public static final short NEW = 187; /* Java VM opcode.

@see @@ -1391,7 +1387,7 @@ 0/dreturn/, 0/areturn/, 0/return/, 2/getstatic/, 2/putstatic/, 2/getfield/, 2/putfield/, 2/invokevirtual/, 2/invokespecial/, 2/invokestatic/,

4/invokeinterface/, 4/invokedynamic/, 2/new/,

4/invokeinterface/, UNDEFINED, 2/new/, 1/newarray/, 2/anewarray/, 0/arraylength/, 0/athrow/, 2/checkcast/, 2/instanceof/, 0/monitorenter/, @@ -1464,7 +1460,7 @@ {T_SHORT}/putstatic/, {T_SHORT}/getfield/, {T_SHORT}/putfield/, {T_SHORT}/invokevirtual/, {T_SHORT}/invokespecial/, {T_SHORT}/invokestatic/,

{T_SHORT, T_BYTE, T_BYTE}/invokeinterface/, {T_SHORT, T_BYTE, T_BYTE}/invokedynamic/,

{T_SHORT, T_BYTE, T_BYTE}/invokeinterface/, {}, {T_SHORT}/new/, {T_BYTE}/newarray/, {T_SHORT}/anewarray/, {}/arraylength/, {}/athrow/, {T_SHORT}/checkcast/, {T_SHORT}/instanceof/, @@ -1511,7 +1507,7 @@ "tableswitch", "lookupswitch", "ireturn", "lreturn", "freturn", "dreturn", "areturn", "return", "getstatic", "putstatic", "getfield", "putfield", "invokevirtual", "invokespecial", "invokestatic",

"invokeinterface", "invokedynamic", "new", "newarray", "anewarray",

"invokeinterface", ILLEGAL_OPCODE, "new", "newarray", "anewarray", "arraylength", "athrow", "checkcast", "instanceof", "monitorenter", "monitorexit", "wide", "multianewarray", "ifnull", "ifnonnull", "goto_w", "jsr_w", "breakpoint", ILLEGAL_OPCODE, ILLEGAL_OPCODE, @@ -1567,7 +1563,7 @@ UNPREDICTABLE/putstatic/, 1/getfield/, UNPREDICTABLE/putfield/, UNPREDICTABLE/invokevirtual/, UNPREDICTABLE/invokespecial/, UNPREDICTABLE/invokestatic/,

UNPREDICTABLE/invokeinterface/, UNPREDICTABLE/invokedynamic/, 0/new/, 1/newarray/, 1/anewarray/,

UNPREDICTABLE/invokeinterface/, UNDEFINED, 0/new/, 1/newarray/, 1/anewarray/, 1/arraylength/, 1/athrow/, 1/checkcast/, 1/instanceof/, 1/monitorenter/, 1/monitorexit/, 0/wide/, UNPREDICTABLE/multianewarray/, 1/ifnull/, 1/ifnonnull/, 0/goto_w/, 0/jsr_w/, 0/breakpoint/, UNDEFINED, UNDEFINED, @@ -1623,7 +1619,7 @@ 0/dreturn/, 0/areturn/, 0/return/, UNPREDICTABLE/getstatic/, 0/putstatic/, UNPREDICTABLE/getfield/, 0/putfield/, UNPREDICTABLE/invokevirtual/, UNPREDICTABLE/invokespecial/, UNPREDICTABLE/invokestatic/,

UNPREDICTABLE/invokeinterface/, UNPREDICTABLE/invokedynamic/, 1/new/, 1/newarray/, 1/anewarray/,

