New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any plans to support kotlin? #573
Comments
I tried using this to analyze my kotlin codes, no effect. Only bugs in Java codes are displayed. |
I have been developing in Kotlin for few projects. Looking at the bytecode, I would say that this JVM language is by far the easiest to support if compare to Scala or Groovy.
|
@ice1000 you say
For some reason I do have effects from this, just not ones I desired. On this input class: data class CSVRecord(private val columns: SortedSet<CSVColumn>) : Iterable<String> {
override fun iterator(): Iterator<String> {
return columns.map { it.value }.iterator()
}
} I get:
and many instances of override fun iterator(): Iterator<String> {
return columns.map { it.value }.iterator()
} Not sure whether the latter is actually my mistake or not. |
Hi |
detekt says it uses the kotlin parse tree, where spotbugs is bytecode analysis. |
Spotbugs does not support Kotlin yet and still running it results in bogus violations being reported. Also see spotbugs/spotbugs#573. Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch-si.com>
Spotbugs does not support Kotlin yet and still running it results in bogus violations being reported. Also see spotbugs/spotbugs#573. Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch-si.com>
Spotbugs does not support Kotlin yet and still running it results in bogus violations being reported. Also see spotbugs/spotbugs#573. Signed-off-by: Sebastian Schuberth <sebastian.schuberth@bosch-si.com>
Hey, any news in this area? We use the find-sec-bugs plugin and would love to use it for our Kotlin projects as well. |
Theoretically it is possible to run SpotBugs on any Java bytecode. In practice, Kotlin probably generates patterns that SpotBugs doesn't like, but you could probably just write exclusion rules for them. |
So I just ran SpotBugs with it's Maven plugin on a project which contains Java and Kotlin. I added Java class with a know bug pattern from the findsecbugs plugin to the project and SpotBugs complained about it (as I expected it to). Then I converted the same class to Kotlin and it didn't complain. Is that the expected behaviour? From your answer I'd rather expect it to complain maybe about other weird things on top of the actual issue or did I get that wrong? 馃 |
Depends on exactly what byte code it generated. Maybe Kotlin avoids whatever the bug was? |
I doubt it because I used this code and I don't know what Kotlin could do to prevent the issue. |
If anyone is interested I've got a pull request to use SpotBugs to analyze Kotlin in the SonarQube plugin; spotbugs/sonar-findbugs#569 The tricky part is that due to the Kotlin compilation process, the bytecode in a .class file might be from different source files, so I needed to analyse the SMAP section to find which line comes from which source file (and the corresponding line). |
For what it's worth, I tried it out and spotbugs seems to work: https://github.com/tianyu/spotbugs-with-kotlin |
Thanks for the feedback! |
馃榿
The text was updated successfully, but these errors were encountered: