spotbugs官方文檔的bug描述概述
spotbugs已經取代和繼承了曾今的findbugs,已經按個人理解對bug的類別進行排序,重要的在前,不重要的在後。bug描述裏的廢話被我刪了。
文檔參考:http://spotbugs.readthedocs.io/en/latest/bugDescriptions.html###
Malicious code vulnerability (MALICIOUS_CODE)惡意代碼漏洞
code that is vulnerable to attacks from untrusted code
代碼有漏洞,可能被攻擊。
必須要重要。
Multithreaded correctness (MT_CORRECTNESS)多線程的正確性
code flaws having to do with threads, locks, and volatiles
可能導致線程、死鎖及不穩定的
必須很重要。
Performance (PERFORMANCE)性能
code that is not necessarily incorrect but may be inefficient
可能代碼正確但是性能會有問題的地方
必須很重要。
Security (SECURITY)安全
A use of untrusted input in a way that could create a remotely exploitable security vulnerability.
非安全輸入,可導致遠程利用的安全漏洞。
很重要
Bad practice (BAD_PRACTICE)低劣的代碼實踐,違反推薦和必要的編碼慣例
Violations of recommended and essential coding practice. Examples include hash code and equals problems, cloneable idiom, dropped exceptions, Serializable problems, and misuse of finalize.
不是特別重要。
Correctness (CORRECTNESS)正確性,可能出現非預期的代碼錯誤
Probable bug - an apparent coding mistake resulting in code that was probably not what the developer intended.
邏輯大概就是:這個地方的正確性值得商榷,你最好來確認下會不會潛在的出現不是你預期的行爲。
不是特別重要。
Experimental (EXPERIMENTAL)實驗性的
Experimental and not fully vetted bug patterns
看官方文檔裏的子bug類別描述,大概意思是說老兄,這個地方本程序查不出來,要麼是類太大了之類,bug匹配模式不太適用,你自己再確認下。
不太重要。
Dodgy code (STYLE)糟糕的代碼(風格)
code that is confusing, anomalous, or written in a way that leads itself to errors. Examples include dead local stores, switch fall through, unconfirmed casts, and redundant null check of value known to be null. More false positives accepted.
不是很重要,看公司要求。
Internationalization (I18N)國際化
code flaws having to do with internationalization and locale
代碼沒有遵守必要的本地化和國際化
這個要看公司要求
Bogus random noise (NOISE)假的隨機噪音
Bogus random noise: intended to be useful as a control in data mining experiments, not in finding actual bugs in software
據描述的意思,意思就是兄弟,你不用管,這是spotbugs自己搞事。
完全不重要