deps: upgrade SpotBugs to 4.8.1

spotbugs · Nov 14, 2023 · dea1425 · dea1425
1 parent c0b085f
commit dea1425
Show file tree

Hide file tree

Showing 8 changed files with 359 additions and 18 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -123,7 +123,7 @@ jobs:
         uses: ./.github/actions/sonar-update-center
         with:
           prop-file: findbugs.properties
-          description: Use SpotBugs 4.7.3, sb-contrib 7.6.0, and findsecbugs 1.12.0
+          description: Use SpotBugs 4.8.1, sb-contrib 7.6.0, and findsecbugs 1.12.0
           minimal-supported-sq-version: 8.9
           latest-supported-sq-version: LATEST
           changelog-url: https://github.com/spotbugs/sonar-findbugs/releases/tag/${{ github.event.release.tag_name }}

diff --git a/README.md b/README.md
@@ -69,4 +69,4 @@ Findbugs Plugin version|Embedded SpotBugs/Findbugs version|Embedded Findsecbugs
 4.2.2                  | 4.7.3 (SpotBugs)                 | 1.12.0                     | 7.4.7 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
 4.2.3                  | 4.7.3 (SpotBugs)                 | 1.12.0                     | 7.4.7 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
 4.2.4                  | 4.7.3 (SpotBugs)                 | 1.12.0                     | 7.6.0 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
-4.2.5-SNAPSHOT         | 4.7.3 (SpotBugs)                 | 1.12.0                     | 7.6.0 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
+4.2.5-SNAPSHOT         | 4.8.1 (SpotBugs)                 | 1.12.0                     | 7.6.0 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
diff --git a/generate_profiles/BuildXmlFiles.groovy b/generate_profiles/BuildXmlFiles.groovy
@@ -8,13 +8,13 @@ import groovy.json.JsonSlurper;
 
 @Grapes([
 
-    @Grab(group='com.github.spotbugs', module='spotbugs', version='4.7.3'),
+    @Grab(group='com.github.spotbugs', module='spotbugs', version='4.8.1'),
     @Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.6.0'),
     @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.12.0')]
 )
 
 
-FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.7.3')
+FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.8.1')
 CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.6.0')
 FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.12.0')
 

diff --git a/src/main/java/org/sonar/plugins/findbugs/rules/FindbugsRulesDefinition.java b/src/main/java/org/sonar/plugins/findbugs/rules/FindbugsRulesDefinition.java
@@ -28,8 +28,8 @@ public final class FindbugsRulesDefinition implements RulesDefinition {
 
   public static final String REPOSITORY_KEY = "findbugs";
   public static final String REPOSITORY_NAME = "FindBugs";
-  public static final int RULE_COUNT = 461;
-  public static final int DEACTIVED_RULE_COUNT = 6;
+  public static final int RULE_COUNT = 475;
+  public static final int DEACTIVED_RULE_COUNT = 7;
 
