deps: upgrade SpotBugs Contrib to 7.6.0 (#726)

- upgrade SpotBugs Contrib to 7.6.0 - update the sb-contrib and findsecbugs project links
spotbugs · Apr 27, 2023 · 127466b · 127466b
1 parent b2fa625
commit 127466b
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 ## Description / Features
 
-This plugin requires the [SonarJava Plugin](https://docs.sonarqube.org/display/PLUG/SonarJava), and uses [SpotBugs](https://spotbugs.github.io), [fb-contrib](http://fb-contrib.sourceforge.net/) and [Find Security Bugs](http://h3xstream.github.io/find-sec-bugs/) to provide coding rules.
+This plugin requires the [SonarJava Plugin](https://docs.sonarqube.org/display/PLUG/SonarJava), and uses [SpotBugs](https://spotbugs.github.io), [fb-contrib](https://github.com/mebigfatguy/fb-contrib) and [Find Security Bugs](https://find-sec-bugs.github.io/) to provide coding rules.
 
 ### Supported Languages
 

diff --git a/generate_profiles/BuildXmlFiles.groovy b/generate_profiles/BuildXmlFiles.groovy
@@ -8,13 +8,13 @@ import groovy.json.JsonSlurper;
 @Grapes([
 
     @Grab(group='com.github.spotbugs', module='spotbugs', version='4.7.3'),
-    @Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.4.7'),
+    @Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.6.0'),
     @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.12.0')]
 )
 
 
 FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.7.3')
-CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.4.7')
+CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.6.0')
 FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.12.0')
 
 def destDir() {

diff --git a/pom.xml b/pom.xml
@@ -53,7 +53,7 @@
       Update the version table and the rules count badge in README.md
     -->
     <spotbugs.version>4.7.3</spotbugs.version>
-    <sbcontrib.version>7.4.7</sbcontrib.version>
+    <sbcontrib.version>7.6.0</sbcontrib.version>
     <findsecbugs.version>1.12.0</findsecbugs.version>
 
     <jdk.min.version>1.8</jdk.min.version>

diff --git a/src/main/java/org/sonar/plugins/findbugs/rules/FbContribRulesDefinition.java b/src/main/java/org/sonar/plugins/findbugs/rules/FbContribRulesDefinition.java
@@ -27,8 +27,8 @@ public class FbContribRulesDefinition implements RulesDefinition {
 
   public static final String REPOSITORY_KEY = "fb-contrib";
   public static final String REPOSITORY_NAME = "FindBugs Contrib";
-  public static final int RULE_COUNT = 307;
-  public static final int DEACTIVED_RULE_COUNT = 0;
+  public static final int RULE_COUNT = 312;
+  public static final int DEACTIVED_RULE_COUNT = 1;
 
   @Override
   public void define(Context context) {

diff --git a/src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-and-fb-contrib.xml b/src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-and-fb-contrib.xml
@@ -1634,9 +1634,6 @@
   <Match>
     <Bug pattern='SPP_STRINGBUFFER_WITH_EMPTY_STRING' />
   </Match>
-  <Match>
-    <Bug pattern='SPP_EQUALS_ON_ENUM' />
-  </Match>
   <Match>
     <Bug pattern='SPP_INVALID_BOOLEAN_NULL_CHECK' />
   </Match>
@@ -1658,6 +1655,9 @@
   <Match>
     <Bug pattern='SPP_USE_ZERO_WITH_COMPARATOR' />
   </Match>
+  <Match>
+    <Bug pattern='SPP_PASSING_THIS_AS_PARM' />
+  </Match>
   <Match>
     <Bug pattern='MUI_USE_CONTAINSKEY' />
   </Match>
@@ -2216,6 +2216,9 @@
   <Match>
     <Bug pattern='WI_MANUALLY_ALLOCATING_AN_AUTOWIRED_BEAN' />
   </Match>
+  <Match>
+    <Bug pattern='WI_WIRING_OF_STATIC_FIELD' />
+  </Match>
   <Match>
     <Bug pattern='CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY' />
   </Match>
@@ -2243,6 +2246,9 @@
   <Match>
     <Bug pattern='OI_OPTIONAL_ISSUES_USES_ORELSEGET_WITH_NULL' />
   </Match>
+  <Match>
+    <Bug pattern='OI_OPTIONAL_ISSUES_ISPRESENT_PREFERRED' />
+  </Match>
   <Match>
     <Bug pattern='UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT' />
   </Match>
@@ -2273,9 +2279,6 @@
   <Match>
     <Bug pattern='LUI_USE_COLLECTION_ADD' />
   </Match>
-  <Match>
-    <Bug pattern='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' />
-  </Match>
   <Match>
     <Bug pattern='FII_USE_METHOD_REFERENCE' />
   </Match>
@@ -2303,4 +2306,16 @@
   <Match>
     <Bug pattern='SAT_SUSPICIOUS_ARGUMENT_TYPES' />
   </Match>
+  <Match>
+    <Bug pattern='ENMI_EQUALS_ON_ENUM' />
+  </Match>
+  <Match>
+    <Bug pattern='ENMI_NULL_ENUM_VALUE' />
+  </Match>
+  <Match>
+    <Bug pattern='ENMI_ONE_ENUM_VALUE' />
+  </Match>
+  <Match>
+    <Bug pattern='AKI_SUPERFLUOUS_ROUTE_SPECIFICATION' />
+  </Match>
 </FindBugsFilter>
diff --git a/src/main/resources/org/sonar/plugins/findbugs/rules-fbcontrib.xml b/src/main/resources/org/sonar/plugins/findbugs/rules-fbcontrib.xml
@@ -714,7 +714,7 @@ if (!date1.equals( date2 ))
 			a potential cause of memory bloat.&lt;/p&gt;
 
 			&lt;p&gt;
-			If this collection is a list, set or otherwise of static things (e.g. a List&amp;gt;String&amp;gt; for month names), consider
+			If this collection is a list, set or otherwise of static things (e.g. a List&amp;lt;String&amp;gt; for month names), consider
 			adding all of the elements in a static initializer, which can only be called once:&lt;br/&gt;
 &lt;pre&gt;&lt;code&gt;
 private static List&amp;lt;String&amp;gt; monthNames = new ArrayList&amp;lt;String&amp;gt;();
@@ -1111,15 +1111,6 @@ if (myString.indexOf('e') != -1) {
     <tag>performance</tag>
     <tag>bug</tag>
   </rule>
-  <rule key='SPP_EQUALS_ON_ENUM' priority='MAJOR'>
-    <name>Correctness - Method calls equals on an enum instance</name>
-    <configKey>SPP_EQUALS_ON_ENUM</configKey>
-    <description>&lt;p&gt;This method calls the equals(Object) method on an enum instance. Since enums values are singletons,
-			you can use == to safely compare two enum values. In fact, the implementation for Enum.equals does just
-			that.&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
   <rule key='SPP_INVALID_BOOLEAN_NULL_CHECK' priority='MAJOR'>
     <name>Correctness - Method uses invalid C++ style null check on Boolean</name>
     <configKey>SPP_INVALID_BOOLEAN_NULL_CHECK</configKey>
@@ -1215,6 +1206,18 @@ if ({{FLAWED_TEST_LOGIC}}) {
     <tag>correctness</tag>
     <tag>bug</tag>
   </rule>
+  <rule key='SPP_PASSING_THIS_AS_PARM' priority='MAJOR'>
+    <name>Correctness - Method call passes object that the method is called on as a parameter</name>
+    <configKey>SPP_PASSING_THIS_AS_PARM</configKey>
+    <description>&lt;p&gt;This method calls an instance method passing the object that the method is called on as a parameter, such as
+	       &lt;code&gt;
+	           foo.someMethod(foo);
+	       &lt;/code&gt;
+	       As you already have access to this object thru this, you don't need to pass it.
+	       &lt;/p&gt;</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
   <rule key='MUI_USE_CONTAINSKEY' priority='MAJOR'>
     <name>Correctness - Method calls keySet() just to call contains, use containsKey instead</name>
     <configKey>MUI_USE_CONTAINSKEY</configKey>
@@ -3275,6 +3278,15 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
     <tag>correctness</tag>
     <tag>bug</tag>
   </rule>
+  <rule key='WI_WIRING_OF_STATIC_FIELD' priority='MAJOR'>
+    <name>Correctness - Static field is autowired</name>
+    <configKey>WI_WIRING_OF_STATIC_FIELD</configKey>
+    <description>&lt;p&gt;Autowiring of static fields does not work using simple @Autowire annotations, not should you attempt to do 
+            so as it's an anti pattern. Use PostConstruct methods to initialize static fields if you must do something 
+            like this.&lt;/p&gt;</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
   <rule key='CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY' priority='MAJOR'>
     <name>Correctness - Method gets and sets a value of a ConcurrentHashMap in a racy manner</name>
     <configKey>CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY</configKey>
@@ -3377,6 +3389,28 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
     <tag>correctness</tag>
     <tag>bug</tag>
   </rule>
+  <rule key='OI_OPTIONAL_ISSUES_ISPRESENT_PREFERRED' priority='MAJOR'>
+    <name>Correctness - Method uses Optional.equals(Optional.empty()), when Optional.isPresent is more readable</name>
+    <configKey>OI_OPTIONAL_ISSUES_ISPRESENT_PREFERRED</configKey>
+    <description>&lt;p&gt;This method uses Optional.equals(Optional.empty()). It is more readable and more clear just to use the Optional.isPresent()
+    		method to determine whether the reference exists or not. Use
+    		&lt;br/&gt;
+    		&lt;pre&gt;&lt;code&gt;
+            Optional f = getSomeOptional();
+    		if (!f.isPresent()) {
+    		}
+    		&lt;/code&gt;&lt;/pre&gt;
+    		rather than
+    		&lt;br/&gt;
+    		&lt;pre&gt;&lt;code&gt;
+   			Optional f = getSomeOptional();
+   			if (f.equals(Optional.empty()) {
+   			}
+    		&lt;/code&gt;&lt;/pre&gt;
+    		&lt;/p&gt;</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
   <rule key='UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT' priority='MAJOR'>
     <name>Correctness - Method constructs a Date object, merely to convert it to an Instant object</name>
     <configKey>UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT</configKey>
@@ -3560,8 +3594,8 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
     <tag>correctness</tag>
     <tag>bug</tag>
   </rule>
-  <rule key='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' priority='MAJOR'>
-    <name>Correctness - Method calls contains() on a collected lambda expression</name>
+  <rule key='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' priority='INFO'>
+    <name>Experimental - Method calls contains() on a collected lambda expression</name>
     <configKey>FII_AVOID_CONTAINS_ON_COLLECTED_STREAM</configKey>
     <description>&lt;p&gt;This method builds a collection using lambda expressions with a collect terminal operation. It then immediately
         calls the contains() method on it, to see if an item is present. This is sub optimal as the lambda still needs to 
@@ -3578,8 +3612,7 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
         baubles.stream().anyMatch(b -&gt; name.equals(b.getName()))
         &lt;/pre&gt;&lt;/code&gt;
         &lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
+    <tag>experimental</tag>
   </rule>
   <rule key='FII_USE_METHOD_REFERENCE' priority='MAJOR'>
     <name>Correctness - Method creates an anonymous lambda expression instead of specifying a method reference</name>
@@ -3729,4 +3762,41 @@ if (shouldCalcHalting &amp;&amp; (calculateHaltingProbability() &amp;gt; 0) { }
     <tag>correctness</tag>
     <tag>bug</tag>
   </rule>
+  <rule key='ENMI_EQUALS_ON_ENUM' priority='MAJOR'>
+    <name>Correctness - Method calls equals on an enum instance</name>
+    <configKey>ENMI_EQUALS_ON_ENUM</configKey>
+    <description>&lt;p&gt;This method calls the equals(Object) method on an enum instance. Since enums values are singletons,
+            you can use == to safely compare two enum values. In fact, the implementation for Enum.equals does just
+            that.&lt;/p&gt;</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
+  <rule key='ENMI_NULL_ENUM_VALUE' priority='MAJOR'>
+    <name>Correctness - Method sets an enum reference to null</name>
+    <configKey>ENMI_NULL_ENUM_VALUE</configKey>
+    <description>&lt;p&gt;This method sets the value of an enum reference to null. An enum should never have a null value.
+            If there is a state where you do not know what the value of an enum should be, than that should be one of the
+            proper enum value. So add a MyEnum.UNKNOWN or such. This keeps the logic of switch statements, etc, much simpler.</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
+  <rule key='ENMI_ONE_ENUM_VALUE' priority='MAJOR'>
+    <name>Correctness - Enum class only declares one enum value</name>
+    <configKey>ENMI_ONE_ENUM_VALUE</configKey>
+    <description>&lt;p&gt;This enum class only declares one value (or perhaps 0!). As such it is pointless, as its value will always be the same thing.
+            Therefore use of this enum is just bloating the code base. One exception is if you are using a null value as a second value.
+            This is a mistake, and should be replaced with a second enum value, even if it's NULL, or UNKNOWN, or NON_INTITIALIZED or some other
+            sentinel value.</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
+  <rule key='AKI_SUPERFLUOUS_ROUTE_SPECIFICATION' priority='MAJOR'>
+    <name>Correctness - Method specifies superfluous routes thru route() or concat()</name>
+    <configKey>AKI_SUPERFLUOUS_ROUTE_SPECIFICATION</configKey>
+    <description>&lt;p&gt;This method uses the route() or concat() method to build optional routes but only passes 1 route to the method. 
+            This just causes an extra route specification to be created for no reason. Only use route() or concat() when you have more than
+            one route to combine into one.</description>
+    <tag>correctness</tag>
+    <tag>bug</tag>
+  </rule>
 </rules>