FindBugs Common error descriptions and workarounds

A [Dls_dead_local_store]
Description: Dead store to unused local variables
WORKAROUND: The local variable is not used after it is defined, the object is instantiated and then re-assigned value


(b) [St_write_to_static_from_instance_method]
Description: Write to static field updates static properties by instance method
Common in constant classes, Directly through the class name. The method of obtaining a constant name violates the principle of encapsulation, findbugs is not advocated for use, and if the constant is changed to a static member variable, and because spring does not support static injection resulting in the inability to implement, the workaround is to statically set the setter method to assign values to the static member variable.
Workaround:
Constant Class F:
Class f{
public static String a = "123";
}
Constant A is changed to a static member variable, obtained through F.geta (), and since spring does not support static injection, instead:
Class f{
private static String A;
public static Integer Geta () {
return A;
}
public void SetA (String a) {
Setavalue (a);
}
public static void Setavalue (String a) {
F.A = A;
}
}


(c) [bx_unboxing_immediately_reboxed]
Description: Boxed value is unboxed and then immediately reboxed boxed values are removed and then re-boxed immediately
It is common for a trinocular operation to have both a basic type and a wrapper type.
Workaround:
Integer a = null;
//...
A = (A = = null)? 0:a;
This problem occurs when a is not NULL, is unboxing, and is then boxed when the value is assigned. This is an automatic packing and unpacking feature, as long as there are different types in the operation, and when it comes to type conversion, the compiler will transform downward and then perform the operation. Modify method, Uniform type:
Integer a = null;
//...
A = (A = = null)? Integer.valueof (0): A;


(d) [Se_bad_field]
Description: Non-transient non-serializable instance field in serializable class there are data that cannot be serialized or not staged in the serializable classes
Workaround:
Method 1: Serialize the object
Method 2: When developed with the STRUTS2 framework, the inevitable problem arises because Actionsupport implements the serialization interface, the action inherits this class, and the service is not serialized, so the error is prompted when referencing the service object in action. The simplest solution is to declare the service object as transient, that is, the service does not need to serialize
Method 3 (not verified): To avoid Java serialization you need to implement WriteObject () and ReadObject () method in your Class and need to Throw Notserializableexceptionfrom those method. (Implement both methods in action?)
private void WriteObject (Java.io.ObjectOutputStream stream) throws Java.io.IOException {
throw new Java.io.NotSerializableException (GetClass (). GetName ());
}
private void ReadObject (Java.io.ObjectInputStream stream) throws Java.io.IOException, ClassNotFoundException {
throw new Java.io.NotSerializableException (GetClass (). GetName ());
}


(v) [Np_load_of_known_null_value]
Description: Load of known null value loads known as null
Workaround: The known method parameter is NULL, passing NULL instead of parameter name


(vi) [rec_catch_exception]
Description: Exception was caught when Exception was not thrown has not done any processing after a generic catch exception or catch exception
Workaround: Exception classification capture (at least print out this exception object)


(vii) [NP_NULL_PARAM_DEREF]
Description: null passed for nonnull parameter pass NULL value to non-null parameter
WORKAROUND: Increase non-null judgment


(eight) [Np_immediate_dereference_of_readline]
Description: Immediate dereference of the result of ReadLine () immediately refers to the results of ReadLine ()
WORKAROUND: Determine if the result of the ReadLine is empty


(ix) [EI_EXPOSE_REP] Malicious Code vulnerability
Description: May expose internal representation by returning Getter method return reference type
The getter for Eclipse Auto-generated reference types (object, array, date, and so on), setter methods, or by referencing operations on Mutable objects exposes the internal implementation of the code, as long as the returned or assigned object is not the original reference object.
Workaround:
Take the date type as an example:
Public Date Gethappentime () {
if (happentime! = null) {
Return (Date) Happentime.clone ();
}
return null;
}


(10) [EI_EXPOSE_REP2] Malicious Code vulnerability
Description: May expose internal representation by storing a externally mutable object into setter method return reference type
The getter for Eclipse Auto-generated reference types (object, array, date, and so on), setter methods, or by referencing operations on Mutable objects exposes the internal implementation of the code, as long as the returned or assigned object is not the original reference object.
Workaround:
Take the date type as an example:
public void Sethappentime (Date happentime) {
if (happentime! = null) {
This.happentime = (Date) happentime.clone ();
}else{
This.happentime = null;
}
}

FindBugs Common error descriptions and workarounds