UNPREDICTABLE/invokeinterface/, UNDEFINED, 1/new/, 1/newarray/, 1/anewarray/, 1/arraylength/, 1/athrow/, 1/checkcast/, 1/instanceof/, 0/monitorenter/, 0/monitorexit/, 0/wide/, 1/multianewarray/, 0/ifnull/, 0/ifnonnull/, 0/goto_w/, 1/jsr_w/, 0/breakpoint/, UNDEFINED, UNDEFINED,

java9
opened by mebigfatguy 7

Update JavaVersion for JEP 223 compatibility

JEP 223 introduces a new version scheme for Java versions >= 9:

http://openjdk.java.net/jeps/223

This fixes https://sourceforge.net/p/findbugs/bugs/1432
java9

opened by don-vip 7

Wrong magic bytes of cafebabe for zip file

I'm using Gradle plugin for FindBugs and I'm seeing:

java.io.IOException: Wrong magic bytes of cafebabe for zip file /tmp/.gradle/caches/modules-2/files-2.1/com.almworks.sqlite4java/libsqlite4java-osx/1.0.392/de9528513a20ceae197ce9e14690973d617233bb/libsqlite4java-osx-1.0.392.dylib of 1620880 bytes
      At edu.umd.cs.findbugs.classfile.impl.ZipFileCodeBase.<init>(ZipFileCodeBase.java:87)
      At edu.umd.cs.findbugs.classfile.impl.ZipCodeBaseFactory.makeZipCodeBase(ZipCodeBaseFactory.java:39)
      At edu.umd.cs.findbugs.classfile.impl.ClassFactory.createFilesystemCodeBase(ClassFactory.java:121)
      At edu.umd.cs.findbugs.classfile.impl.FilesystemCodeBaseLocator.openCodeBase(FilesystemCodeBaseLocator.java:77)
      At edu.umd.cs.findbugs.classfile.impl.ClassPathBuilder.processWorkList(ClassPathBuilder.java:607)
      At edu.umd.cs.findbugs.classfile.impl.ClassPathBuilder.build(ClassPathBuilder.java:226)
      At edu.umd.cs.findbugs.FindBugs2.buildClassPath(FindBugs2.java:677)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:218)
      At org.gradle.api.plugins.quality.internal.findbugs.FindBugsExecuter.runFindbugs(FindBugsExecuter.java:39)

The problem here is that because of libsqlite4java there are some binary files on the classpath. I tracked the problem down to https://github.com/findbugsproject/findbugs/blob/master/findbugs/src/java/edu/umd/cs/findbugs/classfile/impl/ClassFactory.java#L118-L124 but not sure what to do from here.

It's impossible to remove binaries from the classpath. I don't see a way to filter classpath and not sources for FindBugs. Ideally FindBugs should ignore non *.zip/*.jar files on the classpath. Or at least have a better error message. What do you think will be the right solution? For now I'm going to disable FindBugs for tests but this problem can occur again on production classes.

opened by fkorotkov 6

Bump protobuf-java from 2.3.0 to 3.16.3 in /webCloudProtocol
Bumps protobuf-java from 2.3.0 to 3.16.3.

Release notes

Sourced from protobuf-java's releases.

Protobuf Release v3.16.3

Java

Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.

Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.

Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.

Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.

Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.

This release addresses a Security Advisory for Java users

Protocol Buffers v3.16.1

Java

Improve performance characteristics of UnknownFieldSet parsing (#9371)

Protocol Buffers v3.16.0

C++

Fix compiler warnings issue found in conformance_test_runner #8189 (#8190)

Fix MinGW-w64 build issues. (#8286)

[Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)

Fix PROTOBUF_CONSTINIT macro redefinition (#8323)

Delete StringPiecePod (#8353)

Fix gcc error: comparison of unsigned expression in '>= 0' is always … (#8309)

Fix cmake install on iOS (#8301)

Create a CMake option to control whether or not RTTI is enabled (#8347)

Fix endian.h location on FreeBSD (#8351)

Refactor util::Status (#8354)

Make util::Status more similar to absl::Status (#8405)

Fix -Wsuggest-destructor-override for generated C++ proto classes. (#8408)

Refactor StatusOr and StringPiece (#8406)

Refactor uint128 (#8416)

The ::pb namespace is no longer exposed due to conflicts.

Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing.

Reduce the size of generated proto headers for protos with string or bytes fields.

Move arena() operation on uncommon path to out-of-line routine

For iterator-pair function parameter types, take both iterators by value.

Code-space savings and perhaps some modest performance improvements in RepeatedPtrField.

Eliminate nullptr check from every tag parse.

Remove unused _$name$cached_byte_size fields.

Serialize extension ranges together when not broken by a proto field in the middle.

Do out-of-line allocation and deallocation of string object in ArenaString.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies java
opened by dependabot[bot] 0
Bump spring-core from 3.1.2.RELEASE to 5.2.22.RELEASE in /findbugsTestCases
Bumps spring-core from 3.1.2.RELEASE to 5.2.22.RELEASE.

Release notes

Sourced from spring-core's releases.

v5.2.22.RELEASE

:star: New Features

Refine CachedIntrospectionResults property introspection #28446

:lady_beetle: Bug Fixes

Ignore invalid STOMP frame #28444

v5.2.21.RELEASE

:star: New Features

Remove DNS lookups during websocket connection initiation #28281

:lady_beetle: Bug Fixes

Improve documentation and matching algorithm in data binders #28334

CodeGenerationException thrown when using AnnotationMBeanExporter on JDK 17 #28279

ResponseEntity objects are accumulated in ConcurrentReferenceHashMap #28273

NotWritablePropertyException when attempting to declaratively configure ClassLoader properties #28272

v5.2.20.RELEASE

:star: New Features

Restrict access to property paths on Class references #28262

Improve diagnostics in SpEL for large array creation #28257

v5.2.19.RELEASE

:star: New Features

Declare serialVersionUID on DefaultAopProxyFactory #27785

Use ByteArrayDecoder in DefaultClientResponse::createException #27667

:lady_beetle: Bug Fixes

ProxyFactoryBean getObject called before setInterceptorNames, silently creating an invalid proxy [SPR-7582] #27817

Possible NPE in Spring MVC LogFormatUtils #27783

UndertowHeadersAdapter's remove() method violates Map contract #27593

Fix assertion failure messages in DefaultDataBuffer.checkIndex() #27577

:notebook_with_decorative_cover: Documentation

Lazy annotation throws exception if non-required bean does not exist #27660

Incorrect Javadoc in [NamedParameter]JdbcOperations.queryForObject methods regarding exceptions #27581

DefaultResponseErrorHandler update javadoc comment #27571

:hammer: Dependency Upgrades

Upgrade to Reactor Dysprosium-SR25 #27635

Upgrade to Log4j2 2.16.0 #27825

... (truncated)

Commits

8f4c172 Release v5.2.22.RELEASE

9f238c9 Polishing

50177b1 Refine CachedIntrospectionResults property introspection

159a99b Ignore invalid STOMP frame

41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)

833e750 Improve documentation and matching algorithm in data binders

d70054d Upgrade to Log4j2 2.17.2

36e4951 Polishing

87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters

5cbf85a Avoid return value reference in potentially cached MethodParameter instance

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump gson from 2.2.4 to 2.8.9 in /findbugsTestCases
Bumps gson from 2.2.4 to 2.8.9.

Release notes

Sourced from gson's releases.

Gson 2.8.9

Make OSGi bundle's dependency on sun.misc optional (#1993).

Deprecate Gson.excluder() exposing internal Excluder class (#1986).

Prevent Java deserialization of internal classes (#1991).

Improve number strategy implementation (#1987).

Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).

Support arbitrary Number implementation for Object and Number deserialization (#1290).

Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).

Don't exclude static local classes (#1969).

Fix RuntimeTypeAdapterFactory depending on internal Streams class (#1959).

Improve Maven build (#1964).

Make dependency on java.sql optional (#1707).

Gson 2.8.8

Fixed issue with recursive types (#1390).

Better behaviour with Java 9+ and Unsafe if there is a security manager (#1712).

EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (#1495).

Changelog

Sourced from gson's changelog.

Version 2.8.9

Make OSGi bundle's dependency on sun.misc optional (#1993).

Deprecate Gson.excluder() exposing internal Excluder class (#1986).

Prevent Java deserialization of internal classes (#1991).

Improve number strategy implementation (#1987).

Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990).

Support arbitrary Number implementation for Object and Number deserialization (#1290).

