Merge pull request #224 from spotbugs/release-3.9-with-updated-xml

Release 3.9 with updated xml

README.md

@@ -1,6 +1,6 @@
 # SonarQube Spotbugs Plugin
 [![Build Status](https://travis-ci.org/spotbugs/sonar-findbugs.svg?branch=master)](https://travis-ci.org/spotbugs/sonar-findbugs)
-![FindBugs Rules](https://img.shields.io/badge/SpotBugs_rules-818-brightgreen.svg?maxAge=2592000)
+![FindBugs Rules](https://img.shields.io/badge/SpotBugs_rules-871-brightgreen.svg?maxAge=2592000)
 [![Coverage Status](https://sonarcloud.io/api/project_badges/measure?project=com.github.spotbugs%3Asonar-findbugs-plugin&metric=coverage)](https://sonarcloud.io/component_measures?id=com.github.spotbugs:sonar-findbugs-plugin&metric=coverage)
 
 ## Description / Features
@@ -46,4 +46,5 @@ Findbugs Plugin version|Embedded SpotBugs/Findbugs version|Embedded Findsecbugs
 3.6                    | 3.1.0 RC4 (SpotBugs)             | 1.6.0                      | 7.0.0                     | 1.8|5.6.7|4.15.0.12310
 3.7                    | 3.1.2 (SpotBugs)                 | 1.7.1                      | 7.2.1sb                   | 1.8|6.7.1|5.1.0.13090
 3.8                    | 3.1.6 (SpotBugs)                 | 1.8.0                      | 7.4.3sb                   | 1.8|6.7.1|5.1.0.13090
-3.9-SNAPSHOT           | 3.1.8 (SpotBugs)                 | 1.8.0                      | 7.4.3sb                   | 1.8|6.7.1|5.2.0.13398
+3.9                    | 3.1.8 (SpotBugs)                 | 1.8.0                      | 7.4.3sb                   | 1.8|6.7.1|5.2.0.13398
+3.10-SNAPSHOT          | 3.1.8 (SpotBugs)                 | 1.8.0                      | 7.4.3sb                   | 1.8|6.7.1|5.2.0.13398

RELEASE_PROCEDURE.md

@@ -8,7 +8,9 @@ When you release fixed version of SonarQube SpotBugs Plugin, please follow these
 git checkout -b master-release
 ```
 
-* change version number in `pom.xml` to stable version (e.g. `1.2.3`), then commit changes 
+* Make sure profile XMLs are updated. See [`generate_progiles/README.md`](generate_progiles/README.md) for detail.
+
+* change version number in `pom.xml` to stable version (e.g. `1.2.3`), then commit changes
 
 ```
 mvn versions:set -DnewVersion=1.2.3

generate_profiles/BuildXmlFiles.groovy

@@ -3,13 +3,13 @@ import FsbClassifier;
 import static FsbClassifier.*;
 @Grapes([
 
-    @Grab(group='com.github.spotbugs', module='spotbugs', version='3.1.6'),
+    @Grab(group='com.github.spotbugs', module='spotbugs', version='3.1.8'),
     @Grab(group='com.mebigfatguy.fb-contrib', module='fb-contrib', version='7.4.3.sb'),
     @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.8.0')]
 )
 
 
-FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '3.1.6')
+FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '3.1.8')
 CONTRIB = new Plugin(groupId: 'com.mebigfatguy.fb-contrib', artifactId: 'fb-contrib', version: '7.4.3.sb')
 FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.8.0')
 
@@ -263,4 +263,4 @@ totalCount += writeProfile("findbugs-security-jsp", securityJspRules)
 //unclassifiedBugs = getAllPatternsFromPlugin(FSB) - (informationnalPatterns + cryptoBugs + majorBugs + majorBugsAuditOnly + criticalBugs + findBugsPatterns + exclusions + criticalJspBugs + majorJspBugs)
 //unclassifiedBugs.each {b -> println(b)}
 
-println "Total bugs patterns "+totalCount
+println "Total bugs patterns "+totalCount

pom.xml

@@ -4,7 +4,7 @@
 
   <groupId>com.github.spotbugs</groupId>
   <artifactId>sonar-findbugs-plugin</artifactId>
-  <version>3.9.0-SNAPSHOT</version>
+  <version>3.10.0-SNAPSHOT</version>
   <packaging>sonar-plugin</packaging>
 
   <name>SonarQube SpotBugs Plugin</name>

src/main/java/org/sonar/plugins/findbugs/rules/FindbugsRulesDefinition.java

@@ -29,7 +29,7 @@ public final class FindbugsRulesDefinition implements RulesDefinition {
 
   public static final String REPOSITORY_KEY = "findbugs";
   public static final String REPOSITORY_NAME = "FindBugs";
-  public static final int RULE_COUNT = 452;
+  public static final int RULE_COUNT = 442;
   public static final int DEACTIVED_RULE_COUNT = 6;
 
   @Override

src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-and-fb-contrib.xml

@@ -1112,39 +1112,9 @@
   <Match>
     <Bug pattern='DMI_NONSERIALIZABLE_OBJECT_WRITTEN' />
   </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT' />
-  </Match>
   <Match>
     <Bug pattern='VA_FORMAT_STRING_USES_NEWLINE' />
   </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_CONVERSION' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_CONVERSION_FROM_ARRAY' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_ARG_MISMATCH' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_ILLEGAL' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_MISSING_ARGUMENT' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_ARGUMENT' />
-  </Match>
   <Match>
     <Bug pattern='VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG' />
   </Match>

src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-only.xml

@@ -1112,39 +1112,9 @@
   <Match>
     <Bug pattern='DMI_NONSERIALIZABLE_OBJECT_WRITTEN' />
   </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT' />
-  </Match>
   <Match>
     <Bug pattern='VA_FORMAT_STRING_USES_NEWLINE' />
   </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_CONVERSION' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_CONVERSION_FROM_ARRAY' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_ARG_MISMATCH' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_ILLEGAL' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_MISSING_ARGUMENT' />
-  </Match>
-  <Match>
-    <Bug pattern='VA_FORMAT_STRING_BAD_ARGUMENT' />
-  </Match>
   <Match>
     <Bug pattern='VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG' />
   </Match>

src/main/resources/org/sonar/plugins/findbugs/profile-findbugs-security-minimal.xml

@@ -245,9 +245,6 @@
   <Match>
     <Bug pattern='HTTP_PARAMETER_POLLUTION' />
   </Match>
-  <Match>
-    <Bug pattern='INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE' />
-  </Match>
   <Match>
     <Bug pattern='SMTP_HEADER_INJECTION' />
   </Match>

src/main/resources/org/sonar/plugins/findbugs/rules-findbugs.xml

@@ -3416,7 +3416,7 @@ use <code>0xff & b</code>.
     <configKey>INT_BAD_COMPARISON_WITH_INT_VALUE</configKey>
     <description>&lt;p&gt; This code compares an int value with a long constant that is outside
 the range of values that can be represented as an int value.
-This comparison is vacuous and possibly to be incorrect.
+This comparison is vacuous and possibly incorrect.
 &lt;/p&gt;</description>
     <tag>correctness</tag>
     <tag>bug</tag>
@@ -4405,21 +4405,6 @@ If the object is, indeed, non-serializable, an error will result.
 &lt;/p&gt;</description>
     <tag>style</tag>
   </rule>
-  <rule key='VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT' priority='MAJOR'>
-    <name>Correctness - No previous argument for format string</name>
-    <configKey>VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT</configKey>
-    <description>&lt;p&gt;
-The format string specifies a relative index to request that the argument for the previous format specifier
-be reused. However, there is no previous argument.
-For example,
-&lt;/p&gt;
-&lt;p&gt;&lt;code&gt;formatter.format("%&amp;lt;s %s", "a", "b")&lt;/code&gt;
-&lt;/p&gt;
-&lt;p&gt;would throw a MissingFormatArgumentException when executed.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
   <rule key='VA_FORMAT_STRING_USES_NEWLINE' priority='MAJOR'>
     <name>Bad practice - Format string should use %n rather than \n</name>
     <configKey>VA_FORMAT_STRING_USES_NEWLINE</configKey>
@@ -4429,117 +4414,6 @@ This format string includes a newline character (\n). In format strings, it is g
 &lt;/p&gt;</description>
     <tag>bad-practice</tag>
   </rule>
-  <rule key='VA_FORMAT_STRING_BAD_CONVERSION' priority='MAJOR'>
-    <name>Correctness - The type of a supplied argument doesn't match format specifier</name>
-    <configKey>VA_FORMAT_STRING_BAD_CONVERSION</configKey>
-    <description>&lt;p&gt;
-One of the arguments is incompatible with the corresponding format string specifier.
-As a result, this will generate a runtime exception when executed.
-For example, &lt;code&gt;String.format("%d", "1")&lt;/code&gt; will generate an exception, since
-the String "1" is incompatible with the format specifier %d.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN' priority='INFO'>
-    <name>Style - Non-Boolean argument formatted using %b format specifier</name>
-    <configKey>VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN</configKey>
-    <description>&lt;p&gt;
-An argument not of type Boolean is being formatted with a %b format specifier. This won't throw an
-exception; instead, it will print true for any non-null value, and false for null.
-This feature of format strings is strange, and may not be what you intended.
-&lt;/p&gt;</description>
-    <tag>style</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_BAD_CONVERSION_FROM_ARRAY' priority='MAJOR'>
-    <name>Correctness - Array formatted in useless way using format string</name>
-    <configKey>VA_FORMAT_STRING_BAD_CONVERSION_FROM_ARRAY</configKey>
-    <description>&lt;p&gt;
-One of the arguments being formatted with a format string is an array. This will be formatted
-using a fairly useless format, such as [I@304282, which doesn't actually show the contents
-of the array.
-Consider wrapping the array using &lt;code&gt;Arrays.asList(...)&lt;/code&gt; before handling it off to a formatted.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_ARG_MISMATCH' priority='MAJOR'>
-    <name>Correctness - Number of format-string arguments does not correspond to number of placeholders</name>
-    <configKey>VA_FORMAT_STRING_ARG_MISMATCH</configKey>
-    <description>&lt;p&gt;
-A format-string method with a variable number of arguments is called,
-but the number of arguments passed does not match with the number of
-% placeholders in the format string.  This is probably not what the
-author intended.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED' priority='MAJOR'>
-    <name>Correctness - MessageFormat supplied where printf style format expected</name>
-    <configKey>VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED</configKey>
-    <description>&lt;p&gt;
-A method is called that expects a Java printf format string and a list of arguments.
-However, the format string doesn't contain any format specifiers (e.g., %s) but
-does contain message format elements (e.g., {0}).  It is likely
-that the code is supplying a MessageFormat string when a printf-style format string
-is required. At runtime, all of the arguments will be ignored
-and the format string will be returned exactly as provided without any formatting.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED' priority='MAJOR'>
-    <name>Correctness - More arguments are passed than are actually used in the format string</name>
-    <configKey>VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED</configKey>
-    <description>&lt;p&gt;
-A format-string method with a variable number of arguments is called,
-but more arguments are passed than are actually used by the format string.
-This won't cause a runtime exception, but the code may be silently omitting
-information that was intended to be included in the formatted string.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_ILLEGAL' priority='MAJOR'>
-    <name>Correctness - Illegal format string</name>
-    <configKey>VA_FORMAT_STRING_ILLEGAL</configKey>
-    <description>&lt;p&gt;
-The format string is syntactically invalid,
-and a runtime exception will occur when
-this statement is executed.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_MISSING_ARGUMENT' priority='MAJOR'>
-    <name>Correctness - Format string references missing argument</name>
-    <configKey>VA_FORMAT_STRING_MISSING_ARGUMENT</configKey>
-    <description>&lt;p&gt;
-Not enough arguments are passed to satisfy a placeholder in the format string.
-A runtime exception will occur when
-this statement is executed.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
-  <rule key='VA_FORMAT_STRING_BAD_ARGUMENT' priority='MAJOR'>
-    <name>Correctness - Format string placeholder incompatible with passed argument</name>
-    <configKey>VA_FORMAT_STRING_BAD_ARGUMENT</configKey>
-    <description>&lt;p&gt;
-The format string placeholder is incompatible with the corresponding
-argument. For example,
-&lt;code&gt;
-  System.out.println("%d\n", "hello");
-&lt;/code&gt;
-&lt;p&gt;The %d placeholder requires a numeric argument, but a string value is
-passed instead.
-A runtime exception will occur when
-this statement is executed.
-&lt;/p&gt;</description>
-    <tag>correctness</tag>
-    <tag>bug</tag>
-  </rule>
   <rule key='VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG' priority='MAJOR'>
     <name>Correctness - Primitive array passed to function expecting a variable number of object arguments</name>
     <configKey>VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG</configKey>

