This repository has been archived by the owner on Jun 9, 2022. It is now read-only.
Extend java-find-secbugs module to include package and class name in error code #108
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
At the moment, java-find-secbugs only allows users to exclude findings based on the the type of bug-pattern. Since the same finding can be a false positive in one part of the code (esp. since findsecbugs also includes library code) but a real problem in another, this PR adds the package
and classname to the error code.
Fixes #107
Type of change
Toolchain
How Has This Been Tested?
Rebuild the Hawkeye Container to get all the tools
Get a Spring Boot project where findsecbugs detects problems in the library
Run Hawkeye against the project. You should see some findings from find-secbugs about spring boot internals and see the extended code
Run Hawkeye again, this time excluding
org.springframework
. Hawkeye should come back without findingsChecklist: