Findbugs XML report missing rank

StackOverflow https://stackoverflow.com/questions/21776906

  •  11-10-2022
  •  | 
  •  

Question

All bugs found by FindBugs are given a bug rank, but the bug rank does not appear in FindBugs's XML report output.

From the FindBugs documentation:

Bug Rank - bugs are given a rank 1-20, and grouped into the categories scariest (rank 1-4), scary (rank 5-9), troubling (rank 10-14), and of concern (rank 15-20).

Priority renamed confidence - many people were confused by the priority reported by FindBugs, and considered all HIGH priority issues to be important. To reflect the actual meaning of this attribute of issues, it has been renamed confidence. Issues of different bug patterns should be compared by their rank, not their confidence.

I have run Findbugs (v2.0.3 on Windows) both via the GUI and via the ant task

<findbugs home="${findbugs.home}" output="xml"
  outputFile="${report.dir}/findbugs/findbugs-report.xml" jvmargs="-Xmx512M">
   <auxClasspath>
      <fileset dir="${lib.dir}/dist" includes="*.jar"/>
   </auxClasspath>
   <sourcePath path="${src.dir}"/>
   <class location="${dist.dir}/mylibrary.jar"/>
</findbugs>

In the GUI I output XML via "File → Save As → FindBugs analysis results (*xml)".

In both cases, the XML outputs fine with the same Findbugs bug instances.

However, in neither case do the <BugInstance> elements contain values for the rank attribute. e.g. I they are something like:

<BugInstance type="DM_DEFAULT_ENCODING" priority="1" abbrev="Dm" category="I18N">
...
</BugInstance>

  1. Does anyone know whether <BugInstance> elements should contain values for the rank attribute?

  2. If they should, does anyone know how to get the rank into the XML from either the GUI or ant task?

I've looked in the Findbugs installation folder at the bugcollection.xsd file which lists 

<xs:attribute name="rank" type="xs:unsignedInt" use="optional"/>

Implying that rank could appear in the XML report.

I've done a Google search for related topics, and most pages mention filters, but I'm not looking to filter the bug instances, just output all the bug instances with their rank value - unless I'm not understanding what filters do.

Thanks a lot for any advice.

Was it helpful?

Solution

There is a txt file in etc diectory of findbugs source files. it defined the rank of category or some special bugpatern. like:

+1 BugKind RCN
+1 BugKind NP
-2 BugKind XSS
+5 Category CORRECTNESS
+5 Category SECURITY
+12 Category MT_CORRECTNESS
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top