find methods that return or throw exception from a finally block.
holds the finally block information for a particular method.
finds methods of abstract classes that do nothing, or just throw exceptions.
a base detector class for when you need to precess collections, provides methods for checking collection attributes
finds methods that are declared abstract but override concrete methods in a superclass.
looks for methods that use arrays for items in the keyset of a map, or as an element of a set, or in a list when using the contains method.
looks for usage of arrays with statically known indices where it can be determined that the index is out of bounds based on how the array was allocated.
looks for methods that use an array of length one to pass a variable to achieve call by pointer ala C++.
represents a local array that is stored, for wrapping a value
Detects use of backport libraries, when the code in question is compiled in a jdk that has the functionality available.
describes a library that is a backport of a package that is now included in the jdk by default
looks for variable assignments at a scope larger than its use.
represents the source of an assignment to a variable, which could be a method call or a field
looks for methods that are implemented using synchronized blocks, but are overly synchronized because the beginning of the block only accesses local variables, and not member variables, or this.
looks for constructors, private methods or static methods that declare that they throw specific checked exceptions, but that do not.
looks for relatively large if blocks of code, where you unconditionally return from them, and then follow that with an unconditional return of a small block.
represents the byte offset code range of code that is executed inside an if block
represents all the if blocks in a method
looks for issues related to manually specified charsets by using string literals.
finds methods that excessively use methods from another class.
finds classes that implement clone() that do not specialize the return value, and do not swallow CloneNotFoundException.
looks for fields and local variables that have Map, Set, List in their names but the variable is a collection of a different basic type.
Find usage of EqualsBuilder from Apache commons, where the code invoke equals() on the constructed object rather than isEquals()
Find usage of HashCodeBuilder from Apache commons, where the code invokes hashCode() on the constructed object rather than toHashCode()
Find usage of ToStringBuilder from Apache commons, where the code invokes toString() on the constructed object without invoking append().
represents an stack item that is an append of a StringBuilder
In a JVM, Two classes are the same class (and consequently the same type) if they are loaded by the same class loader, and they have the same fully qualified name [JVMSpec 1999].
represents patterns of methods to look for to find suspicious compares
looks for various issues with concurrent collections including calls to checking and inserting a collection into a key on null, instead of using putIfAbsent
looks for methods that conflate the use of resources and files.
looks for methods that perform arithmetic operations on values representing time where the time unit is incompatible, ie adding a millisecond value to a nanosecond value.
looks for calls to Arrays.asList where the parameter is a primitive array.
looks for methods that have the same signature, except where one uses a Character parameter, and the other uses an int, long, float, double parameter.
looks for methods that return a parameter after making what looks like modifications to that parameter.
represents a method parameter, when it was first altered, and when it was last returned
looks for methods that access arrays or classes that implement java.util.List using a constant integer for the index.
looks for complex if conditions where multiple or clauses are joined together where the same variable is compared against a number of static values.
Finds contravariant array assignments.
Looks for methods that are direct copies of the implementation in the super class.
represents of code bytes and access flag for a method
looks for methods that build xml based strings by concatenation strings and custom values together.
represents a text pattern that is likely to be an xml snippet, as well as how much confidence that the pattern is infact xml, versus something else.
Calculates the McCabe Cyclomatic Complexity measure and reports methods that have an excessive value.
Looks for inefficient comparison of Date objects using two comparisons when one would do.
looks for deletion of items from a collection using the remove method of the collection at the same time that the collection is being iterated on.
represents aliases of some kind to some sort of a collection, or a related object like a keySet, or an iterator
represents a simple loop
looks for classes that appear to implement the old style type safe enum pattern that was used before java added Enum support to the language.
looks for fields that are implementations of java.util.List, but that are used in a set-like fashion.
looks for fields that are implementations of java.util.Map, but that are only ever iterated over.
looks for uses of sets or keySets of maps that contain other collections.
looks for methods that catch checked exceptions, and throw unchecked exceptions in their place.
holds information about a catch block the start and end pcs, as well as the exception signature.
finds fields that are used in a locals only fashion, specifically private fields that are accessed first in each method with a store vs.
holds the parse state of the current basic block, and what fields are left to be checked the fields that are left to be checked are a reference from the parent block and a new collection is created on first write to the set to reduce memory concerns.
holds information about a field and it's first usage
a visitor that determines what methods write to what fields
looks for methods that correctly do not write to a parameter.
looks for classes that have dependencies on each other in a circular way.
finds class dependency loops in a directed graph
looks for methods that use floating point indexes for loops.
