Is there an API to obtain the messages in the messages.xml file?

spotbugs / discuss

SpotBugs mailing list

6 stars 1 forks source link

Is there an API to obtain the messages in the messages.xml file? #103

Closed uhafner closed 3 years ago

uhafner commented 3 years ago

I'm reading the bug description messages of the messages.xml file in my Jenkins warnings plugin to enhance the warnings visualization with additional details. Currently I am simply copying the xml file from your distribution (and from findbugs-contrib, and find-sec-bugs) and reading it using an own XML parser. Since I am now adding a compile dependency to the latest SpotBugs version in my module anyway, it would make sense to use the official API if possible to get the warnings descriptions.

I tried to find the corresponding piece of code but it seems to be not so obvious on how to do it. So my question: how can I get the the detailed description for a bug pattern like NP_STORE_INTO_NONNULL_FIELD?

KengoTODA commented 3 years ago

BugPattern#getDetailText() is what you need, but it's same to reading text from messages.xml. We also read messages.xml directly to build profiles for SonarQube.

uhafner commented 3 years ago

Thanks, that works! At least I get the messages for the core rules:

DetectorFactoryCollection collection = new DetectorFactoryCollection();
BugPattern pattern = collection.lookupBugPattern(
                "RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE");
assertThat(pattern.getDetailText())
                .contains("This method contains a redundant check of a known non-null value against\n"
                        + "the constant null.");

The DetectorFactoryCollection seems to have only one member so far. How can I include the bugs from https://find-sec-bugs.github.io?

I found something like Plugin.addCustomPlugin() but that expects a URL which I really don't have in a complex application like Jenkins with its custom class loaders. Should this URL point to the jar file? Or is there a simpler API where I just register the plugin via a given class file?

KengoTODA commented 3 years ago

How can I include the bugs from https://find-sec-bugs.github.io?

You need to add the plugin like below:

https://github.com/spotbugs/spotbugs/blob/b8c95582c3c69d943ac7a054ac41af92d707caec/spotbugs/src/main/java/edu/umd/cs/findbugs/FindBugsCommandLine.java#L137-L153

This code runs when we specify the plugin file path by -pluginList option.

uhafner commented 3 years ago

Thanks for your pointers!

I feared that this is done using plain files (and not using the class loader). This is kind of difficult in a distributed architecture like Jenkins. But I'll try to get this working. If not, there is still the fallback of parsing the XML files.