FindBugs integration: alter confidence and/or rank


I am having some ongoing difficulty with the use of String#toUpperCase and String#toLowerCase without Locale arguments in the Hibernate codebase. This is a well documented issue to avoid for things that run in multiple Locales.

I have found that FindBugs does have the ability to check for this usage. However FindBugs decides to report this with LOW confidence (why it makes that decision is beyond me). For me I would like to treat that as a HIGH confidence match (its just one instruction after all) and to treat it as a high/critical/whatever-the-term-is rank.

Can I have the Gradle FindBugs plugin do that for me. To be honest, I am not even sure how one does that in FindBugs itself.

Also, is there any way to have the FindBugs integration filter bugs by rank? I see we can set effort and confidence (reportThreshold) on the extension/task, but no filtering of rank. Do I need to use include/exclude filter files for that?

Hey Steve,

I haven’t gotten a chance to try it yet, but there are some undocumented? options for FindBugs in the source that look like they may increase the severity of reported issues:

You’d have to add something like -adjustPriority DM_CONVERT_CASE=raise, DM_CONVERT_CASE=raise to get it from LOW to HIGH.

Unfortunately, there’s not a way to pass these options to the FindBugs task Gradle uses. I started a thread on gradle-dev to see if we can just add an “escape hatch” on the FindBugs task so users can add arbitrary args.

The “workaround” I could think of right now would be to run FindBugs twice. Once normally and again at a low threshold, looking only for that one particular issue.