Bump proguard-maven-plugin from 2.4.0 to 2.5.1 (#1980).

Don't exclude static local classes (#1969).

Fix RuntimeTypeAdapterFactory depending on internal Streams class (#1959).

Improve Maven build (#1964).

Make dependency on java.sql optional (#1707).

Version 2.8.8

Fixed issue with recursive types (#1390).

Better behaviour with Java 9+ and Unsafe if there is a security manager (#1712).

EnumTypeAdapter now works better when ProGuard has obfuscated enum fields (#1495).

Version 2.8.7

Fixed ISO8601UtilsTest failing on systems with UTC+X.

Improved javadoc for JsonStreamParser.

Updated proguard.cfg (#1693).

Fixed IllegalStateException in JsonTreeWriter (#1592).

Added JsonArray.isEmpty() (#1640).

Added new test cases (#1638).

Fixed OSGi metadata generation to work on JavaSE < 9 (#1603).

Version 2.8.6

2019-10-04 GitHub Diff

Added static methods JsonParser.parseString and JsonParser.parseReader and deprecated instance method JsonParser.parse

Java 9 module-info support

Version 2.8.5

2018-05-21 GitHub Diff

Print Gson version while throwing AssertionError and IllegalArgumentException

Moved utils.VersionUtils class to internal.JavaVersion. This is a potential backward incompatible change from 2.8.4

Fixed issue google/gson#1310 by supporting Debian Java 9

Version 2.8.4

2018-05-01 GitHub Diff

Added a new FieldNamingPolicy, LOWER_CASE_WITH_DOTS that mapps JSON name someFieldName to some.field.name

Fixed issue google/gson#1305 by removing compile/runtime dependency on sun.misc.Unsafe

Version 2.8.3

2018-04-27 GitHub Diff

Added a new API, GsonBuilder.newBuilder() that clones the current builder

Preserving DateFormatter behavior on JDK 9

... (truncated)

Commits

6a368d8 [maven-release-plugin] prepare release gson-parent-2.8.9

ba96d53 Fix missing bounds checks for JsonTreeReader.getPath() (#2001)

ca1df7f #1981: Optional OSGi bundle's dependency on sun.misc package (#1993)

c54caf3 Deprecate Gson.excluder() exposing internal Excluder class (#1986)

e6fae59 Prevent Java deserialization of internal classes (#1991)

bda2e3d Improve number strategy implementation (#1987)

cd748df Fix LongSerializationPolicy null handling being inconsistent with Gson (#1990)

fe30b85 Support arbitrary Number implementation for Object and Number deserialization...

1cc1627 Fix incorrect feature request template label (#1982)

7b9a283 Bump bnd-maven-plugin from 5.3.0 to 6.0.0 (#1985)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump ant from 1.7.1 to 1.10.9 in /findbugs
Bumps ant from 1.7.1 to 1.10.9.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Detect the object-level redundancy issue

Hello,

We ran findbugs with our tool and detected the object-level redundancy issues (object-level redundancies that happen across objects sharing the same calling context). Our tool reports an object, BasicBlock block, which is accessed at line 183 in method lookupOrCreateFact of class BasicAbstractDataflowAnalysis. The optimized code is in this pull request.

opened by anonymousemberxxx 2
Bump junit from 4.11 to 4.13.1 in /findbugs
Bumps junit from 4.11 to 4.13.1.

Release notes

Sourced from junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

JUnit 4.12

Please refer to the release notes for details.

JUnit 4.12 Beta 3

Please refer to the release notes for details.

JUnit 4.12 Beta 2

No release notes provided.

JUnit 4.12 Beta 1

No release notes provided.

Commits

1b683f4 [maven-release-plugin] prepare release r4.13.1

ce6ce3a Draft 4.13.1 release notes

c29dd82 Change version to 4.13.1-SNAPSHOT

1d17486 Add a link to assertThrows in exception testing

543905d Use separate line for annotation in Javadoc

510e906 Add sub headlines to class Javadoc

610155b Merge pull request from GHSA-269g-pwp5-87pp

b6cfd1e Explicitly wrap float parameter for consistency (#1671)

a5d205c Fix GitHub link in FAQ (#1672)

3a5c6b4 Deprecated since jdk9 replacing constructor instance of Double and Float (#1660)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Releases(3.1.0_preview2)

3.1.0_preview2(Jun 19, 2016)

The tag is the second preview of findbugs 3.1.0 release containing support for Java 9 as runtime and target platform.

