New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EI_EXPOSE_REP2 being reported based off purely on method name #1797
Comments
Thanks for opening your first issue here! 😃 |
- Upgrade easyvalue to 1.3.6 due to default value bug. - Upgrade easymapper to 0.5.2 due to the easyvalue bug mentioned above. - Upgrade easyconfig to 0.8.4 to revert HikariCP upgrade that breaks slf4j 1.7 compatibility. - Downgrade spotbugs-maven-plugin to 4.2.3 due to an EI_EXPOSE_REP2 bug (spotbugs/spotbugs#1797). - Upgrade checkstyle to 9.2.
We also have a problem with this, we upgraded to spotbugs 4.5.3 (from 4.0.0) and suddenly hundreds of errors while most of them are false positives. we disabled the warning for now. Subscribed to hear about progress on this. |
Same here. Lots of reports of |
I found a workaround. Using the original poster's example:
It seems wrapping it in Objects.requireNonNull() is sufficient to thwart the detection of this "bug." |
spotbugs/spotbugs/src/main/java/edu/umd/cs/findbugs/util/MutableClasses.java Lines 103 to 108 in 2fdbb01
spotbugs/spotbugs/src/main/java/edu/umd/cs/findbugs/util/MutableClasses.java Lines 62 to 64 in 2fdbb01
I think the heuristic is a bit too aggressive here: considering the interest in this issue, there are many false positives detected. |
fixed via #2514 |
Hello @hazendaz, the issue is not fixed unfortunately: #2514 mitigates the problem for enums and records, but other classes might be recognized as mutable solely because they have a method whose name starts with one of the suspcious prefixes: spotbugs/spotbugs/src/main/java/edu/umd/cs/findbugs/util/MutableClasses.java Lines 62 to 64 in 2fdbb01
One way to improve would be to let the users supply their own "setter like prefixes"? |
Not really sure if this is a bug or a feature, but it seems spotbugs (4.3+) is reporting
EI_EXPOSE_REP2
purely based off the method name. For example I have the following:and then
EI_EXPOSE_REP2
(tested all the way to 4.4.2)However if I rename
delete
to something else (saydeleete
) then it no longer reportsEI_EXPOSE_REP2
which makes me think it's just looking at the method name?Kinda makes this Bug useless... All our projects are suddenly reporting hundreds of
EI_EXPOSE_REP2
Is this expected behaviour?
The text was updated successfully, but these errors were encountered: