Merged
Conversation
Member
|
@cpfeiffer Will take this once build completes and will double check rebase against @phisad original PR. Thanks for picking up. |
hazendaz
approved these changes
Apr 2, 2023
Member
|
@cpfeiffer @phisad Merged now, thanks! No ETA on actually release yet. I don't know the full process on the core here (I do the maven part). I think we need to get a number of vulnerable libraries updated still but think we have to be close to releasing in general otherwise. Thanks for sticking around on this one. |
NazirMuhammadZafarIqbal
pushed a commit
to NazirMuhammadZafarIqbal/spotbugs
that referenced
this pull request
Jun 7, 2023
* Issue-543 Store Java class annotation names to PackageMemberAnnotations * Issue-543 Store Java class annotation names to PackageMemberAnnotations * Issue-543 Add AnnotationMatcher for filtering (with test cases) * Issue-543 Extend SAX handler for AnnotationMatcher and classjas attr * Issue-543 Fix whitespaces * Issue-543 Add CHANGELOG entry * Issue-543 Make compatible with Java 1.8 * Issue-543 Extract code to addJavaAnnotationNames method * Issue-543 Update filter file xml schema * Issue-543 Run spotlessApply * Issue-543 Fix AnnotationMatcherTest * Issue-543 Fix file header comments * Issue-543 Use MethodHandles for logger * Issue 543 Fix documentation * Issue 543 Combine expressions when getting annotation type * Issue 543 Rename attribute classjas to classAnnotationNames * Issue-543 Fix whitespaces * Issue-543: Fix typo --------- Co-authored-by: Philipp Sadler <philipp.sadler@gebit.de>
hazendaz
pushed a commit
that referenced
this pull request
Jun 19, 2023
* Added the messages.xml and findbugs.xml components for my first checker. * Added the messages.xml and findbugs.xml components for my first checker. Added Checker as well. * Added the messages.xml and findbugs.xml components for my first checker. Added Checker as well. Added test cases calsses. * Added the messages.xml and findbugs.xml components for my first checker. Added Checker as well. Added test cases calsses. Added test class (JUnit) as well. * Added the messages.xml and findbugs.xml components for my first checker. Added Checker as well. Added test cases calsses. Added test class (JUnit) as well. Edited the Changelog.md. * Added the messages.xml and findbugs.xml components for my first checker. Added Checker as well. Added test cases calsses. Added test class (JUnit) as well. Edited the Changelog.md. Fixed the formatting issues as well. * Apply 1 suggestion(s) to 1 file(s) * Apply 1 suggestion(s) to 1 file(s) * Resolved many comments on merge request. * Added the license and Javadoc for checker class. * Don't report for stream methods called on Random If one of the stream-returning methods (doubles, ints, or longs) is called on Random or SecureRandom, don't report that the Random was only used once Fixes #2370 * fix(deps): update dependency checkstyle to v7.8.2 (#2373) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.mockito:mockito-core to v5.2.0 (#2376) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.apache.groovy:groovy-all to v4.0.10 (#2377) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.slf4j:slf4j-api to v2.0.7 (#2381) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency net.sf.saxon:saxon-he to v12.1 (#2385) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update plugin com.github.spotbugs to v5.0.14 (#2386) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.springframework:spring-core to v6.0.7 (#2383) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update plugin com.gradle.enterprise to v3.12.5 (#2382) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency joda-time:joda-time to v2.12.4 (#2387) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update plugin com.gradle.enterprise to v3.12.6 (#2390) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update asm to v9.5 (#2391) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency joda-time:joda-time to v2.12.5 (#2393) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.apache.groovy:groovy-all to v4.0.11 (#2394) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Issue 543 (#2395) * Issue-543 Store Java class annotation names to PackageMemberAnnotations * Issue-543 Store Java class annotation names to PackageMemberAnnotations * Issue-543 Add AnnotationMatcher for filtering (with test cases) * Issue-543 Extend SAX handler for AnnotationMatcher and classjas attr * Issue-543 Fix whitespaces * Issue-543 Add CHANGELOG entry * Issue-543 Make compatible with Java 1.8 * Issue-543 Extract code to addJavaAnnotationNames method * Issue-543 Update filter file xml schema * Issue-543 Run spotlessApply * Issue-543 Fix AnnotationMatcherTest * Issue-543 Fix file header comments * Issue-543 Use MethodHandles for logger * Issue 543 Fix documentation * Issue 543 Combine expressions when getting annotation type * Issue 543 Rename attribute classjas to classAnnotationNames * Issue-543 Fix whitespaces * Issue-543: Fix typo --------- Co-authored-by: Philipp Sadler <philipp.sadler@gebit.de> * fix(deps): update dependency jacoco to v0.8.9 (#2398) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.checkerframework:checker-qual to v3.33.0 (#2399) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.mockito:mockito-core to v5.3.0 (#2403) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.springframework:spring-core to v6.0.8 (#2405) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update plugin com.gradle.enterprise to v3.13 (#2404) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * minor: make private class final with default constructor (#2407) * chore(deps): update plugin org.ajoberstar.grgit to v5.1.0 (#2409) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency org.mockito:mockito-core to v5.3.1 (#2408) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update plugin org.ajoberstar.grgit to v5.2.0 (#2411) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Changed the implementation of testing classes entirely. * Added Javadoc for testing files. * Made changes for second time review comments. * Fixed the CHANGELOG.md and added the solution in the bug reporting message. * Fixed the extra boolean parameter in helping function for testing. * Separated the class addClass and addMethod in the bug reporting. * Fixed the package naming convention. * Added comments for detector thought process, improved it's efficiency. * Tried to fix white space issues in findbugs.xml * Fixed some white space issues causing the pipeline to fail. * Added the exact source line number in the detector. * White space correction. * Fixed new lines in finbugs.xml Improved commenting in the sawOpCode() method and removed the sourceline remoting as it yeilds wrong results for large results. * Removed always true evident null check in sawOpCode(). * Fixed source line annotation. Added another class "COmmandMap". This class is actually one of th etest cases of large repo. I added it to verify the correction of reported exact source line number. * Made the bug type local variable in JUnit testing class method `createBugInstanceMatcher`. * Fixed the CHANGELOG.md formatting errors. * Implemented a null check on variable `met` in another detector `ReflectionIncreaseAccessibility` in `sawOpCode()` method. * deleted the temporary test case file. Refactored teh xMethod Variable. * DOn't see it. * Implemented the null check on `met` variable in another checker `ReflectionIncreaseAccessibility.java` class. * Added many good and bad test cases. * Improved and added new assertions in the Junit testing. * Improved the implementation of checker. It has changed totally. Now it is very efficient. * Changed the message reported in consistent with the new implementation of the checker. * Fixing white spaces. * Removed teh commented out lines. * Done! * Done! * Implemented new test cases in `FindVulnerableSecurityCheckMethodsTest.java` * Implemented new test cases in `GoodVulnerableSecurityCheckMethodsTest.java` * Implemented user defined `SecurityManager` required for some test cases. * Implemented Junit tests for the newly added test cases. * Fixed the comments. Fixed bug reporting message. * I don't know where these changes came form automatically. * Removed the commented out lines. Fixed the private methods with 1 usage only. * Revert "I don't know where these changes came form automatically." This reverts commit e8f89d4. * Reverted the Null Pointer Exception. * Refactored the name of the testing class as per conventions. * Refactored the bug type in all the related files. * Refactored the bug type in all the `CHANGELOG.md` --------- Co-authored-by: Judit Knoll <judit.knoll@sigmatechnology.com> Co-authored-by: Mike Dillon <mike@appropriate.io> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Carsten Pfeiffer <cpfeiffer@users.noreply.github.com> Co-authored-by: Philipp Sadler <philipp.sadler@gebit.de> Co-authored-by: Kevin222004 <97679350+Kevin222004@users.noreply.github.com>
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes this option to also take into account annotations applied to methods and fields. This is useful for generated code, e.g. lombok can be configured to apply `@lombok.Generated` on methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change `lombok.config`: ```diff - lombok.addLombokGeneratedAnnotation = true + lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes this option to also take into account annotations applied to methods and fields. This is useful for generated code, e.g. lombok can be configured to apply `@lombok.Generated` on methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change `lombok.config`: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes this option to also take into account annotations applied to methods and fields. This is useful for generated code, e.g. lombok can be configured to apply `@lombok.Generated` on methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change `lombok.config`: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes this option to also take into account annotations applied to methods and fields. This is useful for generated code, e.g. lombok can be configured to apply `@lombok.Generated` on methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config`: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 21, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 25, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 25, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Mar 31, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
fenuks
pushed a commit
to fenuks/spotbugs
that referenced
this pull request
Apr 1, 2025
Pull request spotbugs#2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue spotbugs#3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`.
hazendaz
added a commit
that referenced
this pull request
Apr 15, 2025
Pull request #2395 added option to filter out bugs based on annotation on class. This patch generalizes the feature to include annotations applied to methods and fields as well. It is particularly useful for generated code; e.g. lombok can be configured to apply `@lombok.Generated` to methods it generates. Generalized annotation filtering can be used to fix issue #3350 with change to the `lombok.config` file: ```diff + lombok.addLombokGeneratedAnnotation = true - lombok.extern.findbugs.addSuppressFBWarnings = true ``` and `<Annotation name="lombok.Generated" />` addition to the `spotbugsExclude.xml`. Co-authored-by: fenuks <fenuks> Co-authored-by: Jeremy Landis <jeremylandis@hotmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This new PR just fixes the last comment of #2252. I don't have write permission to the fork of @phisad, so here's his work, rebased on top of master with the suggested spelling fix.
#2252 can be closed in favor of this branch, since my colleague @phisad does not have time for it anymore.