Add SpotBugs (#207)

Author: mfvanek

buildSrc/build.gradle.kts

@@ -12,4 +12,5 @@ dependencies {
     implementation("com.bmuschko:gradle-docker-plugin:9.4.0")
     implementation("gradle.plugin.com.google.gradle:osdetector-gradle-plugin:1.7.3")
     implementation("de.thetaphi:forbiddenapis:3.8")
+    implementation("com.github.spotbugs.snom:spotbugs-gradle-plugin:6.1.0")
 }

buildSrc/src/main/kotlin/sb-ot-demo.java-conventions.gradle.kts

@@ -5,13 +5,17 @@
  * Licensed under the Apache License 2.0
  */
 
+import com.github.spotbugs.snom.Confidence
+import com.github.spotbugs.snom.Effort
+import com.github.spotbugs.snom.SpotBugsTask
 import net.ltgt.gradle.errorprone.errorprone
 
 plugins {
     id("java")
     id("jacoco")
     id("pmd")
     id("checkstyle")
+    id("com.github.spotbugs")
     id("net.ltgt.errorprone")
     id("com.google.osdetector")
 }
@@ -31,6 +35,10 @@ dependencies {
 
     errorprone("com.google.errorprone:error_prone_core:2.36.0")
     errorprone("jp.skypencil.errorprone.slf4j:errorprone-slf4j:0.1.28")
+
+    spotbugsPlugins("jp.skypencil.findbugs.slf4j:bug-pattern:1.5.0")
+    spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:1.13.0")
+    spotbugsPlugins("com.mebigfatguy.sb-contrib:sb-contrib:7.6.9")
 }
 
 java {
@@ -58,6 +66,20 @@ pmd {
     ruleSets = listOf()
 }
 
+spotbugs {
+    showProgress.set(true)
+    effort.set(Effort.MAX)
+    reportLevel.set(Confidence.LOW)
+    excludeFilter.set(file("${rootDir}/config/spotbugs/exclude.xml"))
+}
+
+tasks.withType<SpotBugsTask>().configureEach {
+    reports {
+        create("xml") { enabled = true }
+        create("html") { enabled = true }
+    }
+}
+
 tasks {
     withType<JavaCompile>().configureEach {
         options.compilerArgs.add("-parameters")
@@ -70,7 +92,7 @@ tasks {
 
     test {
         useJUnitPlatform()
-        dependsOn(checkstyleMain, checkstyleTest, pmdMain, pmdTest)
+        dependsOn(checkstyleMain, checkstyleTest, pmdMain, pmdTest, spotbugsMain, spotbugsTest)
         finalizedBy(jacocoTestReport, jacocoTestCoverageVerification)
         maxParallelForks = 1
     }

config/spotbugs/exclude.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP2,SLF4J_LOGGER_SHOULD_BE_NON_STATIC,IMC_IMMATURE_CLASS_NO_TOSTRING"/>
+    </Match>
+    <Match>
+        <Bug pattern="SPRING_ENDPOINT,CRLF_INJECTION_LOGS,HTTP_RESPONSE_SPLITTING"/>
+    </Match>
+    <Match>
+        <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE,UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"/>
+        <Class name="~.*Test"/>
+    </Match>
+</FindBugsFilter>