Spring Boot集成findbug快速入门Demo

1.什么是findbug？

FindBugs 是一个静态分析工具，它检查类或者 JAR 文件，将字节码与一组缺陷模式进行对比以发现可能的问题。有了静态分析工具，就可以在不实际运行程序的情况对软件进行分析。不是通过分析类文件的形式或结构来确定程序的意图，而是通常使用 Visitor 模式来鉴别代码是否符合一些固定的规范。

2.代码工程

实验目的

通过findbug发现程序中存在的问题

pom.xml

通过mvn package执行findbug check命令

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>springboot-demo</artifactId>
        <groupId>com.et</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>findbug</artifactId>

    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
    </properties>
    <dependencies>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-autoconfigure</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>


    </dependencies>
    <build>
    <!-- findbugs插件 -->
    <plugins>

        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>3.0.5</version>
            <configuration>
                <!-- 设置分析工作的等级，可以为Min、Default和Max -->
                <effort>Low</effort>
                <!-- Low、Medium和High (Low最严格) High只扫描严重错误。建议用Medium-->
                <threshold>Medium</threshold>
                <failOnError>true</failOnError>
                <includeTests>true</includeTests>
                <!--findbugs需要忽略的错误的配置文件-->
                <excludeFilterFile>conf/findbugs-exclude-filter.xml</excludeFilterFile>
            </configuration>
            <executions>
                <execution>
                    <id>run-findbugs</id>
                    <!-- 在package(也可设为compile) 阶段触发执行findbugs检查，比如执行 mvn clean package -->
                    <phase>package</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

        </project>

模拟错误

package com.et.findbug;

/**
 * @author liuhaihua
 * @version 1.0
 * @ClassName MockError
 * @Description todo
 * @date 2024/06/25/ 17:30
 */

public class MockError {
    private static String dbrBO;
    public final void refresh() {
        dbrBO = null;
    }
}

忽略检测

<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter>
    <Match>
        <Class name="com.et.findbug.MockError" />
    </Match>
    <Match>
        <Package name="com.et.findbug.controller" />
    </Match>
    <Match>
        <Class name="com.et.findbug.controller" />
        <Method name="showHelloWorld"></Method>
    </Match>
    <Match>
        <!--装箱后拆箱紧接着装箱，忽略不处理 -->
        <!-- Boxed value is unboxed and then immediately reboxed-->
        <Package name="~.*" />
        <Bug pattern="BX_UNBOXING_IMMEDIATELY_REBOXED" />
    </Match>

</FindBugsFilter>

手工模拟一些错误

package com.et.findbug;

import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.Random;

public class FindBugsDemo {

    private static final DateFormat yyyyMMdd = new SimpleDateFormat("yyyy-MM-dd");

    public static String yyyyMMddForMat(Date date) {
        return yyyyMMdd.format(date);
    }

    public static int getRanDom() {
        return new Random().nextInt();
    }

    public static int round(int num) {
        return Math.round(num);
    }

    public static void printMap(Map<?, ?> map) {
        if (map != null && map.size() > 0) {
            for (Object key : map.keySet()) {
                System.out.println("key--->" + key);
                System.out.println("value--->" + map.get(key));
            }
        }
    }

    public static String trimString(String str) {
        str.trim();
        return str;
    }

    @Override
    public boolean equals(Object obj) {
        return super.equals(obj);
    }

}

以上只是一些关键代码，所有代码请参见下面代码仓库

代码仓库

GitHub - Harries/springboot-demo: a simple springboot demo with some components for example: redis,solr,rockmq and so on.

3.测试

执行打包命令

mvn package

返回结果

[INFO] 
[INFO] --- findbugs-maven-plugin:3.0.5:check (run-findbugs) @ findbug ---
[INFO] BugInstance size is 3
[INFO] Error size is 0
[INFO] Total bugs: 3
[INFO] Random object created and used only once in com.et.findbug.FindBugsDemo.getRanDom() [com.et.findbug.FindBugsDemo] At FindBugsDemo.java:[line 18] DMI_RANDOM_USED_ONLY_ONCE
[INFO] int value cast to float and then passed to Math.round in com.et.findbug.FindBugsDemo.round(int) [com.et.findbug.FindBugsDemo] At FindBugsDemo.java:[line 22] ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND
[INFO] com.et.findbug.FindBugsDemo.printMap(Map) makes inefficient use of keySet iterator instead of entrySet iterator [com.et.findbug.FindBugsDemo] At FindBugsDemo.java:[line 29] WMI_WRONG_MAP_ITERATOR
[INFO] 
To see bug detail using the Findbugs GUI, use the following command "mvn findbugs:gui"

4.引用

suorceforge 地址：FindBugs™ - Find Bugs in Java Programs
官方的文档：FindBugs™ Manual
Spring Boot集成findbug快速入门Demo | Harries Blog™