Findbugs plugin is not processing includeFilter correctly?

not-a-bug

(Misagh Moayyed) #1

I am running Gradle 3.0 with the following JVM on MacOS

java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

My Findbugs plugin config looks like this:

findbugs {
        toolVersion = "${findbugsVersion}"
        sourceSets = [sourceSets.main]
        ignoreFailures = false
        reportsDir = file("$project.buildDir/findbugsReports")
        effort = "max"
        reportLevel = "low"
        includeFilter = file("$rootProject.projectDir/findbugs-rules.xml")
    }

    findbugsMain {
        reports {
            xml.enabled = false
            html.enabled = true
        }
    }

My includeFilter looks like this:

<FindBugsFilter>
    <Match>
        <Confidence value="2"/>
        <Rank value="20"/>
        <Bug category="CORRECTNESS,MT_CORRECTNESS,SECURITY,PERFORMANCE,MALICIOUS_CODE,STYLE,BAD_PRACTICE"/>
        <Package name=".+" />
    </Match>
</FindBugsFilter>

Then I run:

gradle findbugsMain

Regardless of what I put in the filter file, (I have played around with all kinds of values and have also put in nonsensical ones just to test) no errors or warnings are ever reported. If I remove the reference to the filter, then FB starts reporting issues in the html report.

This is with FB 3.0.1. The same config with the Maven plugin reports plenty.


(Misagh Moayyed) #2

I should mention that gradle is configured to use findbugs as such for all modules:


...

            apply plugin: "findbugs"

...

            findbugs libraries.findbugs
            findbugs configurations.findbugsPlugins.dependencies
            findbugsPlugins libraries.findbugscontrib
            findbugsPlugins libraries.findbugssec

(Misagh Moayyed) #3

Full reference https://github.com/apereo/cas/blob/master/build.gradle#L319


(Jendrik Johannes) #4

Hi Misagh,

There seems to be a mistake in your package matching pattern. If I replace

<Package name=".+"/>

with

<Package name="~.+" />

it works for me (I tried it on Apereo CAS).

See also: http://findbugs.sourceforge.net/manual/filter.html#d0e2197 (If the name attribute of Class, Source, Method or Field starts with the ~ character the rest of attribute content is interpreted as a Java regular expression…)


(Misagh Moayyed) #5

Thanks very much. That does the trick!