added findbugs to the POM with some initial filter file

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@11276 71c3de6d-444a-0410-be80-ed276b4c234a

core/pom.xml

@@ -127,6 +127,25 @@
         <build.version>${version}</build.version>
       </properties>
     </profile>
+    <profile>
+      <!-- run findbugs for better error detection -->
+      <id>findbugs</id>
+      <reporting>
+        <plugins>
+          <plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>findbugs-maven-plugin</artifactId>
+            <version>1.2</version>
+            <configuration>
+              <effort>Max</effort>
+              <threshold>Normal</threshold>
+              <onlyAnalyze>hudson.-</onlyAnalyze>
+              <excludeFilterFile>src/findbugs-filter.xml</excludeFilterFile>
+            </configuration>
+          </plugin>
+        </plugins>
+      </reporting>
+    </profile>
     <profile>
       <id>hudson-libs-local</id>
       <!-- if we have the libs checked out of CVS, use them directly -->

core/src/findbugs-filter.xml

@@ -0,0 +1,11 @@
+<FindBugsFilter>
+  <Match>
+    <!-- It's hard to imagine a scenario where Hudson is granted higher privilege but called by a lower privileged client. -->
+    <Bug pattern="DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED" />
+  </Match>
+  <Match>
+    <!-- Hudson defines mutable static field throughout the code so that debug features can be selectively made on and off at runtime -->
+    <Bug pattern="MS_SHOULD_BE_FINAL" />
+  </Match>
+
+</FindBugsFilter>