org.sonar.plugins.findbugs.rules-fbcontrib.xml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-findbugs-plugin Show documentation
Show all versions of sonar-findbugs-plugin Show documentation
SpotBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.
<rules><!-- This file is auto-generated. --> <rule key='ISB_INEFFICIENT_STRING_BUFFERING' priority='MAJOR'> <name>Performance - Method passes simple concatenating string in StringBuffer or StringBuilder append</name> <configKey>ISB_INEFFICIENT_STRING_BUFFERING</configKey> <description><p>This method uses <code>StringBuffer</code> or <code>StringBuilder</code>'s append method to concatenate strings. However, it passes the result of doing a simple String concatenation to one of these append calls, thus removing any performance gains of using the <code>StringBuffer</code> or <code>StringBuilder</code> class.</p> <p> Java will implicitly use StringBuilders, which can make this hard to detect or fix. For example, <br/> <pre><code> StringBuilder sb = new StringBuilder(); for (Map.Entry<Integer, String> e : map.entrySet()) { sb.append(e.getKey() + e.getValue()); //bug detected here } </code></pre><br/> gets automatically turned into something like: <br/> <pre><code> StringBuilder sb = new StringBuilder(); for (Map.Entry<Integer, String> e : map.entrySet()) { StringBuilder tempBuilder = new StringBuilder(); tempBuilder.append(e.getKey()); tempBuilder.append(e.getValue()); <b>sb.append(tempBuilder.toString());</b> //this isn't too efficient } </code></pre><br/> which involves a temporary <code>StringBuilder</code>, which is completely unnecessary. To prevent this from happening, simply do:<br/> <pre><code> StringBuilder sb = new StringBuilder(); for (Map.Entry<Integer, String> e : map.entrySet()) { sb.append(e.getKey()); sb.append(e.getValue()); } </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='ISB_EMPTY_STRING_APPENDING' priority='MAJOR'> <name>Performance - Method concatenates an empty string to effect type conversion</name> <configKey>ISB_EMPTY_STRING_APPENDING</configKey> <description><p>This method concatenates an empty string with a literal value, in order to convert the literal value into a string. It is more efficient to use String.valueOf() to do the same thing as you do not incur the cost of creating a StringBuffer/Builder and calling methods on it to accomplish this.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='ISB_TOSTRING_APPENDING' priority='MAJOR'> <name>Correctness - Method concatenates the result of a toString() call</name> <configKey>ISB_TOSTRING_APPENDING</configKey> <description><p>This method concatenates the output of a <code>toString()</code> call into a <code>StringBuffer</code> or <code>StringBuilder</code>. It is simpler just to pass the object you want to append to the append call, as that form does not suffer the potential for <code>NullPointerException</code>s, and is easier to read.</p> <p> Keep in mind that Java compiles simple <code>String</code> concatenation to use <code>StringBuilder</code>s, so you may see this bug even when you don't use <code>StringBuilder</code>s explicitly. </p> <p> Instead of: <br/> <pre><code> StringBuilder builder = ...; builder.append(someObj.toString()); ... System.out.println("Problem with the object :" + someObj.toString()); </code></pre> just do: <br/> <pre><code> StringBuilder builder = ... builder.append(someObj); ... System.out.println("Problem with the object :" + someObj); </code></pre> to avoid the possibility of <code>NullPointerException</code>s when someObj is <code>null</code>. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SCI_SYNCHRONIZED_COLLECTION_ITERATORS' priority='MAJOR'> <name>Correctness - Method creates iterators on synchronized collections</name> <configKey>SCI_SYNCHRONIZED_COLLECTION_ITERATORS</configKey> <description><p>This method uses a synchronized collection, built from Collections.synchronizedXXXX, but accesses it through an iterator. Since an iterator is, by definition, multithreading-unsafe, this is a conflict in concept. When using iterators, you should do the synchronization manually.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CC_CYCLOMATIC_COMPLEXITY' priority='INFO'> <name>Style - Method is excessively complex</name> <configKey>CC_CYCLOMATIC_COMPLEXITY</configKey> <description><p>This method has a high cyclomatic complexity figure, which represents the number of branch points. It is likely difficult to test, and is brittle to change. Consider refactoring this method into several to reduce the risk.</p></description> <tag>style</tag> </rule> <rule key='OCP_OVERLY_CONCRETE_PARAMETER' priority='INFO'> <name>Style - Method needlessly defines parameter with concrete classes</name> <configKey>OCP_OVERLY_CONCRETE_PARAMETER</configKey> <description><p>This method uses concrete classes for parameters when only methods defined in an implemented interface or superclass are used. Consider increasing the abstraction of the interface to make low impact changes easier to accomplish in the future.</p> <p>Take the following example:<br/> <pre><code> private void appendToList(ArrayList&lt;String&gt; list) { if (list.size() &lt; 100) { list.add("Foo"); } } </code></pre> The parameter list is currently defined as an <code>ArrayList</code>, which is a concrete implementation of the <code>List</code> interface. Specifying <code>ArrayList</code> is unnecessary here, because we aren't using any <code>ArrayList</code>-specific methods (like <code>ensureCapacity()</code> or <code>trimToSize()</code>). Instead of using the concrete definition, it is better to do something like:<br/> <pre><code> private void appendToList(List&lt;String&gt; list) { ... </code></pre> If the design ever changes, e.g. a <code>LinkedList</code> is used instead, this code won't have to change. </p> <p>IDEs tend to have tools to help generalize parameters. For example, in Eclipse, the refactoring tool <a href="http://help.eclipse.org/luna/index.jsp?topic=%2Forg.eclipse.jdt.doc.user%2Freference%2Fref-menu-refactor.htm">Generalize Declared Type</a> helps find an appropriate level of concreteness.</p></description> <tag>style</tag> </rule> <rule key='LII_LIST_INDEXED_ITERATING' priority='INFO'> <name>Style - Method uses integer based for loops to iterate over a List</name> <configKey>LII_LIST_INDEXED_ITERATING</configKey> <description><p>This method uses an integer-based <code>for</code> loop to iterate over a java.util.List, by calling List.get(i) each time through the loop. The integer is not used for other reasons. It is better to use an Iterator instead, as depending on List implementation, iterators can perform better, and they also allow for exchanging of other collection types without issue.</p></description> <tag>style</tag> </rule> <rule key='UCC_UNRELATED_COLLECTION_CONTENTS' priority='INFO'> <name>Style - Method adds unrelated types to collection or array</name> <configKey>UCC_UNRELATED_COLLECTION_CONTENTS</configKey> <description><p>This method adds unrelated objects to a collection or array, requiring careful and brittle data access to that collection. Create a separate class with the properties needed, and add an instance of this class to the collection or array, if possible.</p></description> <tag>style</tag> </rule> <rule key='DRE_DECLARED_RUNTIME_EXCEPTION' priority='INFO'> <name>Style - Method declares RuntimeException in throws clause</name> <configKey>DRE_DECLARED_RUNTIME_EXCEPTION</configKey> <description><p>This method declares a RuntimeException derived class in its throws clause. This may indicate a misunderstanding as to how unchecked exceptions are handled. If it is felt that a RuntimeException is so prevalent that it should be declared, it is probably a better idea to prevent the occurrence in code.</p></description> <tag>style</tag> </rule> <rule key='CE_CLASS_ENVY' priority='INFO'> <name>Style - Method excessively uses methods of another class</name> <configKey>CE_CLASS_ENVY</configKey> <description><p>This method makes extensive use of methods from another class over methods of its own class. Typically this means that the functionality that is accomplished by this method most likely belongs with the class that is being used so liberally. Consider refactoring this method to be contained in that class, and to accept all the parameters needed in the method signature.</p></description> <tag>style</tag> </rule> <rule key='LSC_LITERAL_STRING_COMPARISON' priority='INFO'> <name>Style - Method makes literal string comparisons passing the literal as an argument</name> <configKey>LSC_LITERAL_STRING_COMPARISON</configKey> <description><p>This line is in the form of <br/> <pre><code>String str = ... str.equals("someOtherString"); //or str.compareTo("someOtherString");</code></pre> </p> <p>A <code>NullPointerException</code> may occur if the String variable <code>str</code> is <code>null</code>. If instead the code was restructured to<br/> <pre><code>String str = ... "someOtherString".equals(str); //or "someOtherString".compareTo(str);</code></pre><br/> that is, call <code>equals()</code> or <code>compareTo()</code> on the string literal, passing the variable as an argument, then this exception could never happen as both <code>equals()</code> and <code>compareTo()</code> check for <code>null</code>.</p></description> <tag>style</tag> </rule> <rule key='PCOA_PARTIALLY_CONSTRUCTED_OBJECT_ACCESS' priority='MAJOR'> <name>Correctness - Constructor makes call to non-final method</name> <configKey>PCOA_PARTIALLY_CONSTRUCTED_OBJECT_ACCESS</configKey> <description><p>This constructor makes a call to a non-final method. Since this method can be overridden, a subclass' implementation will be executing against an object that has not been initialized at the subclass level. You should mark all methods called from the constructor as final to avoid this problem.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='DLC_DUBIOUS_LIST_COLLECTION' priority='MAJOR'> <name>Performance - Class defines List based fields but uses them like Sets</name> <configKey>DLC_DUBIOUS_LIST_COLLECTION</configKey> <description><p>This class defines a field based on java.util.List, but uses it to some extent like a Set. Since lookup type operations are performed using a linear search for Lists, the performance for large Lists will be poor. If the list is known to only contain a small number of items (3, 4, etc), then it doesn't matter. Otherwise, consider changing this field's implementation to a set-based one. If order of iteration is important to maintain insert order, perhaps consider a LinkedHashSet.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='PL_PARALLEL_LISTS' priority='INFO'> <name>Style - Class defines two or more one for one associated lists or arrays</name> <configKey>PL_PARALLEL_LISTS</configKey> <description><p>This class appears to maintain two or more lists or arrays whose contents are related in a parallel way. That is, you have something like:<br/> <pre><code> List&lt;String&gt; words = new ArrayList&lt;String&gt;(); List&lt;Integer&gt; wordCounts = new ArrayList&lt;String&gt;(); </code></pre> where the elements of the list at index 0 are related, the elements at index 1 are related and so on. </p> <p> Consider creating a separate class to hold all the related pieces of information, and adding instances of this class to just one list or array, or if just two values, use a Map to associate one value with the other like:<br/> <pre><code> private class WordAndCount{public String word; public int count} List&lt;WordAndCount&gt; wordsAndCounts = new ArrayList&lt;WordAndCount&gt;(); //or, for just two elements Map<String,Integer> wordCounts = new HashMap<String,Integer>(); </code></pre> </p></description> <tag>style</tag> </rule> <rule key='FP_FINAL_PARAMETERS' priority='INFO'> <name>Style - Method does not define a parameter as final, but could</name> <configKey>FP_FINAL_PARAMETERS</configKey> <description><p>This method does not write to a parameter. To help document this, and to perhaps help the JVM optimize the invocation of this method, you should consider defining these parameters as final.</p> <p>Performance gains are debatable as "the final keyword does not appear in the class file for local variables and parameters, thus it cannot impact the runtime performance. Its only use is to clarify the coder's intent that the variable not be changed (which many consider dubious reason for its usage), and dealing with anonymous inner classes." - http://stackoverflow.com/a/266981/1447621 </p></description> <tag>style</tag> </rule> <rule key='ACEM_ABSTRACT_CLASS_EMPTY_METHODS' priority='INFO'> <name>Style - Empty method could be declared abstract</name> <configKey>ACEM_ABSTRACT_CLASS_EMPTY_METHODS</configKey> <description><p>This method is empty or merely throws an exception. Since the class it is defined in is abstract, it may be more correct to define this method as abstract instead, so that proper subclass behavior is enforced.</p></description> <tag>style</tag> </rule> <rule key='MAC_MANUAL_ARRAY_COPY' priority='MAJOR'> <name>Performance - Method copies arrays manually</name> <configKey>MAC_MANUAL_ARRAY_COPY</configKey> <description><p>This method copies data from one array to another manually using a loop. It is much better performing to use System.arraycopy as this method is native.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='FPL_FLOATING_POINT_LOOPS' priority='MAJOR'> <name>Correctness - Method uses floating point indexed loops</name> <configKey>FPL_FLOATING_POINT_LOOPS</configKey> <description><p>This method uses floating point variables to index a loop. Since floating point math is imprecise, rounding errors will accumulate over time each time the loop is executed. It is usually better to use integer indexing, and calculate the new value of the floating point number at the top of the loop body.</p> <p>Example: <pre><code> for (float f = 1.0f; f &lt;= 10.0f; f += 0.1f) { System.out.println(f); } </code></pre> The last value printed may not be 10.0, but instead might be 9.900001 or such. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='NCMU_NON_COLLECTION_METHOD_USE' priority='INFO'> <name>Style - Method uses old non collections interface methods</name> <configKey>NCMU_NON_COLLECTION_METHOD_USE</configKey> <description><p>This method makes calls to collection classes where the method is not defined by the Collections interface, and an equivalent method exists in the interface. By using the new methods, you can define this object by the Collections interface and allow better decoupling.</p></description> <tag>style</tag> </rule> <rule key='CAO_CONFUSING_AUTOBOXED_OVERLOADING' priority='MAJOR'> <name>Correctness - Class defines methods which confuse Character with int parameters</name> <configKey>CAO_CONFUSING_AUTOBOXED_OVERLOADING</configKey> <description><p>This class defines two methods that differ only by a parameter being defined as Character vs. int, long, float or double. As autoboxing is present, it may be assumed that a parameter of 'a' would map to the Character version, but it does not.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='AFBR_ABNORMAL_FINALLY_BLOCK_RETURN' priority='MAJOR'> <name>Correctness - Method has abnormal exit from finally block</name> <configKey>AFBR_ABNORMAL_FINALLY_BLOCK_RETURN</configKey> <description><p>This method returns or throws exceptions from a finally block. This will mask real program logic in the try block, and short-circuit normal method termination.</p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S1143} instead.</p></description> <status>DEPRECATED</status> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SMII_STATIC_METHOD_INSTANCE_INVOCATION' priority='INFO'> <name>Style - Method calls static method on instance reference</name> <configKey>SMII_STATIC_METHOD_INSTANCE_INVOCATION</configKey> <description><p>This method makes a static method call on an instance reference. For reading comprehension of the code it is better to call the method on the class, rather than an instance. Perhaps this method's static nature has changed since this code was written, and should be revisited.</p></description> <tag>style</tag> </rule> <rule key='STS_SPURIOUS_THREAD_STATES' priority='MAJOR'> <name>Multi-threading - Method calls wait, notify or notifyAll on a Thread instance</name> <configKey>STS_SPURIOUS_THREAD_STATES</configKey> <description><p>This method invokes the methods <code>wait</code>, <code>notify</code> or <code>notifyAll</code> on a Thread instance. Doing so will confuse the internal thread state behavior, causing spurious thread wakeups/sleeps, because the internal mechanism also uses the thread instance for its notifications.</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_AUTOBOXING_CTOR' priority='MAJOR'> <name>Performance - Method passes primitive wrapper to same primitive wrapper constructor</name> <configKey>NAB_NEEDLESS_AUTOBOXING_CTOR</configKey> <description><p>This method passes a wrapped primitive object to the same class's constructor. Since wrapper classes are immutable, you can just use the original object, rather than constructing a new one. This code works because of an abuse of autoboxing.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_BOXING_STRING_CTOR' priority='MAJOR'> <name>Performance - Method passes parsed string to primitive wrapper constructor</name> <configKey>NAB_NEEDLESS_BOXING_STRING_CTOR</configKey> <description><p>This method passes a primitive value retrieved from a <code>BoxedPrimitive.parseBoxedPrimitive("1")</code> call to the same class's constructor. It is simpler to just pass the string to the BoxedPrimitive constructor or, better yet, use the static valueOf.</p> <p>Instead of something like:<br/> <pre><code> Boolean bo = new Boolean(Boolean.parseBoolean("true")); Float f = new Float(Float.parseFloat("1.234")); </code></pre> Simply do: <br/> <pre><code> Boolean bo = new Boolean("true"); Float f = new Float("1.234"); </code></pre> or, to be more memory efficient: <br/> <pre><code> Boolean bo = Boolean.valueOf("true"); Float f = Float.valueOf("1.234"); </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_AUTOBOXING_VALUEOF' priority='MAJOR'> <name>Performance - Method passes primitive wrapper to Wrapper class valueOf method</name> <configKey>NAB_NEEDLESS_AUTOBOXING_VALUEOF</configKey> <description><p>This method passes a wrapped primitive object to the same class' <code>valueOf</code> method. Since wrapper classes are immutable, you can just use the original object, rather than calling valueOf to create a new one. This code works because of an abuse of autoboxing.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_BOXING_PARSE' priority='MAJOR'> <name>Performance - Method converts String to primitive using excessive boxing</name> <configKey>NAB_NEEDLESS_BOXING_PARSE</configKey> <description><p>This method passes a String to a wrapped primitive object's valueOf method, which in turn calls the boxedValue() method to convert to a primitive. When it is desired to convert from a String to a primitive value, it is simpler to use the BoxedPrimitive.parseBoxedPrimitive(String) method. </p> <p>Instead of something like:<br/> <pre><code> public int someMethod(String data) { long l = Long.valueOf(data).longValue(); float f = Float.valueOf(data).floatValue(); return Integer.valueOf(data); // There is an implicit .intValue() call } </code></pre> Simply do: <br/> <pre><code> public int someMethod(String data) { long l = Long.parseLong(data); float f = Float.parseFloat(data); return Integer.parseInt(data); } </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_BOXING_VALUEOF' priority='MAJOR'> <name>Performance - Method converts String to boxed primitive using excessive boxing</name> <configKey>NAB_NEEDLESS_BOXING_VALUEOF</configKey> <description><p>This method passes a String to a wrapped primitive object's parse method, which in turn calls the <code>valueOf</code> method to convert to a boxed primitive. When it is desired to convert from a String to a boxed primitive object, it is simpler to use the BoxedPrimitive.valueOf(String) method.</p> <p>Instead of something like:<br/> <pre><code> Boolean bo = Boolean.valueOf(Boolean.parseBoolean("true")); Float f = Float.valueOf(Float.parseFloat("1.234")); </code></pre> Simply do: <br/> <pre><code> Boolean bo = Boolean.valueOf("true"); Float f = Float.valueOf("1.234"); </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_BOX_TO_UNBOX' priority='MAJOR'> <name>Performance - Method creates Boxed primitive from primitive only to get primitive value</name> <configKey>NAB_NEEDLESS_BOX_TO_UNBOX</configKey> <description><p>This method constructs a Boxed Primitive from a primitive only to call the primitiveValue() method to convert it back to a primitive. Just use the primitive value instead.</p> <p>Instead of something like:<br/> <pre><code> boolean bo = new Boolean(true).booleanValue(); float f = new Float(1.234f).floatValue(); </code></pre> Simply do: <br/> <pre><code> boolean bo = true; float f = 1.234f; </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_BOX_TO_CAST' priority='MAJOR'> <name>Performance - Method creates Boxed primitive from primitive only to cast to another primitive type</name> <configKey>NAB_NEEDLESS_BOX_TO_CAST</configKey> <description><p>This method constructs a Boxed Primitive from a primitive only to call the primitiveValue() method to cast the value to another primitive type. It is simpler to just use casting.</p> <p>Instead of something like:<br/> <pre><code> double someDouble = ... float f = new Double(someDouble).floatValue(); int someInt = ... byte b = new Integer(someInt).byteValue(); </code></pre> Simply do: <br/> <pre><code> double someDouble = ... float f = (float) someDouble; int someInt = ... byte b = (byte)someInt; </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION' priority='MAJOR'> <name>Performance - Method needlessly boxes a boolean constant</name> <configKey>NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION</configKey> <description><p>This method assigns a Boxed boolean constant to a primitive boolean variable, or assigns a primitive boolean constant to a Boxed boolean variable. Use the correct constant for the variable desired. Use <br/> <pre><code> boolean b = true; boolean b = false; </code></pre> or <br/> <pre><code> Boolean b = Boolean.TRUE; Boolean b = Boolean.FALSE; </code></pre> </p> <p>Be aware that this boxing happens automatically when you might not expect it. For example, <br/> <pre><code> Map<String, Boolean> statusMap = ... public Boolean someMethod() { statusMap.put("foo", true); //the "true" here is boxed return false; //the "false" here is boxed } </code></pre> has two cases of this needless autoboxing. This can be made more efficient by simply substituting in the constant values: <br/> <pre><code> Map<String, Boolean> statusMap = ... public Boolean someMethod() { statusMap.put("foo", Boolean.TRUE); return Boolean.FALSE; } </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='USBR_UNNECESSARY_STORE_BEFORE_RETURN' priority='INFO'> <name>Style - Method stores return result in local before immediately returning it</name> <configKey>USBR_UNNECESSARY_STORE_BEFORE_RETURN</configKey> <description><p>This method stores the return result in a local variable, and then immediately returns the local variable. It would be simpler just to return the value that is assigned to the local variable, directly.</p> <p> Instead of the following: <br/> <pre><code> public float average(int[] arr) { float sum = 0; for (int i = 0; i &lt; arr.length; i++) { sum += arr[i]; } float ave = sum / arr.length; return ave; } </code></pre> Simply change the method to return the result of the division: <br/> <pre><code> public float average(int[] arr) { float sum = 0; for (int i = 0; i &lt; arr.length; i++) { sum += arr[i]; } <b>return sum / arr.length;</b> //Change } </code></pre> </p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S1488} instead.</p></description> <status>DEPRECATED</status> <tag>style</tag> </rule> <rule key='COM_COPIED_OVERRIDDEN_METHOD' priority='INFO'> <name>Style - Method is implemented with an exact copy of its superclass' method</name> <configKey>COM_COPIED_OVERRIDDEN_METHOD</configKey> <description><p>This method is implemented using an exact copy of its superclass method's implementation, which usually means that this method can just be removed.</p></description> <tag>style</tag> </rule> <rule key='COM_PARENT_DELEGATED_CALL' priority='INFO'> <name>Style - Method merely delegates to its superclass's version</name> <configKey>COM_PARENT_DELEGATED_CALL</configKey> <description><p>This method is implemented to just delegate its implementation by calling the superclass method with the same signature. This method can just be removed.</p></description> <tag>style</tag> </rule> <rule key='ABC_ARRAY_BASED_COLLECTIONS' priority='MAJOR'> <name>Correctness - Method uses array as basis of collection</name> <configKey>ABC_ARRAY_BASED_COLLECTIONS</configKey> <description><p>This method passes an array as the key to a Map, element in a Set, or item in a List when the contains method is used on the List. Since arrays do not and cannot override the <code>equals</code> method, collection inclusion is based on the reference's address, which is probably not desired. In the case that this is a TreeMap or TreeSet, consider passing a Comparator to the map's constructor.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='ODN_ORPHANED_DOM_NODE' priority='MAJOR'> <name>Correctness - Method creates DOM node but doesn't attach it to a document</name> <configKey>ODN_ORPHANED_DOM_NODE</configKey> <description><p>This method creates a DOM node but does not attach it to a DOM document.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='AOM_ABSTRACT_OVERRIDDEN_METHOD' priority='MAJOR'> <name>Correctness - Abstract method overrides a concrete implementation</name> <configKey>AOM_ABSTRACT_OVERRIDDEN_METHOD</configKey> <description><p>This abstract method is derived from a concrete method implementation. It is highly suspect that the superclass method's implementation would be cast away.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CBX_CUSTOM_BUILT_XML' priority='INFO'> <name>Style - Method builds XML strings through ad hoc concatenation</name> <configKey>CBX_CUSTOM_BUILT_XML</configKey> <description><p>This method generates an XML based string by concatenating together various XML fragments, and variable values. Doing so makes the code difficult to read, modify and validate. It is much cleaner to build XML structures in external files that are read in and transformed into the final product, through modification by Transformer.setParameter.</p></description> <tag>style</tag> </rule> <rule key='BSB_BLOATED_SYNCHRONIZED_BLOCK' priority='MAJOR'> <name>Performance - Method overly synchronizes a block of code</name> <configKey>BSB_BLOATED_SYNCHRONIZED_BLOCK</configKey> <description><p>This method implements a synchronized block, but the code found at the beginning of this block only accesses local variables, and not member variables or <code>this</code>. For better performance, move the code that accesses local variables only above the synchronized block, and leave the synchronized block only for field accesses, or access to <code>this</code>.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='CLI_CONSTANT_LIST_INDEX' priority='MAJOR'> <name>Correctness - Method accesses list or array with constant index</name> <configKey>CLI_CONSTANT_LIST_INDEX</configKey> <description><p>This method accesses an array or list using a constant integer index. Often, this is a typo where a loop variable is intended to be used. If however, specific list indices mean different specific things, then perhaps replacing the list with a first-class object with meaningful accessors would make the code less brittle.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SCR_SLOPPY_CLASS_REFLECTION' priority='INFO'> <name>Style - Method accesses statically bound class with Class.forName</name> <configKey>SCR_SLOPPY_CLASS_REFLECTION</configKey> <description><p>This method accesses the class object of a class that is already statically bound in this context, with Class.forName. Using Class.forName makes reflection more fragile in regards to code transformations such as obfuscation, and is unneeded here, since the class in question is already 'linked' to this class.</p></description> <tag>style</tag> </rule> <rule key='AWCBR_ARRAY_WRAPPED_CALL_BY_REFERENCE' priority='INFO'> <name>Style - Method uses 1 element array to simulate call by reference</name> <configKey>AWCBR_ARRAY_WRAPPED_CALL_BY_REFERENCE</configKey> <description><p>This method uses a one-element array to wrap an object that is to be passed to a method as an argument to simulate call by pointer ala C++. It is better to define a proper return class type that holds all the relevant information retrieved from the called method.</p></description> <tag>style</tag> </rule> <rule key='SG_SLUGGISH_GUI' priority='MAJOR'> <name>Performance - Method performs time consuming operation in GUI thread</name> <configKey>SG_SLUGGISH_GUI</configKey> <description><p>This method implements an AWT or Swing listener and performs time consuming operations. Doing these operations in the GUI thread will cause the interface to appear sluggish and non-responsive to the user. Consider using a separate thread to do the time consuming work so that the user has a better experience.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NIR_NEEDLESS_INSTANCE_RETRIEVAL' priority='MAJOR'> <name>Performance - Method retrieves instance to load static member</name> <configKey>NIR_NEEDLESS_INSTANCE_RETRIEVAL</configKey> <description><p>This method calls a method to load a reference to an object, and then only uses it to load a static member of that instance's class. It is simpler and more performant to just load the static field from the class itself.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='DDC_DOUBLE_DATE_COMPARISON' priority='MAJOR'> <name>Performance - Method uses two date comparisons when one would do</name> <configKey>DDC_DOUBLE_DATE_COMPARISON</configKey> <description><p>This method compares dates with two comparisons, rather than using the reverse comparison. So this pattern</p> <pre><code> if ((date1.equals( date2 )) || (date1.after( date2 ))) </code></pre> could become:<br/> <pre><code> if (date1.compareTo( date2 ) >= 0) </code></pre><br/> and<br/> <pre><code> if ((date1.equals( date2 )) || (date1.before( date2 ))) </code></pre> could become <br/> <pre><code> if (date1.compareTo( date2 ) <= 0) </code></pre><br/> and<br/> <pre><code> if ((date1.before( date2 )) || (date1.after( date2 ))) </code></pre> could become<br/> <pre><code> if (!date1.equals( date2 )) </code></pre></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SWCO_SUSPICIOUS_WAIT_ON_CONCURRENT_OBJECT' priority='MAJOR'> <name>Correctness - Method calls wait when await was probably intended</name> <configKey>SWCO_SUSPICIOUS_WAIT_ON_CONCURRENT_OBJECT</configKey> <description><p>This method calls wait() on a mutex defined in the java.util.concurrent package. These classes define <code>await</code>, instead of <code>wait</code>, and it is most likely that <code>await</code> was intended.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JVR_JDBC_VENDOR_RELIANCE' priority='MAJOR'> <name>Correctness - Method uses JDBC vendor specific classes and methods</name> <configKey>JVR_JDBC_VENDOR_RELIANCE</configKey> <description><p>This method uses JDBC vendor-specific classes and methods to perform database work. This makes the code specific to this vendor, and unable to run on other databases.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='PMB_POSSIBLE_MEMORY_BLOAT' priority='MAJOR'> <name>Correctness - Potential memory bloat in static field</name> <configKey>PMB_POSSIBLE_MEMORY_BLOAT</configKey> <description><p>This class defines static fields that are <code>Collection</code>s, <code>StringBuffer</code>s, or <code>StringBuilder</code>s that do not appear to have any way to clear or reduce their size. That is, a collection is defined and has method calls like <br/> {<code>add()</code>, <code>append()</code>, <code>offer()</code>, <code>put()</code>, ...} <br/> with no method calls to removal methods like<br/> {<code>clear()</code>, <code>delete()</code>, <code>pop()</code>, <code>remove()</code>, ...}<br/> This means that the collection in question can only ever increase in size, which is a potential cause of memory bloat.</p> <p> If this collection is a list, set or otherwise of static things (e.g. a List&gt;String&gt; for month names), consider adding all of the elements in a static initializer, which can only be called once:<br/> <pre><code> private static List&lt;String&gt; monthNames = new ArrayList&lt;String&gt;(); static { monthNames.add("January"); monthNames.add("February"); monthNames.add("March"); ... } </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='PMB_INSTANCE_BASED_THREAD_LOCAL' priority='MAJOR'> <name>Correctness - Field is an instance based ThreadLocal variable</name> <configKey>PMB_INSTANCE_BASED_THREAD_LOCAL</configKey> <description><p>This ThreadLocal field is defined as being instance based (not static). As all ThreadLocal variables describe permanent reachability roots so far as the garbage collector is concerned, these variables will never be reclaimed (so long as the Thread lives). Since this ThreadLocal is instanced, you potentially will be creating many non-reclaimable variables, even after the owning instance has been reclaimed. It is almost a certainty that you want to use static based ThreadLocal variables.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='PMB_LOCAL_BASED_JAXB_CONTEXT' priority='MAJOR'> <name>Correctness - Local JAXBContext created on demand</name> <configKey>PMB_LOCAL_BASED_JAXB_CONTEXT</configKey> <description><p>This method creates a JAXBContext and stores it in a local variable. This implies that this JAXBContext is created each time on demand, which will cause memory bloat issues. It is better to either create this instance as a static field, or hold onto it with a ConcurrentHashMap, or such. See https://javaee.github.io/jaxb-v2/doc/user-guide/ch03.html#other-miscellaneous-topics-performance-and-thread-safety </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LSYC_LOCAL_SYNCHRONIZED_COLLECTION' priority='MAJOR'> <name>Correctness - Method creates local variable-based synchronized collection</name> <configKey>LSYC_LOCAL_SYNCHRONIZED_COLLECTION</configKey> <description><p>This method creates a synchronized collection and stores the reference to it in a local variable. As local variables are by definition thread-safe, it seems questionable that this collection needs to be synchronized.</p> <p> <table> <tr><th>If you are using</th><th>consider using</th></tr> <tr><td>java.util.Vector</td><td>java.util.ArrayList</td></tr> <tr><td>java.util.Hashtable</td><td>java.util.HashMap</td></tr> <tr><td>java.lang.StringBuffer</td><td>java.lang.StringBuilder</td></tr> </table> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FCBL_FIELD_COULD_BE_LOCAL' priority='MAJOR'> <name>Correctness - Class defines fields that are used only as locals</name> <configKey>FCBL_FIELD_COULD_BE_LOCAL</configKey> <description><p>This class defines fields that are used in a local only fashion, specifically private fields or protected fields in final classes that are accessed first in each method with a store vs. a load. This field could be replaced by one or more local variables.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='NOS_NON_OWNED_SYNCHRONIZATION' priority='INFO'> <name>Style - Class uses non owned variables to synchronize on</name> <configKey>NOS_NON_OWNED_SYNCHRONIZATION</configKey> <description><p>This method uses a synchronize block where the object that is being synchronized on, is not owned by this current instance. This means that other instances may use this same object for synchronization for their own purposes, causing synchronization confusion. It is always cleaner and safer to only synchronize on private fields of this class. Note that 'this' is not owned by the current instance, but is owned by whomever assigns it to a field of its class. Synchronizing on 'this' is also not a good idea.</p></description> <tag>style</tag> </rule> <rule key='NRTL_NON_RECYCLEABLE_TAG_LIB' priority='MAJOR'> <name>Correctness - Tag library is not recycleable</name> <configKey>NRTL_NON_RECYCLEABLE_TAG_LIB</configKey> <description><p>This tag library class implements an attribute whose associated backing store field is modified at another point in the tag library. In order for a tag library to be recycleable, only the container is allowed to change this attribute, through the use of the setXXX method of the taglib. By modifying the value programmatically, the container will not initialize the attribute correctly on reuse.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_NULL_LAYOUT' priority='MAJOR'> <name>Correctness - GUI uses absolute layout</name> <configKey>S508C_NULL_LAYOUT</configKey> <description><p>This class passes null to <code>setLayout</code>, which specifies that components are to be laid out using absolute coordinates. This makes making changes for font sizes, etc, difficult as items will not reposition.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_NO_SETLABELFOR' priority='MAJOR'> <name>Correctness - JLabel doesn't specify what it's labeling</name> <configKey>S508C_NO_SETLABELFOR</configKey> <description><p>This class uses JLabels that do not specify what fields are being labeled. This hampers screen readers from giving appropriate feedback to users. Use the JLabel.setLabelFor method to accomplish this.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_NO_SETSIZE' priority='MAJOR'> <name>Correctness - Window sets size manually, and doesn't use pack</name> <configKey>S508C_NO_SETSIZE</configKey> <description><p>This class creates a window, and sizes the window using setSize. It is better, for handling font size changes, to use the pack method.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_NON_ACCESSIBLE_JCOMPONENT' priority='MAJOR'> <name>Correctness - Class extends JComponent but does not implement Accessible interface</name> <configKey>S508C_NON_ACCESSIBLE_JCOMPONENT</configKey> <description><p>This class extends the JComponent GUI control but does not implement the Accessibility interface. This makes this control unable to be processed by screen readers, etc, for people with reading/vision difficulties.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_SET_COMP_COLOR' priority='MAJOR'> <name>Correctness - Method explicitly sets the color of a Component</name> <configKey>S508C_SET_COMP_COLOR</configKey> <description><p>This method sets a Component's explicit foreground or background color which may cause difficulty for people with vision problems using this application. Colors should be allowed to be set from the operating system.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_NON_TRANSLATABLE_STRING' priority='MAJOR'> <name>Correctness - Method passes constant string to title/label of component</name> <configKey>S508C_NON_TRANSLATABLE_STRING</configKey> <description><p>This method creates a component and passes a string literal to the title or label of the component. As this string will be shown to users, it should be internationalizable through the use of a resource bundle.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='S508C_APPENDED_STRING' priority='MAJOR'> <name>Correctness - Method passes appended string to title/label of component</name> <configKey>S508C_APPENDED_STRING</configKey> <description><p>This method creates a component and passes a string that was built up from a number of strings through appending multiple strings together. As foreign languages may order phrases differently, this will make translations difficult.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UEC_USE_ENUM_COLLECTIONS' priority='MAJOR'> <name>Performance - Class uses an ordinary set or map with an enum class as the key</name> <configKey>UEC_USE_ENUM_COLLECTIONS</configKey> <description><p>This class uses an ordinary set or map collection and uses an enum class as the key type. It is more performant to use the JDK 1.5 EnumSet or EnumMap classes.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SIL_SQL_IN_LOOP' priority='MAJOR'> <name>Performance - Method executes SQL queries inside of loops</name> <configKey>SIL_SQL_IN_LOOP</configKey> <description><p>This method executes SQL queries inside of a loop. This pattern is often inefficient as the number of queries may mushroom in fencepost cases. It is probably more performant to loop over the input and collect the key data needed for the query for all items, and issue one query using an in clause, or similar construct, and then loop over this result set, and fetch all the data at once.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='NMCS_NEEDLESS_MEMBER_COLLECTION_SYNCHRONIZATION' priority='MAJOR'> <name>Performance - Class defines unneeded synchronization on member collection</name> <configKey>NMCS_NEEDLESS_MEMBER_COLLECTION_SYNCHRONIZATION</configKey> <description><p>This class defines a private collection member as synchronized. It appears, however, that this collection is only modified in a static initializer, or constructor. As these two areas are guaranteed to be thread safe, defining this collection as synchronized is unnecessary and a potential performance bottleneck.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='ITC_INHERITANCE_TYPE_CHECKING' priority='INFO'> <name>Style - Method uses instanceof on multiple types to arbitrate logic</name> <configKey>ITC_INHERITANCE_TYPE_CHECKING</configKey> <description><p>This method uses the instanceof operator in a series of if/else statements to differentiate blocks of code based on type. If these types are related by inheritance, it is cleaner to just define a method in the base class, and use overridden methods in these classes.</p></description> <tag>style</tag> </rule> <rule key='SACM_STATIC_ARRAY_CREATED_IN_METHOD' priority='MAJOR'> <name>Performance - Method creates array using constants</name> <configKey>SACM_STATIC_ARRAY_CREATED_IN_METHOD</configKey> <description><p>This method creates an array initialized by constants. Each time this method is called this array will be recreated. It would be more performant to define the array as a static field of the class instead.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS' priority='MAJOR'> <name>Performance - Method appears to call the same method on the same object redundantly</name> <configKey>PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS</configKey> <description><p>This method makes two consecutive calls to the same method, using the same constant parameters, on the same instance, without any intervening changes to the objects. If this method does not make changes to the object, which it appears it doesn't, then making two calls is just a waste. These method calls could be combined by assigning the result into a temporary variable, and using the variable the second time.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='UTA_USE_TO_ARRAY' priority='INFO'> <name>Style - Method manually creates array from collection</name> <configKey>UTA_USE_TO_ARRAY</configKey> <description><p>This method manually loops over a collection, pulling each element out and storing it in an array to build an array from the collection. It is easier and clearer to use the built-in Collection method toArray. Given a collection 'mycollection' of type T, use <code>mycollection.toArray(new T[mycollection.size()]);</code></p></description> <tag>style</tag> </rule> <rule key='LEST_LOST_EXCEPTION_STACK_TRACE' priority='MAJOR'> <name>Correctness - Method throws alternative exception from catch block without history</name> <configKey>LEST_LOST_EXCEPTION_STACK_TRACE</configKey> <description><p>This method catches an exception, and throws a different exception, without incorporating the original exception. Doing so hides the original source of the exception, making debugging and fixing these problems difficult. It is better to use the constructor of this new exception that takes an original exception so that this detail can be passed along to the user. If this exception has no constructor that takes an initial cause parameter, use the initCause method to initialize it instead.</p> <p> <pre><code> catch (IOException e) { throw new MySpecialException("Failed to open configuration", e); } </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UCPM_USE_CHARACTER_PARAMETERIZED_METHOD' priority='MAJOR'> <name>Performance - Method passes constant String of length 1 to character overridden method</name> <configKey>UCPM_USE_CHARACTER_PARAMETERIZED_METHOD</configKey> <description><p>This method passes a constant literal <code>String</code> of length 1 as a parameter to a method, when a similar method is exposed that takes a <code>char</code>. It is simpler and more expedient to handle one character, rather than a <code>String</code>.</p> <p> Instead of making calls like: <br/> <pre><code> String myString = ... if (myString.indexOf("e") != -1) { int i = myString.lastIndexOf("e"); System.out.println(myString + ":" + i); //the Java compiler will use a StringBuilder internally here [builder.append(":")] ... return myString.replace("m","z"); } </code></pre> Replace the single letter <code>String</code>s with their <code>char</code> equivalents like so:<br/> <pre><code> String myString = ... if (myString.indexOf('e') != -1) { int i = myString.lastIndexOf('e'); System.out.println(myString + ':' + i); //the Java compiler will use a StringBuilder internally here [builder.append(':')] ... return myString.replace('m','z'); } </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='TR_TAIL_RECURSION' priority='MAJOR'> <name>Performance - Method employs tail recursion</name> <configKey>TR_TAIL_RECURSION</configKey> <description><p>This method recursively calls itself as the last statement of the method (Tail Recursion). This method can be easily refactored into a simple loop, which will make it more performant, and reduce the stack size requirements.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='URV_UNRELATED_RETURN_VALUES' priority='INFO'> <name>Style - Method returns different types of unrelated Objects</name> <configKey>URV_UNRELATED_RETURN_VALUES</configKey> <description><p>This method returns two or more unrelated types of objects (Related only through java.lang.Object). This will be very confusing to the code that must call it.</p></description> <tag>style</tag> </rule> <rule key='URV_CHANGE_RETURN_TYPE' priority='INFO'> <name>Style - Method returns more specific type of object than declared</name> <configKey>URV_CHANGE_RETURN_TYPE</configKey> <description><p>This method is defined to return a java.lang.Object. However, the return types returned from this method can be defined by a more specific class or interface. Since this method is not derived from a superclass or interface, it would be more clear to change the return type of this method.</p></description> <tag>style</tag> </rule> <rule key='URV_INHERITED_METHOD_WITH_RELATED_TYPES' priority='INFO'> <name>Style - Inherited method returns more specific type of object than declared</name> <configKey>URV_INHERITED_METHOD_WITH_RELATED_TYPES</configKey> <description><p>This inherited method is defined to return a java.lang.Object. However, the return types returned from this method can be defined by a more specific class or interface. If possible consider changing the return type in the inheritance hierarchy of this method, otherwise the caller of this method will be brittle in handling of the return type.</p></description> <tag>style</tag> </rule> <rule key='PIS_POSSIBLE_INCOMPLETE_SERIALIZATION' priority='MAJOR'> <name>Correctness - Class doesn't serialize superclass fields</name> <configKey>PIS_POSSIBLE_INCOMPLETE_SERIALIZATION</configKey> <description><p>This method implements Serializable but is derived from a class that does not. The superclass has fields that are not serialized because this class does not take the responsibility of writing these fields out either using Serializable's writeObject method, or Externalizable's writeExternal method. Therefore when this class is read from a stream, the superclass fields will only be initialized to the values specified in its default constructor. If possible, change the superclass to implement Serializable, or implement Serializable or Externalizable methods in the child class.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SCRV_SUSPICIOUS_COMPARATOR_RETURN_VALUES' priority='MAJOR'> <name>Correctness - Comparator method doesn't seem to return all ordering values</name> <configKey>SCRV_SUSPICIOUS_COMPARATOR_RETURN_VALUES</configKey> <description><p>This compareTo or compare method returns constant values to represent less than, equals, and greater than. However, it does not return each type, or it unconditionally returns a non zero value. Given that comparators are transitive, this seems incorrect.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_NEGATIVE_BITSET_ITEM' priority='MAJOR'> <name>Correctness - Method passes a negative number as a bit to a BitSet which isn't supported</name> <configKey>SPP_NEGATIVE_BITSET_ITEM</configKey> <description><p>This method passes a constant negative value as a bit position to a java.util.BitSet. The BitSet class doesn't support negative values, and thus this method call will not work as expected.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_INTERN_ON_CONSTANT' priority='MAJOR'> <name>Correctness - Method calls intern on a string constant</name> <configKey>SPP_INTERN_ON_CONSTANT</configKey> <description><p>This method calls <code>intern</code> on a constant string. As constant strings are already interned, this call is superfluous.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_NO_CHAR_SB_CTOR' priority='MAJOR'> <name>Correctness - Method appears to pass character to StringBuffer or StringBuilder integer constructor</name> <configKey>SPP_NO_CHAR_SB_CTOR</configKey> <description><p>This method constructs a StringBuffer or a StringBuilder using the constructor that takes an integer, but appears to pass a character instead. It is probable that the author assumed that the character would be appended to the StringBuffer/Builder, but instead the integer value of the character is used as an initial size for the buffer.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_MATH_CONSTANT' priority='MAJOR'> <name>Correctness - Method uses non-standard math constant</name> <configKey>SPP_USE_MATH_CONSTANT</configKey> <description><p>This method defines its own version of <em>PI</em> or <em>e</em> and the value is not as precise as the one defined in the constants Math.PI or Math.E. Use these constants instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_STUTTERED_ASSIGNMENT' priority='MAJOR'> <name>Correctness - Method assigns a value to a local twice in a row</name> <configKey>SPP_STUTTERED_ASSIGNMENT</configKey> <description><p>This method assigns a value twice in a row in a stuttered way such as <code>a = a = 5;</code> This is most probably a cut and paste error where the duplicate assignment can be removed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_ISNAN' priority='MAJOR'> <name>Correctness - Method incorrectly compares a floating point number to NaN</name> <configKey>SPP_USE_ISNAN</configKey> <description><p>This method compares a double or float to the constant <code>Double.NaN</code> or <code>Float.NaN</code>. You should use <code>Double.isNaN(d)</code> or <code>Float.isNaN(f)</code> if the variable is a primitive. If using a boxed primitive <code>d.isNaN()</code> or <code>f.isNaN()</code> should be used.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_BIGDECIMAL_STRING_CTOR' priority='MAJOR'> <name>Correctness - Method passes double value to BigDecimal Constructor</name> <configKey>SPP_USE_BIGDECIMAL_STRING_CTOR</configKey> <description><p>This method calls the BigDecimal constructor that takes a double, and passes a literal double constant value. Since the use of BigDecimal is to get better precision than double, by passing a double, you only get the precision of double number space. To take advantage of the BigDecimal space, pass the number as a string. </p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S2111} instead.</p></description> <status>DEPRECATED</status> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_STRINGBUFFER_WITH_EMPTY_STRING' priority='MAJOR'> <name>Performance - Method passes an empty string to StringBuffer of StringBuilder constructor</name> <configKey>SPP_STRINGBUFFER_WITH_EMPTY_STRING</configKey> <description><p>This method calls the StringBuffer or StringBuilder constructor passing in a constant empty string (""). This is the same as calling the default constructor, but makes the code work harder. Consider passing in a default size instead.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_EQUALS_ON_ENUM' priority='MAJOR'> <name>Correctness - Method calls equals on an enum instance</name> <configKey>SPP_EQUALS_ON_ENUM</configKey> <description><p>This method calls the equals(Object) method on an enum instance. Since enums values are singletons, you can use == to safely compare two enum values. In fact, the implementation for Enum.equals does just that.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_INVALID_BOOLEAN_NULL_CHECK' priority='MAJOR'> <name>Correctness - Method uses invalid C++ style null check on Boolean</name> <configKey>SPP_INVALID_BOOLEAN_NULL_CHECK</configKey> <description><p>This method attempts to check for null by just referring to the variable name as would be done in C++. This ordinarily would be considered a compile error, except the variable in question is a Boolean, which does an auto unbox to boolean. <pre><code> if (b && b.booleanValue()) </code></pre> should be<br/> <pre><code> if (Boolean.TRUE.equals(b)) </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_CHARAT' priority='MAJOR'> <name>Performance - Method fetches character array just to do the equivalent of the charAt method</name> <configKey>SPP_USE_CHARAT</configKey> <description><p>This method calls the toCharArray method on a String to fetch an array of characters, only to retrieve one of those characters by index. It is more performant to just use the charAt method.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_USELESS_TERNARY' priority='MAJOR'> <name>Performance - Method uses a ternary operator to cast a boolean to true or false</name> <configKey>SPP_USELESS_TERNARY</configKey> <description><p>This method tests the value of a boolean and uses a ternary operator to return either true or false. The ternary operator is completely unnecessary, just use the original boolean value.</p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S1125} instead.</p></description> <status>DEPRECATED</status> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_SUSPECT_STRING_TEST' priority='MAJOR'> <name>Correctness - Method possibly mixes up normal strings and empty strings in branching logic</name> <configKey>SPP_SUSPECT_STRING_TEST</configKey> <description><p>This method tests a string, and groups null values with real strings, leaving empty strings as another case. That is, FindBugs has detected a structure like: <br/> <pre><code> String a = null, b = "", c = "someString"; String testStr = ...; //one of a, b or c if ({{FLAWED_TEST_LOGIC}}) { // Strings a and c fall into this branch... which is not typical. } else { // String b falls into this branch. } </code></pre> This might be perfectly valid, but normally, null strings and empty strings are logically handled the same way, and so this test may be flawed.</p> <p>Pattern found is one of the following: <ul> <li><code>if ((s == null) || (s.length() &gt; 0))</code> --- did you mean <code>((s == null) || (s.length() == 0))</code>?</li> <li><code>if ((s == null) || (s.length() != 0))</code> -- did you mean <code>((s == null) || (s.length() == 0))</code>? </li> <li><code>if ((s != null) && (s.length() == 0))</code> -- did you mean <code>((s != null) && (s.length() &gt; 0))</code> or perhaps <code>((s == null) || (s.length() == 0))</code>? </li> </ul> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_STRINGBUILDER_LENGTH' priority='MAJOR'> <name>Performance - Method converts StringBuffer or Builder to String just to get its length</name> <configKey>SPP_USE_STRINGBUILDER_LENGTH</configKey> <description><p>This method calls the toString method on a StringBuffer or StringBuilder, only to call length() on the resulting string. It is faster, and less memory intensive, to just call the length method directly on the StringBuffer or StringBuilder itself.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_INVALID_CALENDAR_COMPARE' priority='MAJOR'> <name>Correctness - Method passes a non calendar object to Calendar.before or Calendar.after</name> <configKey>SPP_INVALID_CALENDAR_COMPARE</configKey> <description><p>This method passes a non-calendar object to the java.util.Calendar.after or java.util.Calendar.before methods. Even though these methods take an Object as a parameter type, only Calendar type objects are supported, otherwise false is returned.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_ZERO_WITH_COMPARATOR' priority='MAJOR'> <name>Correctness - Method compares the result of a compareTo method to a value other than zero</name> <configKey>SPP_USE_ZERO_WITH_COMPARATOR</configKey> <description>This method calls the compareTo method on an object and then compares the resultant value to a value other than zero. The compareTo method is really only specified to return 0, a positive number or a negative number, so you should compare as == 0, or > 0 or < 0, and not to a specific value like == 1.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MUI_USE_CONTAINSKEY' priority='MAJOR'> <name>Correctness - Method calls keySet() just to call contains, use containsKey instead</name> <configKey>MUI_USE_CONTAINSKEY</configKey> <description><p>This method calls mySet.keySet().contains("foo") when mySet.containsKey("foo") is simpler.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_ISEMPTY' priority='INFO'> <name>Style - Method checks the size of a collection against zero rather than using isEmpty()</name> <configKey>SPP_USE_ISEMPTY</configKey> <description><p>This method calls the size() method on a collection and compares the result to zero to see if the collection is empty. For better code clarity, it is better to just use col.isEmpty() or !col.isEmpty().</p></description> <tag>style</tag> </rule> <rule key='SPP_USE_GETPROPERTY' priority='INFO'> <name>Style - Method calls getProperties just to get one property, use getProperty instead</name> <configKey>SPP_USE_GETPROPERTY</configKey> <description><table> <tr><td>This method uses</td></tr> <tr><td>String prop = System.getProperties().getProperty("foo");</td></tr> <tr><td>instead of simply using</td></tr> <tr><td>String prop = System.getProperty("foo");</td></tr> </table></description> <tag>style</tag> </rule> <rule key='SPP_SERIALVER_SHOULD_BE_PRIVATE' priority='INFO'> <name>Style - Class defines a serialVersionUID as non private</name> <configKey>SPP_SERIALVER_SHOULD_BE_PRIVATE</configKey> <description><p>This class defines a static field 'serialVersionUID' to define the serialization version for this class. This field is marked as non private. As the serialVersionUID only controls the current class, and doesn't affect any derived classes, defining it as non private is confusing. It is suggested you change this variable to be private.</p></description> <tag>style</tag> </rule> <rule key='SPP_USELESS_CASING' priority='MAJOR'> <name>Performance - Method compares string without case after enforcing a case</name> <configKey>SPP_USELESS_CASING</configKey> <description><p>This method compares two strings with compareToIgnoreCase or equalsIgnoreCase, after having called toUpperCase or toLowerCase on the strings in question. As you are comparing without concern for case, the toUpperCase or toLowerCase calls are pointless and can be removed.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_NON_ARRAY_PARM' priority='MAJOR'> <name>Correctness - Method passes a non array object to a parameter that expects an array</name> <configKey>SPP_NON_ARRAY_PARM</configKey> <description><p>This method expects an array to be passed as one of its parameters, but unfortunately defines the parameter as Object. This invocation of this method does not pass an array and will throw an exception when run.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_EMPTY_CASING' priority='INFO'> <name>Style - Method passes an empty string to equalsIgnoreCase or compareToIgnoreCase</name> <configKey>SPP_EMPTY_CASING</configKey> <description><p>This method passes the empty string "" to equalsIgnoreCase or compareToIgnoreCase. As the empty string is not case-sensitive, using equals is simpler. It would be even simpler to do a length() == 0 test.</p></description> <tag>style</tag> </rule> <rule key='SPP_TEMPORARY_TRIM' priority='INFO'> <name>Style - Method trims a String temporarily</name> <configKey>SPP_TEMPORARY_TRIM</configKey> <description><p>This method calls trim() on a String without assigning the new string to another variable. It then calls length() or equals() on this trimmed string. If trimming the string was important for determining its length or its equality, it probably should be trimmed when you actually use it. It would make more sense to first trim the String, store the trimmed value in a variable, and then continue to test and use that trimmed string.</p></description> <tag>style</tag> </rule> <rule key='SPP_STRINGBUILDER_IS_MUTABLE' priority='MAJOR'> <name>Correctness - Method needlessly assigns a StringBuilder to itself, as it's mutable</name> <configKey>SPP_STRINGBUILDER_IS_MUTABLE</configKey> <description><p>This method calls StringBuilder.append and assigns the results to the same StringBuilder like:</p> <code>sb = sb.append("foo")</code> <p>StringBuilder is mutable, so this is not necessary. This is also true of StringBuffer.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_USE_GET0' priority='MAJOR'> <name>Performance - Method uses iterator().next() on a List to get the first item</name> <configKey>SPP_USE_GET0</configKey> <description><p>This method calls myList.iterator().next() on a List to get the first item. It is more performant to just use myList.get(0).