spotbugs已经取代和继承了曾今的findbugs,已经按个人理解对bug的类别进行排序,重要的在前,不重要的在后。
bug描述里的废话被我删了。
文档参考:http://spotbugs.readthedocs.io/en/latest/bugDescriptions.html
本文原文发表在:https://blog.csdn.net/windanchaos
code that is vulnerable to attacks from untrusted code
代码有漏洞,可能被攻击。
必须要重要。
code flaws having to do with threads, locks, and volatiles
可能导致线程、死锁及不稳定的
必须很重要。
code that is not necessarily incorrect but may be inefficient
可能代码正确但是性能会有问题的地方
必须很重要。
A use of untrusted input in a way that could create a remotely exploitable security vulnerability.
非安全输入,可导致远程利用的安全漏洞。
很重要
Violations of recommended and essential coding practice. Examples include hash code and equals problems, cloneable idiom, dropped exceptions, Serializable problems, and misuse of finalize.
不是特别重要。
Probable bug - an apparent coding mistake resulting in code that was probably not what the developer intended.
逻辑大概就是:这个地方的正确性值得商榷,你最好来确认下会不会潜在的出现不是你预期的行为。
不是特别重要。
Experimental and not fully vetted bug patterns
看官方文档里的子bug类别描述,大概意思是说老兄,这个地方本程序查不出来,要么是类太大了之类,bug匹配模式不太适用,你自己再确认下。
不太重要。
code that is confusing, anomalous, or written in a way that leads itself to errors. Examples include dead local stores, switch fall through, unconfirmed casts, and redundant null check of value known to be null. More false positives accepted.
不是很重要,看公司要求。
code flaws having to do with internationalization and locale
代码没有遵守必要的本地化和国际化
这个要看公司要求
Bogus random noise: intended to be useful as a control in data mining experiments, not in finding actual bugs in software
据描述的意思,意思就是兄弟,你不用管,这是spotbugs自己搞事。
完全不重要