looks for executors that are never shutdown, which will not allow the application to terminate
represents a field that is a executor
looks for problems surrounding use of HttpRequests from the Apache HttpComponents library which have have some little-known quirks about them.
looks for classes that aren't fully flushed out to be easily usable for various reasons.
looks for java.util.Properties use where values other than String are placed in the properties object.
looks for methods that rely on the format of the string fetched from another object's toString method, when that method appears not to be owned by the author of the calling method.
looks for calls to HttpRequest.getParameter with parameters of the same name with different cases like 'id' and 'Id'.
a holder for location information of a getParameter call
looks for classes that use objects from com.sun.xxx packages.
looks for appending strings inside of calls to StringBuffer or StringBuilder append.
looks for if/else blocks where a series of them use instanceof on the same variable to determine what do to.
Looks for jdk method calls where a parameter expects a constant value, because the api was created before enums.
|InvalidConstantArgument.ParameterInfo<T extends java.lang.Comparable<T>>||
holds information about parameters that expect constant values that should have been enums but were created pre enums.
|InvalidConstantArgument.Range<T extends java.lang.Comparable<T>>|
looks for various issues around input/output/streaming library use
looks for various issues around use of the JAX_RS standard
looks for uses of jdbc vendor specific classes and methods making the database access code non portable.
looks for various issues around the use of the Java Persistence API (JPA)
looks for creation of java.awt.Graphics object that do not have the .dispose() method called on them when finished.
looks for for loops that iterate over a java.util.List using an integer index, and get, rather than using an Iterator.
represents a for loop
looks for methods that compare strings against literal strings, where the literal string is passed as the parameter.
holds information about a switch statement, and it's case PC values
looks for allocations of synchronized collections that are stored in local variables, and never stored in fields or returned from methods.
looks for uses of log4j or slf4j where the class specified when creating the logger is not the same as the class in which this logger is used.
looks for methods that catch exceptions, and rethrow another exception without encapsulating the original exception within it.
looks for methods that copy data from one array to another using a loop.
a simple data class that holds information about a method call
looks for private methods that can only return one constant value.
looks for classes that define both static and instance methods with the same name.
an abstract base class for WriteOnlyCollections and HttpClientProblems, looks for calls that are expected to be made, but are not.
looks for code that attempts to modify a collection that is or may be defined as immutable.
looks for method calls that are unsafe or might indicate bugs.
Looks for methods that pass a primitive wrapper class object, to the same classes Constructor.
looks for classes that implement Serializable and implements readObject and writeObject by just calling the readDefaultObject or writeDefaultObject of the stream parameter.
looks for methods that call a method to retrieve a reference to an object, to use to load a constant.
looks for private collection members, either static or instance, that are only initialized in the clinit or init, but are synchronized.
holds information about a field, namely the annotation and whether the collection is synchronized.
looks for method calls to collection classes where the method is not defined by the Collections interface, and an equivalent method exists in the interface.
looks for fields in serializable classes that are defined as both final and transient.
looks for methods that synchronize on variables that are not owned by the current class.
looks for common methods that are believed to be non mutating, where the value is discarded.
looks for tag libraries that are not recycleable because backing members of taglib attributes are set in areas besides the setter method for the attribute.
looks for classes that break the fundamental rule of equivalence, which is symmetry.
looks for various issues around use of java.util.Optional
represents an opcode that was issued while there is still active elements on the stack.
Looks for methods that create DOM Nodes but do not add them to any DOM Document.
looks for parameters that are defined by classes, but only use methods defined by an implemented interface or super class.
an inner helper class that holds basic information about a method
looks for methods that are declared more permissively than the code is using.
represents a bootstrap method
looks for manual casts of objects that are more specific then needed as the value is assigned to a class or interface higher up in the inheritance chain.
looks for classes that maintain two or more lists or arrays associated one-for-one through the same index to hold two or more pieces of related information.
looks for constructors of non final classes that make method calls to non final methods.
looks for non derivable method that declare parameters and then cast those parameters to more specific types in the method.
looks for simple fields that only store one of several constant values.
looks for allocations of objects using the default constructor in a loop, where the object allocated is never assigned to any object that is used outside the loop.
looks for classes that don't handle serialization of parent class member fields when the class in question is serializable but is derived from non serializable classes.
looks for classes that maintain collections or StringBuffer/StringBuilders in static member variables, and that do not appear to provide a way to clear or remove items from these members.
looks for serialization of non-static inner classes.
looks for calls of the same method on the same object when that object hasn't changed.
