[Fb-contrib-commit] SF.net SVN: fb-contrib:[1428] trunk/fb-contrib/etc

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1428
          http://fb-contrib.svn.sourceforge.net/fb-contrib/?rev=1428&view=rev
Author:   dbrosius
Date:     2010-01-04 04:21:58 +0000 (Mon, 04 Jan 2010)

Log Message:
-----------
detector configuration for MDM Detector submitted by Chris Peterson

Modified Paths:
--------------
    trunk/fb-contrib/etc/findbugs.xml
    trunk/fb-contrib/etc/messages.xml

Modified: trunk/fb-contrib/etc/findbugs.xml
===================================================================

--- trunk/fb-contrib/etc/findbugs.xml	2010-01-04 04:21:20 UTC (rev 1427)
+++ trunk/fb-contrib/etc/findbugs.xml	2010-01-04 04:21:58 UTC (rev 1428)
@@ -316,6 +316,10 @@
 	<Detector class="com.mebigfatguy.fbcontrib.detect.WrongNullGuard"
 		speed="fast" hidden="true" reports="WNG_WRONG_NULL_FIELD_GUARD,WNG_WRONG_NULL_LOCAL_GUARD" />
 
+    	<Detector class="com.mebigfatguy.fbcontrib.detect.MoreDumbMethods"
+		speed="fast"
+		reports="MDM_RUNTIME_EXIT_OR_HALT,MDM_RUNFINALIZATION,EQ_BIGDECIMAL_EQUALS,MDM_INETADDRESS_GETLOCALHOST,MDM_PROMISCUOUS_SERVERSOCKET,MDM_RANDOM_SEED,MDM_SECURERANDOM_CTOR,MDM_SECURERANDOM_GETSEED,MDM_THREAD_PRIORITIES,MDM_THREAD_YIELD,MDM_WAIT_WITHOUT_TIMEOUT,MDM_THREAD_FAIRNESS,MDM_REENTRANTLOCK_HELDBY,MDM_STRING_BYTES_ENCODING,MDM_SETDEFAULTLOCALE" />
+
 	<!-- BugPattern -->
 
 	<BugPattern abbrev="ISB" type="ISB_INEFFICIENT_STRING_BUFFERING"
@@ -568,4 +572,34 @@
 		category="CORRECTNESS" experimental="true" />
 	<BugPattern abbrev="WNG" type="WNG_WRONG_NULL_LOCAL_GUARD"
 		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_RUNTIME_EXIT_OR_HALT"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_RUNFINALIZATION"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_INETADDRESS_GETLOCALHOST"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_PROMISCUOUS_SERVERSOCKET"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_THREAD_PRIORITIES"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_THREAD_YIELD"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_WAIT_WITHOUT_TIMEOUT"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_SIGNAL_NOT_SIGNALALL"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_THREAD_FAIRNESS"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_LOCK_ISLOCKED"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_STRING_BYTES_ENCODING"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_SETDEFAULTLOCALE"
+		category="MT_CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_BIGDECIMAL_EQUALS"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_RANDOM_SEED"
+		category="CORRECTNESS" experimental="true" />
+	<BugPattern abbrev="MDM" type="MDM_SECURERANDOM"
+		category="CORRECTNESS" experimental="true" /> 
 </FindbugsPlugin>
\ No newline at end of file

Modified: trunk/fb-contrib/etc/messages.xml
===================================================================
--- trunk/fb-contrib/etc/messages.xml	2010-01-04 04:21:20 UTC (rev 1427)
+++ trunk/fb-contrib/etc/messages.xml	2010-01-04 04:21:58 UTC (rev 1428)
@@ -1091,6 +1091,14 @@
 	 	</Details>
 	 </Detector>
 			
+	 <Detector class="com.mebigfatguy.fbcontrib.detect.MoreDumbMethods">
+	          <Details>
+	            	<![CDATA[
+	            	<p>This detector looks for calls to more pointless or deprecated methods.</p>
+	            	<p>It is a fast detector</p>
+	            	]]>
+	          </Details>
+	 </Detector>
 