   @Override
   public void define(Context context) {

diff --git a/src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-and-fb-contrib.xml b/src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-and-fb-contrib.xml
@@ -1,4 +1,7 @@
 <FindBugsFilter><!-- This file is auto-generated. -->
+  <Match>
+    <Bug pattern='CT_CONSTRUCTOR_THROW' />
+  </Match>
   <Match>
     <Bug pattern='JUA_DONT_ASSERT_INSTANCEOF_IN_TESTS' />
   </Match>
@@ -431,6 +434,9 @@
   <Match>
     <Bug pattern='DL_SYNCHRONIZATION_ON_SHARED_CONSTANT' />
   </Match>
+  <Match>
+    <Bug pattern='DL_SYNCHRONIZATION_ON_INTERNED_STRING' />
+  </Match>
   <Match>
     <Bug pattern='DL_SYNCHRONIZATION_ON_BOOLEAN' />
   </Match>
@@ -557,6 +563,9 @@
   <Match>
     <Bug pattern='SE_TRANSIENT_FIELD_NOT_RESTORED' />
   </Match>
+  <Match>
+    <Bug pattern='SE_PREVENT_EXT_OBJ_OVERWRITE' />
+  </Match>
   <Match>
     <Bug pattern='SE_METHOD_MUST_BE_PRIVATE' />
   </Match>
@@ -1382,6 +1391,39 @@
   <Match>
     <Bug pattern='USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE' />
   </Match>
+  <Match>
+    <Bug pattern='ASE_ASSERTION_WITH_SIDE_EFFECT' />
+  </Match>
+  <Match>
+    <Bug pattern='ASE_ASSERTION_WITH_SIDE_EFFECT_METHOD' />
+  </Match>
+  <Match>
+    <Bug pattern='PA_PUBLIC_PRIMITIVE_ATTRIBUTE' />
+  </Match>
+  <Match>
+    <Bug pattern='PA_PUBLIC_ARRAY_ATTRIBUTE' />
+  </Match>
+  <Match>
+    <Bug pattern='PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE' />
+  </Match>
+  <Match>
+    <Bug pattern='VSC_VULNERABLE_SECURITY_CHECK_METHODS' />
+  </Match>
+  <Match>
+    <Bug pattern='AA_ASSERTION_OF_ARGUMENTS' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_CLASS_NAMES' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_FIELD_NAMES' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_METHOD_NAMES' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_LOCAL_VARIABLE_NAMES' />
+  </Match>
   <Match>
     <Bug pattern='ISB_INEFFICIENT_STRING_BUFFERING' />
   </Match>

diff --git a/src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-only.xml b/src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-only.xml
@@ -1,4 +1,7 @@
 <FindBugsFilter><!-- This file is auto-generated. -->
+  <Match>
+    <Bug pattern='CT_CONSTRUCTOR_THROW' />
+  </Match>
   <Match>
     <Bug pattern='JUA_DONT_ASSERT_INSTANCEOF_IN_TESTS' />
   </Match>
@@ -431,6 +434,9 @@
   <Match>
     <Bug pattern='DL_SYNCHRONIZATION_ON_SHARED_CONSTANT' />
   </Match>
+  <Match>
+    <Bug pattern='DL_SYNCHRONIZATION_ON_INTERNED_STRING' />
+  </Match>
   <Match>
     <Bug pattern='DL_SYNCHRONIZATION_ON_BOOLEAN' />
   </Match>
@@ -557,6 +563,9 @@
   <Match>
     <Bug pattern='SE_TRANSIENT_FIELD_NOT_RESTORED' />
   </Match>
+  <Match>
+    <Bug pattern='SE_PREVENT_EXT_OBJ_OVERWRITE' />
+  </Match>
   <Match>
     <Bug pattern='SE_METHOD_MUST_BE_PRIVATE' />
   </Match>
@@ -1382,4 +1391,37 @@
   <Match>
     <Bug pattern='USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE' />
   </Match>
+  <Match>
+    <Bug pattern='ASE_ASSERTION_WITH_SIDE_EFFECT' />
+  </Match>
+  <Match>
+    <Bug pattern='ASE_ASSERTION_WITH_SIDE_EFFECT_METHOD' />
+  </Match>
+  <Match>
+    <Bug pattern='PA_PUBLIC_PRIMITIVE_ATTRIBUTE' />
+  </Match>
+  <Match>
+    <Bug pattern='PA_PUBLIC_ARRAY_ATTRIBUTE' />
+  </Match>
+  <Match>
+    <Bug pattern='PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE' />
+  </Match>
+  <Match>
+    <Bug pattern='VSC_VULNERABLE_SECURITY_CHECK_METHODS' />
+  </Match>
+  <Match>
+    <Bug pattern='AA_ASSERTION_OF_ARGUMENTS' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_CLASS_NAMES' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_FIELD_NAMES' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_METHOD_NAMES' />
+  </Match>
+  <Match>
+    <Bug pattern='PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS_LOCAL_VARIABLE_NAMES' />
+  </Match>
 </FindBugsFilter>