contains information about a field access
contains information about a method call
finds methods that create and populate collections, and while knowing the end size of those collections, does not pre allocate the collection to be big enough.
looks for method calls through reflection on methods found in java.lang.Object.
looks for methods that declare Runtime exceptions in their throws clause.
looks for interfaces that ignore 508 compliance, including not using JLabel.setLabelFor, Using null layouts,
looks for constructors that operate through side effects, specifically constructors that aren't assigned to any variable or field.
looks for silly bugs that are simple but do not fit into one large pattern.
looks for methods that use Class.forName("XXX") to load a class object for a class that is already referenced by this class.
looks for methods that implement awt or swing listeners and perform time consuming operations.
looks for classes that implement interfaces by relying on methods being implemented in super classes, even though the superclass knows nothing about the interface being implemented by the child.
Looks for methods that call wait, notify or notifyAll on an instance of a java.lang.Thread.
looks for the execution of sql queries inside a loop.
holds the start and end position of a loop
looks for two or more try catch blocks that are consecutive and catch the same kind of exception, and throw the same exception always.
looks for creation of arrays where the contents are constants, or static fields, and the array isn't further modified.
looks for methods that make static method calls using an instance reference.
holds information about a POP instruction, what was popped, where it occurred, etc.
looks for string fields that appear to be built with parsing or calling toString() on another object, or from objects that are fields.
looks for conditional expressions where both simple local variable (in)equalities are used along with method calls, where the method calls are done first.
looks for implementation of clone() where a store is made to a member of the source object.
looks for methods that access objects in http sessions, that are complex objects, modifies those objects, but does not call setAttribute to signify a change so that cluster replication can happen.
looks for class that implement Comparator or Comparable, and whose compare or compareTo methods return constant values only, but that don't represent the three possible choice (a negative number, 0, and a positive number).
looks for methods that set a setter with the value obtained from the same bean's complimentary getter.
looks for calls to classes and methods that do not exist in the JDK for which this class is compiled.
looks for loops where an equality check is made and a variable is set because of it.
represents an if block and what registers are stored inside the block
looks for code that checks to see if a field or local variable is not null, before entering a code block either an if, or while statement, and reassigns that field or variable.
looks for creation of arrays, that are not populated before being returned for a method.
looks for calls to the wait method on mutexes defined in the java.util.concurrent package where it is likely that await was intended.
Looks for use of iterators on synchronized collections built from the Collections class.
looks for methods that make a recursive call to itself as the last statement in the method.
looks for methods that are defined to return Boolean, but return null.
Looks for methods that declare method level template parameter(s) that are not bound to any of the method's parameters, and thus is not adding any validation/type safety to the method, and is just confusing.
a simple data only class for holding the template parameters and method signature
looks for odd uses of the Assert class of the JUnit and TestNG framework
looks for methods that are bigger than 8000 bytes, as these methods are ignored by the jit for compilation, causing them to always be interpreted.
looks for code that appears to be using two forms of similar apis, an older one, and a new one.
looks for construction of new objects, and then the immediate testing whether the object is null or not.
Looks for methods that store the return result in a local variable, and then immediately returns that local variable.
looks for collections or arrays that hold objects that are unrelated thru class or interface inheritance other than java.lang.Object.
looks for methods that return Object, and who's code body returns two or more different types of objects that are unrelated (other than by Object).
looks for field writes to objects that are non singletons, where the write is not synchronized
looks for private or static methods that have parameters that aren't used.
looks for loops that transfers the contents of one collection to another.
represents a loop, and where an add was found in it
looks for methods that pass single character string constants as parameters to methods that alternatively have an overridden method that accepts a character instead.
looks for uses of sets or maps where the key is an enum.
looks for code that builds an array by using a StringTokenizer to break up a string and place individual elements into an array.
looks for code that builds an array of values from a collection, by manually looping over the elements of the collection, and adding them to the array.
looks for try/finally blocks that manage resources, without using try-with-resources
looks for definitions of methods that have an array as the last parameter.
looks for exceptions that are thrown with static strings as messages.
looks for various issues around @Autowired/@Inject fields in DI classes Injecting the same bean twice into the same class hierarchy, even with different field names
represents the type of object that is to be wired in, including an optional qualifier name
Looks for allocations and initializations of java collections, but that are never read from or accessed to gain information.
holds a user value for a StringBuilder or StringBuffer on the stack that is an online append ideally there would be an UNKNOWN option, rather than null, but findbugs seems to have a nasty bug with static fields holding onto uservalues across detectors
Copyright © 2005-2017 MeBigFatGuy.com. All Rights Reserved.