|
|
false positives in current SVN: msg#00052java.findbugs.general
As requested, I did some testing with current SVN. I made a file that has examples of the issues I found on real code @ http://www.clock.org/~matt/bugreport/foo.jar The method beSafe() gets reported as SQL injection via "Nonconstant string passed to execute method on an SQL statement". This is a false, though the code is a little convoluted. I think the appending of cels of a private array of String[] might be what confuses it. I thought that the method passDepthAlong had an invalid "Dead store to a local variable", but I realised the bug while writing this email -- one has to assign the return value of an Integer++ for it to work. Good find! :) -- tangled strands of DNA explain the way that I behave. http://www.clock.org/~matt
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | .war files rejected?, Matt |
|---|---|
| Next by Date: | FindDeadLocalStores / exclude filter issue, Etienne Giraudy |
| Previous by Thread: | .war files rejected?, Matt |
| Next by Thread: | FindDeadLocalStores / exclude filter issue, Etienne Giraudy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |