search

mebigfatguy / fb-contrib

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases
http://fb-contrib.sf.net
GNU Lesser General Public License v2.1
154 stars 45 forks source link

Code compiled with target 11 (and not 1.8) does not find all bug warnings #465

Open lgemeinhardt opened 7 months ago

lgemeinhardt commented 7 months ago

This sample code should find the "LO_APPENDED_STRING_IN_FORMAT_STRING" bug warning :

package sample;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

public class Sample {

    private static final Logger LOG = LogManager.getLogger();

    public static void main(final String[] args) {
        LOG.error("main args " + args.length); // should raise LO_APPENDED_STRING_IN_FORMAT_STRING bug warning
    }

}

And does it, if compiled with target 1.8, but not if compiled with target 11. Tested with JDK 11, 17 and 21.

mebigfatguy commented 6 days ago

The issue is the compiler is chosing

void error(Object message);

rather than

void error(String message);

so that check is bypassed. can be fixed.