代码静态检查报告-会务会展.docx

会务会展静态代码检测报告 检测工具：FindBugs FindBugs通过检查类文件或 JAR文件，将字节码与一组缺陷模式进行对比从而发现代码缺陷，完成静态代码分析。FindBugs既提供可视化 UI 界面，同时也可以作为 Eclipse插件使用。文本将主要使用将 FindBugs作为 Eclipse插件。在安装成功后会在 eclipse中增加 FindBugs perspective，用户可以对指定 Java类或 JAR文件运行 FindBugs，此时 FindBugs会遍历指定文件，进行静态代码分析。 系统检测结果整理如下： （1）Scary(7)： 1）High confidence(4)： ① Impossible Cast(3)： Bug: Impossible cast from org.activiti.bpmn.model.SequenceFlow to org.activiti.bpmn.model.UserTask in com.hte.util.ActFlowUtils.addStartEventComment(String) This cast will always throw a ClassCastException. FindBugs tracks type information from instanceof checks, and also uses more precise information about the types of values returned from methods and loaded from fields. Thus, it may have more precise information that just the declared type of a variable, and can use this to determine that a cast will always throw an exception at runtime. Rank: Scary (9), confidence: High Pattern: BC_IMPOSSIBLE_CAST Type: BC, Category: CORRECTNESS (Correctness) a) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/util/ActFlowUtils.java:350 Impossible cast from org.activiti.bpmn.model.SequenceFlow to org.activiti.bpmn.model.UserTask in com.hte.util.ActFlowUtils.getNextFlowNodesByInstance(String, String) [Scary(9), High confidence] b) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/util/ActFlowUtils.java:340 Impossible cast from org.activiti.bpmn.model.SequenceFlow to org.activiti.bpmn.model.UserTask in com.hte.util.ActFlowUtils.getNextFlowNodesByInstance(String, String) [Scary(9), High confidence] c) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/util/ActFlowUtils.java:406 Impossible cast from org.activiti.bpmn.model.SequenceFlow to org.activiti.bpmn.model.UserTask in com.hte.util.ActFlowUtils.addStartEventComment(String) [Scary(9), High confidence] ② Possible null pointer dereference(1): Bug: Possible null pointer dereference of paymentOrder in com.hte.service.impl.ExhiPaymentOrderServiceImpl.delPaymentOrderInfo(Long) There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs. Rank: Scary (6), confidence: High Pattern: NP_NULL_ON_SOME_PATH Type: NP, Category: CORRECTNESS (Correctness) a) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiPaymentOrderServiceImpl.java:326 Possible null pointer dereference of paymentOrder in com.hte.service.impl.ExhiPaymentOrderServiceImpl.delPaymentOrderInfo(Long) [Scary(6), High confidence] 2) Normal confidence(1): ① Possible null pointer dereference(1): Bug: Possible null pointer dereference of paymentOrder in com.hte.service.impl.ExhiPaymentOrderServiceImpl.delPaymentOrderInfo(Long) There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs. Rank: Scary (6), confidence: High Pattern: NP_NULL_ON_SOME_PATH Type: NP, Category: CORRECTNESS (Correctness) a) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiIncomeSettlementServiceImpl.java:133 Possible null pointer dereference of coaShare in com.hte.service.impl.ExhiIncomeSettlementServiceImpl.submitProposerConfirm(IncomeDTO) [Scary(8), Normal confidence] b) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiProviderServiceImpl.java:144 Possible null pointer dereference of approvalRate in com.hte.service.impl.ExhiProviderServiceImpl.submitToDutyManager(Map) [Scary(8), Normal confidence] c) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiMainInfoServiceImpl.java:210 Possible null pointer dereference of dutyManager in com.hte.service.impl.ExhiMainInfoServiceImpl.saveReceptionistAndSummary(String, String, List, User) [Scary(8), Normal confidence] （2）Troubling(10): 1) High confidence(1): ① Comparison of String parameter using == or != (1): Bug: Comparison of String parameter using == or != in com.htr.util.StringUtil.checkEmail(String) This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead. Rank: Troubling (14), confidence: High Pattern: ES_COMPARING_PARAMETER_STRING_WITH_EQ Type: ES, Category: BAD_PRACTICE (Bad practice) a) D:/Issmart/HTExhibition/HTReception-Common/src/com/htr/util/StringUtil.java:102 Comparison of String parameter using == or != in com.htr.util.StringUtil.checkEmail(String) [Troubling(14), High confidence] 2) Normal confidence(9): ① Possible null pointer dereference in method on exception path(2) Bug: Possible null pointer dereference of expenseOrder in com.hte.action.ExhiFeeSettleDataAction.loadExpenseDetails(Map) on exception path A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning. Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible. Rank: Troubling (11), confidence: Normal Pattern: NP_NULL_ON_SOME_PATH_EXCEPTION Type: NP, Category: CORRECTNESS (Correctness) a) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/action/ExhiFeeSettleDataAction.java:1561 Possible null pointer dereference of expenseOrder in com.hte.action.ExhiFeeSettleDataAction.loadExpenseDetails(Map) on exception path [Troubling(11), Normal confidence] b) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/util/HttpUtil.java:193 Possible null pointer dereference of map in com.hte.util.HttpUtil.getCoaApprover(String, String, String) on exception path [Troubling(11), Normal confidence] ② Nullcheck of value previously dereferenced(7) Bug: Nullcheck of adjustList at line 248 of value previously dereferenced in com.hte.action.ExhiApplyDataAction.loadDetails(Map) A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous. Rank: Troubling (11), confidence: Normal Pattern: RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE Type: RCN, Category: CORRECTNESS (Correctness) a) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/action/ExhiApplyDataAction.java:248 Nullcheck of adjustList at line 248 of value previously dereferenced in com.hte.action.ExhiApplyDataAction.loadDetails(Map) [Troubling(11), Normal confidence] b) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/action/ExhiFeeSettleDataAction.java:551 Nullcheck of exhiProviderPayment at line 551 of value previously dereferenced in com.hte.action.ExhiFeeSettleDataAction.editSettleDataInfo(Map) [Troubling(11), Normal confidence] c) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiProviderPaymentServiceImpl.java:232 Nullcheck of totalMoney at line 244 of value previously dereferenced in com.hte.service.impl.ExhiProviderPaymentServiceImpl.queryPaymentMapByList(List, List, List, List) [Troubling(11), Normal confidence] d) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiProviderPaymentServiceImpl.java:1068 Nullcheck of staff at line 1068 of value previously dereferenced in com.hte.service.impl.ExhiProviderPaymentServiceImpl.refundMoneyNotice(Long, Long, String, String) [Troubling(11), Normal confidence] e) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/dao/impl/ExhiExpenseOrderDaoImpl.java:55 Nullcheck of map at line 71 of value previously dereferenced in com.hte.dao.impl.ExhiExpenseOrderDaoImpl.baseExpenseOrderSql(StringBuffer, List, Map) [Troubling(11), Normal confidence] f) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/dao/impl/ExhiPaymentOrderDaoImpl.java:56 Nullcheck of map at line 68 of value previously dereferenced in com.hte.dao.impl.ExhiPaymentOrderDaoImpl.basePaymentOrderSql(StringBuffer, List, Map) [Troubling(11), Normal confidence] g) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiProviderPaymentServiceImpl.java:975 Nullcheck of exhiProvider at line 975 of value previously dereferenced in com.hte.service.impl.ExhiProviderPaymentServiceImpl.consultPrice(Map) [Troubling(11), Normal confidence] （3）Of Concern(2): 1) High confidence(2): ① Return value of method without side effect is ignored(2) Bug: Return value of com.hte.util.Response.failure(String) ignored, but method has no side effect This code calls a method and ignores the return value. However our analysis shows that the method (including its implementations in subclasses if any) does not produce any effect other than return value. Thus this call can be removed. We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong. Common false-positive cases include: - The method is designed to be overridden and produce a side effect in other projects which are out of the scope of the analysis. - The method is called to trigger the class loading which may have a side effect. - The method is called just to get some exception. If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation to instruct FindBugs that ignoring the return value of this method is acceptable. Rank: Of Concern (15), confidence: High Pattern: RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT Type: RV, Category: STYLE (Dodgy code) a) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/service/impl/ExhiPaymentOrderServiceImpl.java:324 Return value of com.hte.util.Response.failure(String) ignored, but method has no side effect [Of Concern(15), High confidence] b) D:/Issmart/HTExhibition/HTExhibition/src/com/hte/action/ExhiApplyDataAction.java:490 Return value of com.hte.util.Response.failure(String) ignored, but method has no side effect [Of Concern(15), High confidence] 7