8

I am in the process of evaluating FindBugs and am trying to make use of the excludeFilter so that the tool does not process the test packages or the generated ejb stubs.

I have tried the following:

<FindBugsFilter>
<!-- Match any test packages -->
<Match>
    <Package name="~.*\.test"/>
</Match>
<Match>
    <Or>
        <Class name="~.*\.^_*"/>
        <Class name="~.*EJS*"/>
    </Or>
    <Bug pattern="MALICIOUS_CODE"/>
</Match>

The generated EJB's are still being looked at. Can someone provide some better direction on this.

I want to exclude out all classes that start with "_"

Example:

com/mycompany/business/admin/ejb/_AdminRemoteHome_Stub.java

com/mycompany/business/admin/ejb/_EJSRemoteStatelessAdminHome_054d51b9_Tie.java

Updated filter file.

I change the filter file to the following structure using the suggested regx changes and now things are working as expected:

<FindBugsFilter>
<!-- Match any test packages -->
<Match>
    <Package name="~.*\.test"/>
</Match>
<Match>
    <Class name="~.*\._.*"/>
</Match>
<Match>
    <Class name="~.*?EJS.*"/>       
</Match>

Looks like I need to go back and brush up on my regx.

boyd4715
  • 2,701
  • 10
  • 48
  • 75
  • Are EJS classes still showing up? Do you have only the problem for '_' classes now? – VonC Jul 02 '09 at 11:35

3 Answers3

8

Regarding FindBugFilter,

(just to be sure) are you sure you are considering the compiled class files directories, and not the sourcePath? (as mentioned in this SO answer).

From the Java element name matching section:

If the name attribute of Class, Method or Field starts with the ~ character the rest of attribute content is interpreted as a Java regular expression that is matched against the names of the Java element in question.

Would the following regex be more accurate?

    <Class name="~.*\._.*"/>
    <Class name="~.*?EJS.*"/>

  • ".*\._.*" instead of ".*\.^_*" because the anchor is supposed to match at the start of the string the regex pattern is applied to.

  • ".*?EJS.*" instead of ".*EJS*" because the ? quantifier makes the matching lazy, avoiding to 'eat' EJS. (Plus "S*" means "0 or n S", which does not help here)

anre
  • 3,617
  • 26
  • 33
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I just used your suggestion but the classes are still showing up in the report. – boyd4715 Jul 02 '09 at 11:06
  • Here is what the report is generating: com/mycompany/business/admin/ejb/_AdminRemoteHome_Stub.java 2 Line 33 MALICIOUS_CODE May expose internal representation by returning reference to mutable object – boyd4715 Jul 02 '09 at 11:11
  • 2
    I have the same problem, it doesnt even exclude: – HaveAGuess Dec 14 '11 at 17:31
1

My findbugs exclude file was not working as above. I'm using the findbugs-maven-plugin v3.0.0. To resolve the issue I ran a build which generated findbugsXml.xml, then issued:

mvn findbugs:gui

This starts the User Interface to findbugs. I then loaded the findbugsXml.xml file, navigated to the warnings I desired excluded, excluded them and then saved the exclusions to findbugs_exclude.xml. I added this to the maven plugin as 

<excludeFilterFile>findbugs_exclude.xml</excludeFilterFile>

The generated file works and the exclusions are truly omitted from the findbugs report.

Another great tip I found for the maven plugin was to add:

<omitVisitors>UnreadFields</omitVisitors>
Kenster
  • 23,465
  • 21
  • 80
  • 106
anonymous
  • 11
  • 1
  • This actually doesn't work at all. I desire to have *all* current warnings excluded, so I selected the root of the warnings, saved the exclusions to `findbugs_exclude.xml`, and all I got an empty file, only containing ``. – Amedee Van Gasse Apr 02 '19 at 08:54
  • the `` element means "Don't use this filter file". You need to wrap it in the `` element. – mal Feb 14 '22 at 12:21
0

It is helpful to mention that if a class is supposed to be excluded, be careful with its inner classes. It took me hours to find out that instead of 

<Match>
    <Class name="com.some.Proto" /> <!--or com.some.Proto$.*-->
</Match>

I should use the following config with its inner classes listed one by one

<Match>
    <Or>
    <Class name="com.some.Proto$Event" />
    <Class name="com.some.Proto$Msg" />
    <Class name="com.some.Proto$Query" />
    </Or>
</Match>

And so far I haven't found out how to exclude a class and all its subclass (not a clue in filter), a simple regex like com.some.Proto$.* just does not work. And I also noticed that $ in regex means the end of line, while findbugs read it as a text character I think, otherwise it should have been com.some.Proto\$Query. Besides, a valuable regex tester helped me on regex by explaining every character in it.

Tiina
  • 4,285
  • 7
  • 44
  • 73