Project Structure
Find Security Bugs is using Maven to handle dependencies, compilation, running test and packaging related task.
- Bug : It is the definition of a vulnerability or sensible point in the application. A bug definition exist by its presence in the findbugs.xml and messages.xml. It can then be reported by any number of detector.
- Detector : A class that implemented the logic to find a bug type. Sometimes refer as "rules" because it is the common designation in other static analysis products.
The project is divided in four modules:
-
plugin: Main project containing the FindBugs detectors. -
findbugs-test-util: Utility classes that make unit test writing shorter. (Example of test case). -
plugin-deps: This provided Mock version of popular Java librairies. Avoid the necessity to download all the libraries used in FindSecurityBugs sample code. -
website: This project contains scripts used to generated the static website hosted on GitHub pages.
Location: plugin/src/main/resources/metadata
The metadata directory contains all the FindBugs configuration files. You will find descriptions in the messages.xml.
Note: Before adding a new language, make sure you committed to maintained the changes before major release. Otherwise the description will become useless as it doesn't sync with the latest detectors.
Location: plugin/src/main/java/com/h3xstream/findsecbugs/
You can find the core of plugin in the com.h3xstream.findsecbugs package.
Misc configurations