-
Notifications
You must be signed in to change notification settings - Fork 578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should issue warning for SecureRandom object created and used only once #1464
Comments
Thanks for opening your first issue here! 😃 |
… and used only once (spotbugs#1476) * upload tests for issue spotbugs#1464 * fix spotbugs#1464 * execute spotbugs-tests:spotlessApply * extract getClassConstantOperand() to a local variable
This is generating a lot warnings for valid usages. I've added those to the test case and fixed the condition by adding parenthesis. |
Add more test cases and fixed issues spotbugs#1464
With 4.2.3 I'm now seeing false positives because of this change. E.g. this will trigger:
Same for another class where I have a static |
I found a false negative when spotbugs-maven-plugin checked the following line in eclipse/jetty.project.
According to the description of DMI: Random object created and used only once (DMI_RANDOM_USED_ONLY_ONCE):
Spotbugs should generate a warning because the code line
BigInteger serial = BigInteger.valueOf(new SecureRandom().nextLong());
created and used SecureRandom object only once. As noted in the bug description, it should "avoid allocating a new SecureRandom for each random number". However, in the demo, this is allowed by Spotbugs without giving any warning so I think that this is a false negative.The plugin version used is as follow:
Demo
Here is a small demo that could be used as test case. See #1475
The text was updated successfully, but these errors were encountered: