FindBugs - · What is FindBugs •FindBugs is a program that uses static analysis to find bugs in...

FindBugs™

Outline

• What is FindBugs?

• How Does It Works?

• Installation.

• Bugs Code.

• Bug Categories.

• Filter Files

• Rank & Confidence.

• References.

28.01.2019 WiSe18/19 - Software Testing - Bahij Sayegh 2

What is FindBugs

• FindBugs is a program that uses static analysis to find bugs in Java code.

• Created by Bill Pugh and David Hovemeyer.

• v1.0.0 was released on 10.06.2006

• Latest stable version is v3.0.1 released on 06.03.2015

• Unfortunately, FindBugs is no longer supported.


SpotBugs

• A Successor to FindBugs, carrying on from the point where it left off with support of its community.

• Requires JRE 1.8.0 or later to run.

• However, It can analyze programs compiled for any version of Java, from 1.0 to 1.9*.

• It checks for more than 400 Bugs Pattern.


How Does it Work

• By analysing Java bytecode (compiled java classes).

• Doesn‘t require source code.

• It scans byte code for so called bug pattern to find defects and/or suspicious code.


.ClassFile

BugsReport

Installation

• There are two ways to install it.1. Using the stand-alone GUI program:

• Download from official website

• Unzip

• Navigate to finbugs/spotbugs -> lib

• Launch findbugs.jar/spotbugs.jar

2. Using the Eclipse Plugin:• Open the Eclipse marketplace

• Search for findbugs.

• Press the install button


Bugs Code.

Code Description

EQ Bad Covariant Definition of Equals

HE Equal Objects Must Have Equal Hashcodes

IS2 Inconsistent Synchronization

MS Static Field Modifiable By Untrusted Code

NP Null Pointer Dereference

OS Open Stream

RR Read Return Should Be Checked

RV Return Value Should Be Checked

UW Unconditional Wait

WA Wait Not In Loop


Bug Categories.

• Bad Practice: Violations of recommended and essential coding practice.• Ex1: Method with Boolean return type returns explicit

null (NP_BOOLEAN_RETURN_NULL).

• Ex2: Class names should start with an upper case letter (NM_CLASS_NAMING_CONVENTION)


public class main {

public Boolean booleanReturnEx(int n) {

if (n > 3) {

return true;

} else if (n < 1) {

return false;

} else {

return null;

}

}

}

Bug Categories.

• Ex3: Comparison of String objects using == or != (ES_COMPARING_STRINGS_WITH_EQ)

• Ex4:Superclass uses subclass during initialization (IC_SUPERCLASS_USES_SUBCLASS_DURING_INITIALIZATION)


public boolean equals(String string1, String string2){

if (string1 == string2)

return true;

else

return false;

}

public class CircularClassInitialization {

static class InnerClassSingleton extends CircularClassInitialization {

static InnerClassSingleton singleton = new InnerClassSingleton();

}

static CircularClassInitialization foo = InnerClassSingleton.singleton;

}

Bug Categories.

• Correctness: Probable bug - an apparent coding mistake resulting in code that was probably not what the developer intended.• Ex1: Double.longBitsToDouble invoked on an int

(DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT)

• Ex2: Class defines equal(Object); should it be equals(Object)? (NM_BAD_EQUAL)


double convertToDouble(int i) {

return Double.longBitsToDouble(i);

}

public boolean equal(Object o) {

return true;

}

Bug Categories.

• Ex3:Invocation of toString on an array (DMI_INVOKING_TOSTRING_ON_ARRAY)

• Ex4: Invocation of toString on an unnamed array (DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY)


public void print1() {

String[] args2 = new String[] { "Hello", "there" };

System.out.println(args2.toString());

}

public void print2() {

System.out.println((new String[] { "one", "two" }).toString());

}

Bug Categories.

• Internationalization: code flaws having to do with internationalization and locale.• Ex: Reliance on default encoding

(DM_DEFAULT_ENCODING)


public void print1 (String str) {

File file = new File(someFilePath);

Writer w = null;

try {

w = new OutputStreamWriter(new FileOutputStream(file));

} catch (FileNotFoundException e) {

e.printStackTrace();

}

PrintWriter pw = new PrintWriter(w);

char[] someContent = null;

pw.println(someContent);

pw.close();

}

Bug Categories.

• Malicious code vulnerability: code that is vulnerable to attacks from untrusted code.

• Ex1: May expose internal representation by returning reference to mutable object (EI_EXPOSE_REP)


public Date getBirthDate() {

return birthDate;

}

public Date getBirthDate2() {

return (Date) (birthDate.clone());

}

Bug Categories.