ASM is the official ASM 6.0_ALPHA jar, built from version 1827 on branch ASM_6_FEATURE: See http://mail.ow2.org/wws/arc/asm/2016-06/msg00005.html and http://websvn.ow2.org/revision.php?repname=asm&path=%2F&rev=1827&peg=1827

BCEL6 is the officiaal BCEL 6.0 RC1, built from version 14039: See http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAB917R%2BmcbEarP5-ZBTDUTkt-xAwQCYagtmAbMqm3ub1KB5xDw%40mail.gmail.com%3E

To update Eclipse plugin, download findbugs_3.1.0_preview2_update_site_3.1.0.20160619-68c6293.zip and use it as a local update site.
Source code(tar.gz)
Source code(zip)
findbugs-noUpdateChecks-3.1.0-dev-20160619-68c6293.zip(8.70 MB)
findbugs_3.1.0_preview2_update_site_3.1.0.20160619-68c6293.zip(6.09 MB)
3.1.0_preview1(Jun 5, 2016)

The tag is needed to publish a snapshot of ASM 6 / BCEL6 as the first preview of findbugs 3.1.0 release containing support for Java 9 as runtime and target platform.

ASM snapshot is built from version 1818 on branch ASM_6_FEATURE: http://websvn.ow2.org/revision.php?repname=asm&path=%2F&rev=1818&peg=1818

BCEL6 snapshot is built from https://github.com/iloveeclipse/commons-bcel/commit/25dfa20fd99e4053e68b6054ff21f55fd915e003

To update Eclipse plugin, download update_site_3.1.0.20160609-91ad577.zip and use it as a local update site.
Source code(tar.gz)
Source code(zip)
asm-debug-all-6.0-SNAPSHOT.jar(669.55 KB)
bcel-6.0-SNAPSHOT-25dfa20.jar(651.80 KB)
findbugs-noUpdateChecks-3.1.0-dev-20160609-91ad577.zip(8.57 MB)
update_site_3.1.0.20160609-91ad577.zip(5.97 MB)
3.0.2_preview2(Mar 6, 2016)

This is a second preview build of 3.0.2 Eclipse plugin with Eclipse 4.6 support.

The fb_3.0.2_preview2.zip file is an Eclipse update site which can be used from Eclipse via Help->Install New Software->Add...->Archive->... to install FindBugs plugin into Eclipse.

Alternative way to install the plugin is to put the edu.umd.cs.findbugs.plugin.eclipse_3.0.2.20160306-90c514b.jar to the eclipse/dropins folder.

This build fixes FindBugs plugin incompatibilities introduced with Eclipse 4.6 (broken icons).
Source code(tar.gz)
Source code(zip)
edu.umd.cs.findbugs.plugin.eclipse_3.0.2.20160306-90c514b.jar(5.67 MB)
fb_3.0.2_preview2.zip(5.66 MB)
findbugs-3.0.2-dev-20160306-90c514b.zip(8.80 MB)
findbugs-noUpdateChecks-3.0.2-dev-20160306-90c514b.zip(8.26 MB)
3.0.2_preview(Oct 25, 2015)

This is a preview build of 3.0.2 Eclipse plugin with Eclipse 4.6 support.

The fb_3.0.2_preview.zip file is an Eclipse update site which can be used from Eclipse via Help->Install New Software->Add...->Archive->... to install FindBugs plugin into Eclipse.

This build fixes FindBugs plugin incompatibilities introduced with Eclipse 4.6 (broken icons).
Source code(tar.gz)
Source code(zip)
edu.umd.cs.findbugs.plugin.eclipse_3.0.2.20151025-a700bda.jar(5.12 MB)
fb_3.0.2_preview.zip(5.11 MB)