Merge branch 'master' into env02

CHANGELOG.md

@@ -5,7 +5,14 @@ This is the changelog for SpotBugs. This follows [Keep a Changelog v1.0.0](http:
 
 Currently the versioning policy of this project follows [Semantic Versioning v2.0.0](http://semver.org/spec/v2.0.0.html).
 
-## Unreleased - 2022-??-??
+## Unreleased - 2023-??-??
+
+### Fixed
+- Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource ([[#2379](https://github.com/spotbugs/spotbugs/issues/2379)])
+
+- tbd
+
+## 4.8.1 - 2023-11-06
 
 ### Fixed
 - Fixed schema location for findbugsfilter.xsd ([[#1416](https://github.com/spotbugs/spotbugs/issues/1416)])

build.gradle

@@ -6,7 +6,7 @@ plugins {
 }
 
 group = 'com.github.spotbugs'
-version = '4.8.1-SNAPSHOT'
+version = '4.8.2-SNAPSHOT'
 
 apply from: "$rootDir/gradle/java.gradle"
 apply from: "$rootDir/gradle/jacoco.gradle"

docs/conf.py

@@ -17,9 +17,9 @@
 
 html_context = {
   'version' : '4.8',
-  'full_version' : '4.8.0',
-  'maven_plugin_version' : '4.8.0.0',
-  'gradle_plugin_version' : '6.0.0-beta.5',
+  'full_version' : '4.8.1',
+  'maven_plugin_version' : '4.8.1.0',
+  'gradle_plugin_version' : '6.0.0',
   'archetype_version' : '0.2.3'
 }
 

spotbugs-tests/src/test/java/edu/umd/cs/findbugs/LoadMessagesTest.java

@@ -0,0 +1,60 @@
+/*
+ * Contributions to SpotBugs
+ * Copyright (C) 2019, The SpotBugs authors
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+package edu.umd.cs.findbugs;
+
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import java.net.URL;
+
+import org.dom4j.DocumentException;
+import org.dom4j.io.SAXReader;
+import org.junit.jupiter.api.Test;
+
+import edu.umd.cs.findbugs.charsets.UTF8;
+import edu.umd.cs.findbugs.io.IO;
+import edu.umd.cs.findbugs.xml.XMLUtil;
+
+/**
+ * @author gtoison
+ *
+ */
+class LoadMessagesTest {
+
+    @Test
+    void loadMessages() {
+        loadMessages("/messages.xml");
+        loadMessages("/messages_fr.xml");
+        loadMessages("/messages_ja.xml");
+    }
+
+    private void loadMessages(String fileName) {
+        URL messageURL = PluginLoader.class.getResource(fileName);
+        SAXReader reader = XMLUtil.buildSAXReader();
+        try (InputStream input = IO.openNonCachedStream(messageURL);
+                Reader stream = UTF8.bufferedReader(input)) {
+            reader.read(stream);
+        } catch (IOException | DocumentException e) {
+            fail("Failed to load messages from file " + fileName, e);
+        }
+    }
+}

spotbugs-tests/src/test/java/edu/umd/cs/findbugs/detect/Issue2379Test.java

@@ -0,0 +1,33 @@
+package edu.umd.cs.findbugs.detect;
+
+import static edu.umd.cs.findbugs.test.CountMatcher.containsExactly;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+import org.junit.jupiter.api.Test;
+
+import edu.umd.cs.findbugs.AbstractIntegrationTest;
+import edu.umd.cs.findbugs.test.matcher.BugInstanceMatcher;
+import edu.umd.cs.findbugs.test.matcher.BugInstanceMatcherBuilder;
+
+
+public class Issue2379Test extends AbstractIntegrationTest {
+    @Test
+    public void test() {
+        performAnalysis("ghIssues/Issue2379.class");
+
+        // Check that we've found the uncalled `unusedValues` private method
+        BugInstanceMatcher bugTypeMatcher = new BugInstanceMatcherBuilder()
+                .bugType("UPM_UNCALLED_PRIVATE_METHOD")
+                .inMethod("unusedValues")
+                .build();
+
+        assertThat(getBugCollection(), containsExactly(1, bugTypeMatcher));
+
+        // Check that it was the one and only bug we've found
+        bugTypeMatcher = new BugInstanceMatcherBuilder()
+                .bugType("UPM_UNCALLED_PRIVATE_METHOD")
+                .build();
+
+        assertThat(getBugCollection(), containsExactly(1, bugTypeMatcher));
+    }
+}

spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindUncalledPrivateMethods.java

@@ -22,6 +22,7 @@
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import org.apache.bcel.Const;
 import org.apache.bcel.classfile.AnnotationEntry;
@@ -32,6 +33,7 @@
 import org.apache.bcel.classfile.ConstantNameAndType;
 import org.apache.bcel.classfile.ConstantPool;
 import org.apache.bcel.classfile.ConstantUtf8;
+import org.apache.bcel.classfile.ElementValuePair;
 import org.apache.bcel.classfile.JavaClass;
 import org.apache.bcel.classfile.Method;
 
@@ -56,13 +58,39 @@ public class FindUncalledPrivateMethods extends BytecodeScanningDetector impleme
     private HashSet<MethodAnnotation> definedPrivateMethods, calledMethods;
 
     private HashSet<String> calledMethodNames;
+    private Set<String> jUnitSourceMethodNames;
 
     public FindUncalledPrivateMethods(BugReporter bugReporter) {
         this.bugReporter = bugReporter;
     }
 
     @Override
     public void visitMethod(Method obj) {
+        for (AnnotationEntry a : obj.getAnnotationEntries()) {
+            String typeName = a.getAnnotationType();
+            if ("Lorg/junit/jupiter/params/provider/MethodSource;".equals(typeName)) {
+                boolean hasValue = false;
+                for (ElementValuePair pair : a.getElementValuePairs()) {
+                    if ("value".equals(pair.getNameString())) {
+                        String sourceMethodName = pair.getValue().stringifyValue();
+                        if (sourceMethodName.length() > 2) {
+                            // Remove the leading '{' and trailing '}'
+                            sourceMethodName = sourceMethodName.substring(1, sourceMethodName.length() - 1);
+                            for (String name : sourceMethodName.split(",")) {
+                                jUnitSourceMethodNames.add(name);
+                                hasValue = true;
+                            }
+                        }
+                    }
+                }
+
+                if (!hasValue) {
+                    // In case there's no value JUnit will look for a method with the same name
+                    jUnitSourceMethodNames.add(obj.getName());
+                }
+            }
+        }
+
         if (!obj.isPrivate() || obj.isSynthetic()) {
             return;
         }
@@ -109,6 +137,7 @@ public void visitClassContext(ClassContext classContext) {
         definedPrivateMethods = new HashSet<>();
         calledMethods = new HashSet<>();
         calledMethodNames = new HashSet<>();
+        jUnitSourceMethodNames = new HashSet<>();
         JavaClass javaClass = classContext.getJavaClass();
         className = javaClass.getClassName();
         String[] parts = className.split("[$+.]");
@@ -150,6 +179,9 @@ public void visitClassContext(ClassContext classContext) {
             if (methodName.equals(simpleClassName) && "()V".equals(m.getMethodSignature())) {
                 continue;
             }
+            if (m.isStatic() && m.toXMethod().getNumParams() == 0 && jUnitSourceMethodNames.contains(methodName)) {
+                continue;
+            }
             if (methodName.length() > 1 && calledMethodNames.contains(methodName.toLowerCase())) {
                 priority = NORMAL_PRIORITY;
             }

spotbugsTestCases/build.gradle

@@ -29,6 +29,7 @@ dependencies {
   implementation 'org.checkerframework:checker-qual:3.40.0'
 
   implementation 'org.junit.jupiter:junit-jupiter-engine:5.10.1'
+  implementation 'org.junit.jupiter:junit-jupiter-params:5.10.1'
   implementation 'org.testng:testng:7.8.0'
 
   implementation project(':spotbugs')

spotbugsTestCases/src/java/ghIssues/Issue2379.java

@@ -0,0 +1,54 @@
+package ghIssues;
+
+import java.util.stream.Stream;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+public class Issue2379 {
+	// Compliant, used as source method for the 'test' method
+	private static Stream<String> values() {
+		return Stream.of("one", "two");
+	}
+
+	@ParameterizedTest
+	@MethodSource("values")
+	public void test(String value) {
+	}
+
+
+	// Compliant, used as source method for the 'defaultValues' method
+	private static int[] defaultValues() {
+		return new int[] {1, 2};
+	}
+
+	/**
+	 * No 'value' in MethodSource so JUnit defaults to a source method with the same name
+	 */
+	@ParameterizedTest
+	@MethodSource
+	public void defaultValues(int value) {
+	}
+
+
+	// Compliant, used as source method for the 'multipleSourcesTest' method
+	private static Stream<String> valuesFromStream() {
+		return Stream.of("one", "two");
+	}
+
+
+	// Compliant, used as source method for the 'multipleSourcesTest' method
+	private static String[] valuesFromArray() {
+		return new String[] { "three", "four" };
+	}
+
+	@ParameterizedTest
+	@MethodSource({"valuesFromStream", "valuesFromArray"})
+	public void multipleSourcesTest(String value) {
+	}
+
+	// Non compliant, uncalled private method
+	private Stream<String> unusedValues(int x) {
+		return Stream.of("one", "two");
+	}
+}