我一直在 eclipse 中使用 Findbugs 插件,现在想将该功能移至我的 Gradle 构建脚本,以便在检测到任何严重错误时构建将失败。我想禁用以下错误类别:
- 实验
- 安全
- 国际化
- 恶意代码
以上是Eclipse插件中的默认设置。但是在 Gradle 中,查看 documentation我只能找到一种方法来禁用个别错误检查。然而,这是不可行的,查看 source code ,其中有将近 100 个要通过并单独启用/禁用。
是否有更简单的方法来禁用上述类别,以便 Gradle 调用的 Findbugs 的行为与 Eclipse 插件默认配置相同?
编辑: 到目前为止,我们已经知道“excludeFilter”选项可用于指定包含应排除的错误检查程序的 XML 文件。然后可以在此文件中指定要排除的类别,如下所示:
<FindBugsFilter>
<Match>
<Bug category="EXPERIMENTAL"/>
</Match>
</FindBugsFilter>
可以通过在排除文件中指定类别属性来禁用错误类别:
- 国际化:I18N
- 恶意代码:MALICIOUS_CODE
- 实验性的:实验性的
- 正确性:正确性
- 表现:表现
- 代码风格:STYLE
- 不良做法:BAD_PRACTICE
但是这些类别属性似乎没有记录在案,所以我不确定是否找到了所有这些属性。当我发现更多内容时,将编辑此列表。
最佳答案
你是对的,FindBug 类别列表似乎没有完整记录。 从https://sourceforge.net/projects/findbugs/files/findbugs/3.0.1/中搜索源码包您可以在默认的 messages.xml 中找到 BugCategory 定义。
我提取了信息并创建了一个过滤器来匹配在 findbugs-3.0.1\etc\messages.xml 中找到的所有类别:
<FindBugsFilter>
<!-- Probable bug - an apparent coding mistake resulting in code that was
probably not what the developer intended. We strive for a low false positive
rate. -->
<Match>
<Bug category="CORRECTNESS" />
</Match>
<!-- Bogus random noise: intended to be useful as a control in data mining
experiments, not in finding actual bugs in software. -->
<Match>
<Bug category="NOISE" />
</Match>
<!-- A use of untrusted input in a way that could create a remotely exploitable
security vulnerability. -->
<Match>
<Bug category="SECURITY" />
</Match>
<!-- Violations of recommended and essential coding practice. Examples include
hash code and equals problems, cloneable idiom, dropped exceptions, Serializable
problems, and misuse of finalize. We strive to make this analysis accurate,
although some groups may not care about some of the bad practices. -->
<Match>
<Bug category="BAD_PRACTICE" />
</Match>
<!-- code that is confusing, anomalous, or written in a way that leads itself
to errors. Examples include dead local stores, switch fall through, unconfirmed
casts, and redundant null check of value known to be null. More false positives
accepted. In previous versions of FindBugs, this category was known as Style. -->
<Match>
<Bug category="STYLE" />
</Match>
<!-- code that is not necessarily incorrect but may be inefficient -->
<Match>
<Bug category="PERFORMANCE" />
</Match>
<!-- code that is vulnerable to attacks from untrusted code -->
<Match>
<Bug category="MALICIOUS_CODE" />
</Match>
<!-- code flaws having to do with threads, locks, and volatiles -->
<Match>
<Bug category="MT_CORRECTNESS" />
</Match>
<!-- code flaws having to do with internationalization and locale -->
<Match>
<Bug category="I18N" />
</Match>
<!-- Experimental and not fully vetted bug patterns -->
<Match>
<Bug category="EXPERIMENTAL" />
</Match>
</FindBugsFilter>
关于java - 在 Gradle 构建中禁用 findbugs 检查错误类别,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31455719/