• Ex2: May expose internal representation by incorporating reference to mutable object (EI_EXPOSE_REP2)

• Ex3: May expose internal static state by storing a mutable object into a static field (EI_EXPOSE_STATIC_REP2)


public void setBirthDate(final Date birthDate) {

this.birthDate = birthDate;

}

public void setBirthDate2(final Date birthDate) {

this.birthDate = (Date) birthDate.clone();

}

public static void setBirthDate3(Date birthDate) {

birthDate2 = birthDate;

}

Bug Categories.

• Multithreaded Correctness: code flaws having to do with threads, locks, and volatiles.• Ex1: Empty synchronized block (ESync_EMPTY_SYNC)

• Ex2: Synchronize and null check on the same field. (NP_SYNC_AND_NULL_CHECK_FIELD)


static void add(String file) {

synchronized (files) {

if (files == null)

throw new IllegalStateException();

files.add(file);

}

}

private void emptySynchronized() {

synchronized (this) {

// Forgot implementation

}

}

Bug Categories.

• Ex3: Unconditional wait (UW_UNCOND_WAIT)

• Ex4: Wait not in loop (WA_NOT_IN_LOOP)


public void waitForEver() throws Exception {

synchronized (object) {

object.wait();

}

}

public void syncWithoutLoop() throws Exception {

synchronized (object) {

if (!condition)

object.wait();

}

}

Bug Categories.

• Performance: code that is not necessarily incorrect but may be inefficient.• Ex1:Unused field (UUF_UNUSED_FIELD)

• Ex2:Unread field (URF_UNREAD_FIELD)

• Ex3:Method invokes inefficient new String() constructor (DM_STRING_VOID_CTOR)

• Ex4: Method invokes inefficient Number constructor; use static valueOf instead (DM_NUMBER_CTOR)


String useleesString;

String useleesString2 = new String("");

Integer uselessInt = new Integer(15);

Bug Categories.

• Security: A use of untrusted input in a way that could create a remotely exploitable security vulnerability.• Ex1: Empty database password

(DMI_EMPTY_DB_PASSWORD)

• Ex2: Hardcoded constant database password (DMI_CONSTANT_DB_PASSWORD)


Connection getConnection1() throws SQLException {

return DriverManager.getConnection("jdbc:hsqldb:mem:test", "sa", "");

}

Connection getConnection2() throws SQLException {

return DriverManager.getConnection("jdbc:hsqldb:mem:test", "sa", "secret");

}

Bug Categories.

• Dodgy Code: code that is confusing, anomalous, or written in a way that leads itself to errors.• Ex1: Self assignment of local variable

(SA_LOCAL_SELF_ASSIGNMENT)

• Ex2: Switch statement found where default case is missing (SF_SWITCH_NO_DEFAULT)


public void test() {

int x = 3;

x = x;

}

public int test1(String s) {

switch (s) {

case "A": return 1;

case "B": return 2;

}

return 3;

}

Filter Files

• Fillter Files can be used to include or exclude bugs.

• Filter Files are XML Files with the following Structure:


<FindBugsFilter>

<Match>

<Class name="DesiredClass" />

<Method name="nonOverloadedMethod" />

<Method name="nonOverloadedMethod" params="int,java.lang.String" returns="void" />

<Bug category="PERFORMANCE" />

<Bug code="DC" />

<Bug code="DE,UrF,SIC" />

<Bug pattern="DLS_DEAD_LOCAL_STORE" />

</Match>

</FindBugsFilter>

Rank & Confidence.

• Bugs are given rank from 1 – 20.

• Grouped into Four Categories:• Scariest (rank 1 - 4)

• Scary (rank 5 - 9)

• Troubling (rank 10 - 14)

• Of concern (rank 15 - 20)

• Confidence only depicts the confidence level of the occurrence of the bug as evaluated by the analyzer.


References

• http://findbugs.sourceforge.net/

• https://www.baeldung.com/intro-to-findbugs

• https://examples.javacodegeeks.com/core-java/findbugs-eclipse-example/

• https://spotbugs.readthedocs.io/

• Hovemeyer, D., & Pugh, W. (2004). Finding bugs is easy.


http://findbugs.sourceforge.net/

https://www.baeldung.com/intro-to-findbugs

https://examples.javacodegeeks.com/core-java/findbugs-eclipse-example/

https://spotbugs.readthedocs.io/

Thank You For Listening


FindBugs - · What is FindBugs •FindBugs is a program that uses static analysis to find bugs in...

Documents

Transcript of FindBugs - · What is FindBugs •FindBugs is a program that uses static analysis to find bugs in...