 	<!-- BugPattern -->	
 	                
@@ -2818,7 +2826,157 @@
     			]]>
     		</Details>
     	</BugPattern>
-    
+    	
+	<BugPattern type="MDM_RUNTIME_EXIT_OR_HALT">
+		<ShortDescription>Method calls {2}</ShortDescription>
+		<LongDescription>Method {1} calls {2}</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Calling <code>Runtime.exit()</code> or <code>Runtime.halt()</code> shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_RUNFINALIZATION">
+		<ShortDescription>Method calls {2}</ShortDescription>
+		<LongDescription>Method {1} calls {2}</LongDescription>
+		<Details>
+		<![CDATA[
+		<p>Triggering finalization can result in serious performance problems and may indicate incorrect resource cleanup.</p>
+		]]>
+		</Details>
+	</BugPattern>
+	   
+	<BugPattern type="MDM_BIGDECIMAL_EQUALS">
+		<ShortDescription>Method calls BigDecimal.equals()</ShortDescription>
+		<LongDescription>Method {1} calls BigDecimal.equals(), which is normally a mistake</LongDescription>
+		<Details>
+		<![CDATA[
+		<p><code>equals()</code> being called to compare two <code>java.math.BigDecimal</code> numbers. This is normally a mistake, as two <code>BigDecimal</code> objects are only equal if they are equal in both value and scale, so that <i>2.0</i> is not equal to <i>2.00</i>. To compare <code>BigDecimal</code> objects for mathematical equality, use <code>compareTo()</code> instead.</p>
+		]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_INETADDRESS_GETLOCALHOST">
+		<ShortDescription>Method calls InetAddress.getLocalHost()</ShortDescription>
+		<LongDescription>Method {1} calls InetAddress.getLocalHost(), which may be a security risk</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Do not call <code>InetAddress.getLocalHost()</code> on multihomed servers. On a multihomed server, <code>InetAddress.getLocalHost()</code> simply returns the IP address associated with the server's internal hostname. This could any of the network interfaces, which could expose the machine to security risks. Server applications that need to listen on sockets should add configurable properties to define which network interfaces the server should bind.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_PROMISCUOUS_SERVERSOCKET">
+		<ShortDescription>Method creates promiscuous ServerSocket object</ShortDescription>
+		<LongDescription>Method {1} creates a promiscuous ServerSocket, which may be a security risk</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Do not use the <code>ServerSocket</code> constructor or <code>ServerSocketFactory.createServerSocket()</code> factory methods that accepts connections on any network interface. By default, an application that listens on a socket will listen for connection attempts on any network interface, which can be a security risk. Only the long form the <code>ServerSocket</code> constructor or <code>ServerSocketFactory.createServerSocket()</code> factory methods take a specific local address to define which network interface the socket should bind.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_RANDOM_SEED">
+		<ShortDescription>Method creates insecure Random object</ShortDescription>
+		<LongDescription>Method {1} creates an insecure Random object, which may be a security risk</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p><code>Random()</code> constructor without a seed is insecure because it defaults to easily guessable seed: <code>System.currentTimeMillis()</code>. Initialize seed with <code>Random(SecureRandom.getInstance().generateSeed())</code> or use <code>SecureRandom</code> instead.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_SECURERANDOM">
+		<ShortDescription>Method calls deprecated SecureRandom method</ShortDescription>
+		<LongDescription>Method {1} calls deprecated SecureRandom method {2}</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>The <code>SecureRandom()</code> constructors and <code>SecureRandom.getSeed()</code> method are deprecated. Call <code>SecureRandom.getInstance()</code> and <code>SecureRandom.getInstance().generateSeed()</code> instead.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_THREAD_PRIORITIES">
+		<ShortDescription>Method calls non-portable method {2}</ShortDescription>
+		<LongDescription>Method {1} calls non-portable method {2}</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Getting or setting thread priorities is not portable and could indicate race conditions.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_THREAD_YIELD">
+		<ShortDescription>Method calls non-portable method {2}</ShortDescription>
+		<LongDescription>Method {1} calls non-portable method {2}</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Manual thread scheduling with <code>Thread.sleep()</code> or <code>Thread.yield()</code> has no guaranteed semantics and is often used to mask race conditions.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+	  
+	<BugPattern type="MDM_WAIT_WITHOUT_TIMEOUT">
+		<ShortDescription>Method sleeps without timeout</ShortDescription>
+		<LongDescription>Method {1} calls {2} without timeout</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Calling <code>{2}</code> without timeout could block forever. Consider using a timeout to detect deadlocks or performance problems. Thread.join() Object.wait() Condition.await() Lock.lock() Lock.lockInterruptibly()</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+		  
+	<BugPattern type="MDM_THREAD_FAIRNESS">
+		<ShortDescription>Method ignores Lock's fairness settings by calling {2}</ShortDescription>
+		<LongDescription>Method {1} ignores Lock's fairness settings by calling {2}</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Calling <code>Lock.tryLock()</code> or <code>ReentrantLock.tryLock()</code> without a timeout does not honor the lock's fairness setting. If you want to honor the fairness setting for this lock, then use <code>tryLock(0, TimeUnit.SECONDS)</code> which is almost equivalent (it also detects interruption).</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_SIGNAL_NOT_SIGNALALL">
+		<ShortDescription>Method calls Condition.signal() rather than Condition.signalAll()</ShortDescription>
+		<LongDescription>Method {1} calls Condition.signal() rather than Condition.signalAll()</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p><code>Condition.signalAll()</code> is prefered over <code>Condition.signal()</code>. Calling <code>signal()</code> only wakes up one thread, meaning that the thread woken up might not be the one waiting for the condition that the caller just satisfied.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
+	<BugPattern type="MDM_LOCK_ISLOCKED">
+		<ShortDescription>Method tests if a lock is locked</ShortDescription>
+		<LongDescription>Method {1} calls {2} to test if the lock is locked</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Calling <code>ReentrantLock.isLocked()</code> or <code>ReentrantLock.isHeldByCurrentThread()</code> might indicate race conditions or incorrect locking. These methods are designed for use in debug code or monitoring of the system state, not for synchronization control.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+		  
+	<BugPattern type="MDM_STRING_BYTES_ENCODING">
+		<ShortDescription>Encoding String bytes without specifying the character encoding</ShortDescription>
+		<LongDescription>Method {1} encodes String bytes without specifying the character encoding</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>The behavior of the <code>String(byte[] bytes)</code> and <code>String.getBytes()</code> is undefined if the string cannot be encoded in the platform's default charset. Instead, use the <code>String(byte[] bytes, String encoding)</code> or <code>String.getBytes(String encoding)></code> constructor which accepts the string's encoding as an argument. Be sure to specify the encoding used for the user's locale.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+		  
+	<BugPattern type="MDM_SETDEFAULTLOCALE">
+		<ShortDescription>Method calls Locale.setDefault()</ShortDescription>
+		<LongDescription>Method {1} calls Locale.setDefault(), changing locale for all threads</LongDescription>
+		<Details>
+		  <![CDATA[
+		  <p>Do not use the <code>Locale.setDefault()</code> method to change the default locale. It changes the JVM's default locale for all threads and makes your applications unsafe to threads. It does not affect the host locale. Since changing the JVM's default locale may affect many different areas of functionality, this method should only be used if the caller is prepared to reinitialize locale-sensitive code running within the same Java Virtual Machine, such as the user interface.</p>
+		  ]]>
+		</Details>
+	</BugPattern>
+
 	<!-- BugCode -->
 	
 	<BugCode abbrev="ISB">Inefficient String Buffering</BugCode>
@@ -2910,4 +3068,5 @@
     	<BugCode abbrev="CVAA">Contravariant Array Assignment</BugCode>
     	<BugCode abbrev="NFF">Non Functional Field</BugCode>
     	<BugCode abbrev="WNG">Wrong Null Guard</BugCode>
+    	<BugCode abbrev="MDM">More Dumb Methods</BugCode>
 </MessageCollection>
\ No newline at end of file


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


