FindBugs plugins

FindBugs is a key code quality tool for Java based projects.

It includes several dozens of bug patterns which are used by FindBugs to identify potential bugs and, more in general, weaknesses in our code.

FindBugs has a plugin architecture which can be used to extend the set of detectors (bug patterns) used during the analysis.

There are few open source projects which aim to develop FindBugs plugin.

My preferred one is Fb-Contrib which contains a significant amount of additional detectors. See here for the complete list. Most of them are really useful to detect poor code quality.

Another interesting plugin is Find Security Bugs; the focus here is on security vulnerabilities (list here) like using unsecured random generator or not checking data received from the user.

Let’s have a look at versions dependencies:

JDK FindBugs FB-Contrib Find Security Bugs
7 and 8 3.x 6.x 1.3 and above
5 and 6 2.x 5.x 1.2

All plugins are released in .jar format and they can be easily added to the FindBugs :

  • FindBugs stand-alone: place the jar in the plugins dir inside FindBugs installation dir
  • Eclipse FindBugs plugin: use the plugin options to specify the plugin path or place the jar file inside FindBugs plugins dir
  • NetBeans FindBugs integration: use Custom FindBugs Plugins button inside Editor → Hints → FindBugs page.
  • IntelliJ FindBugs plugin: add new plugin in the Plugin Configuration tab.

After adding new plugins, review the list of detectors enabled. New detectors are usually added but not enabled.

New Java release: 7u40

Oracle has released new Java 7 CPU (see meaning here) release: 7u40.

Complete release notes can be found here but let me mention two important news.

First is related to several improvements and bug fixes for the Mac OS X platform which include support for Retina displays. For more details, look here.

The second one is the inclusion of the JavaFX environment inside the JDK, together with long list of bug fixes.

New Java release: 7u25

Java_LogoOracle has released new Java 7 CPU (see meaning here) release: 7u25.

The release contains, in addition to usual security bug fixes, several changes that are also targeted to improve security.

The complete list of changes is here but let me remark the most important changes:

  • several changes on signed jar management including the check, before execution, that the certificate is valid (not revoked). The check can delay applet/application startup.
  • new attributes on JAR manifest file (permissions, to control jar execution authorizations, and codebase,to control who is using the JAR) has been introduced to let JAR author to better control JAR usage.

Other 40 bug fixes are documented here.