src/test/java/org/sonar/plugins/findbugs/FindbugsProfileImporterTest.java

@@ -91,7 +91,7 @@ public void shouldImportCategories() {
     RulesProfile profile = importer.importProfile(new InputStreamReader(input), ValidationMessages.create());
     List<ActiveRule> results = profile.getActiveRules();
 
-    assertThat(results).hasSize(159);
+    assertThat(results).hasSize(150);
     assertThat(profile.getActiveRule(FindbugsRulesDefinition.REPOSITORY_KEY, "BC_IMPOSSIBLE_DOWNCAST")).isNotNull();
   }
 
@@ -148,7 +148,7 @@ public void testImportingXmlFileWithUnknownCategory() {
     RulesProfile profile = importer.importProfile(new InputStreamReader(uncorrectFindbugsXml), messages);
     List<ActiveRule> results = profile.getActiveRules();
 
-    assertThat(results).hasSize(159);
+    assertThat(results).hasSize(150);
     assertThat(messages.getErrors()).isEmpty();
     assertThat(messages.getWarnings()).hasSize(1);
   }

src/test/java/org/sonar/plugins/findbugs/profiles/FindbugsSecurityMinimalProfileTest.java

@@ -45,6 +45,6 @@ public void shouldCreateProfile() {
     // The standard FindBugs include only 9. Fb-Contrib and FindSecurityBugs include other rules
     assertThat(profile.getActiveRulesByRepository(FindbugsRulesDefinition.REPOSITORY_KEY)).hasSize(8);
     // 62 rules total - 20 informational = 42 major or critical
-    assertThat(profile.getActiveRulesByRepository(FindSecurityBugsRulesDefinition.REPOSITORY_KEY)).hasSize(84);
+    assertThat(profile.getActiveRulesByRepository(FindSecurityBugsRulesDefinition.REPOSITORY_KEY)).hasSize(83);
   }
 }