</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_DOUBLE_APPENDED_LITERALS' priority='MAJOR'> <name>Performance - Method appends two literal strings back to back to a StringBuilder</name> <configKey>SPP_DOUBLE_APPENDED_LITERALS</configKey> <description><p>This method appends two literal strings to a <code>StringBuilder</code> back to back. Modern compilers will optimize something like:<br/> <pre><code> public static final string CONST_VAL = "there"; ... String str = "Hello" + " "+ CONST_VAL + " " +"world!"; </code></pre> to: <br/> <pre><code> public static final string CONST_VAL = "there"; ... String str = "Hello there world!"; </code></pre> This means the concatenation is done during compile time, not at runtime, so there's <b>no need</b> to do: <br/> <pre><code> public static final string CONST_VAL = "there"; ... StringBuilder sb = new StringBuilder("Hello").append(" ").append(CONST_VAL).append(" ").append("world!"); String str = sb.toString(); </code></pre> which is harder to read and will result in more complex bytecode. </p> <p> Simply append your constants with the "+" symbol, don't append them with <code>StringBuilder.append()</code>. </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SPP_NULL_BEFORE_INSTANCEOF' priority='MAJOR'> <name>Correctness - Method checks a reference for null before calling instanceof</name> <configKey>SPP_NULL_BEFORE_INSTANCEOF</configKey> <description><p>This method checks a reference for null just before seeing if the reference is an instanceof some class. Since instanceof will return false for null references, the null check is not needed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_NON_USEFUL_TOSTRING' priority='INFO'> <name>Style - Method calls toString() on an instance of a class that hasn't overridden toString()</name> <configKey>SPP_NON_USEFUL_TOSTRING</configKey> <description><p>This method calls <code>toString</code> on an object that hasn't overridden the toString() method, and thus relies on the version found in java.lang.Object. This string is just a raw display of the object's class and location, and provides no information about the information of use. You should implement toString in this class.</p></description> <tag>style</tag> </rule> <rule key='SPP_TOSTRING_ON_STRING' priority='MAJOR'> <name>Correctness - Method calls toString() on a String</name> <configKey>SPP_TOSTRING_ON_STRING</configKey> <description><p>This method calls <code>toString</code> on a String. Just use the object itself if you want a String.</p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S1858} instead.</p></description> <status>DEPRECATED</status> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_CONVERSION_OF_STRING_LITERAL' priority='MAJOR'> <name>Correctness - Method converts a String literal</name> <configKey>SPP_CONVERSION_OF_STRING_LITERAL</configKey> <description><p>This method calls a converting method like <code>toLowerCase</code> or <code>trim</code> on a <code>String</code> literal. You should make the transformation yourself and use the transformed literal.</p> <p> For example, instead of :<br/> <pre><code> return "ThisIsAConstantString".toLowerCase().trim(); </code></pre> just do <br/> <pre><code> return "thisisaconstantstring"; </code></pre> for shorter and easier to read code. An exception might be made when locale-specific transformations need to be done (in the case of <code>toUpperCase()</code> and <code>toLowerCase()</code>. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_EQUALS_ON_STRING_BUILDER' priority='MAJOR'> <name>Correctness - Method calls equals(Object o) on a StringBuilder or StringBuffer</name> <configKey>SPP_EQUALS_ON_STRING_BUILDER</configKey> <description><p>This method calls equals on a StringBuilder or StringBuffer. Surprisingly, these classes do not override the equals method from Object, and so equals is just defined to be == (or same references). This is most likely not what you would like. If you wish to check that the strings have the same characters, you need to call toString() on these object and compare them as Strings.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_STATIC_FORMAT_STRING' priority='MAJOR'> <name>Correctness - Method calls String.format on a static (non parameterized) format string</name> <configKey>SPP_STATIC_FORMAT_STRING</configKey> <description><p>This method calls String.format, passing a static string that has no replacement markers (starting with %) as the format string. Thus no replacement will happen, and the format method is superfluous. If parameters were intended, add the appropriate format markers as needed; otherwise, just remove the call to String.format and use the static string as is.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SPP_WRONG_COMMONS_TO_STRING_OBJECT' priority='MAJOR'> <name>Correctness - Method does not pass an object to commons-lang's ToStringBuilder</name> <configKey>SPP_WRONG_COMMONS_TO_STRING_OBJECT</configKey> <description>This method uses commons-lang, or commons-lang3's ToStringBuilder to attempt to output a representation of an object. However, no object was passed, just the style specifier, and so the output will be of the ToStringStyle object itself. Don't forget to include the object you wish to output as the first parameter, such as <pre> ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE); </pre></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MUI_NULL_CHECK_ON_MAP_SUBSET_ACCESSOR' priority='MAJOR'> <name>Correctness - Method checks whether the keySet(), entrySet() or values() collection of a Map is null</name> <configKey>MUI_NULL_CHECK_ON_MAP_SUBSET_ACCESSOR</configKey> <description>This method checks to see if the return value from a keySet(), entrySet() or values() method call on a Map is null. For any valid functioning Map these collections will always be non-null, and so the call is superfluous. Maybe you intended to check whether those sets were empty instead.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='BAS_BLOATED_ASSIGNMENT_SCOPE' priority='MAJOR'> <name>Performance - Method assigns a variable in a larger scope than is needed</name> <configKey>BAS_BLOATED_ASSIGNMENT_SCOPE</configKey> <description><p><em>THIS DETECTOR IS HIGHLY EXPERIMENTAL AND IS LIKELY TO CREATE A LOT OF FUD</em></p> <p>This method assigns a value to a variable in an outer scope compared to where the variable is actually used. Assuming this evaluation does not have side effects, the assignment can be moved into the inner scope (if block) so that its execution time isn't taken up if the <code>if</code> guard is false. Care should be taken, however, that the right hand side of the assignment does not contain side effects that are required to happen, and that changes are not made further down that will affect the execution of the assignment when done later on.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='SCII_SPOILED_CHILD_INTERFACE_IMPLEMENTOR' priority='INFO'> <name>Style - Class implements interface by relying on unknowing superclass methods</name> <configKey>SCII_SPOILED_CHILD_INTERFACE_IMPLEMENTOR</configKey> <description><p>This class declares that it implements an interface, but does so by relying on methods supplied by superclasses, even though those superclasses know nothing about the interface in question. If you wish to have the child not implement all the methods of the interface, it would probably be better to declare the superclass as implementing the interface, and if that class does not provide all the methods, then declare that superclass abstract.</p></description> <tag>style</tag> </rule> <rule key='DWI_DELETING_WHILE_ITERATING' priority='MAJOR'> <name>Correctness - Method deletes collection element while iterating</name> <configKey>DWI_DELETING_WHILE_ITERATING</configKey> <description><p>This method removes items from a collection using the remove method of the collection, while at the same time iterating across the collection. Doing this will invalidate the iterator, and further use of it will cause ConcurrentModificationException to be thrown. To avoid this, the remove method of the iterator should be used.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='DWI_MODIFYING_WHILE_ITERATING' priority='MAJOR'> <name>Correctness - Method modifies collection element while iterating</name> <configKey>DWI_MODIFYING_WHILE_ITERATING</configKey> <description><p>This method modifies the contents of a collection using the collection API methods, while at the same time iterating across the collection. Doing this will invalidate the iterator, and further use of it will cause ConcurrentModificationException to be thrown.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='USS_USE_STRING_SPLIT' priority='INFO'> <name>Style - Method builds String array using String Tokenizing</name> <configKey>USS_USE_STRING_SPLIT</configKey> <description><p>This method uses a StringTokenizer to split up a String and then walks through the separated elements and builds an array from these enumerated values. It is simpler and easier to use the String.split method.</p> <p>PLEASE NOTE: String.split will return an array of 1 element when passed the empty string, as opposed to using StringTokenizer which returns false on the first hasMoreElements/hasMoreTokens call. So you may need to use:</p> <pre><code> if (s.length() &gt; 0) <br/> return s.split(";");<br/> return new String[0];<br/> </code></pre></description> <tag>style</tag> </rule> <rule key='SJVU_SUSPICIOUS_JDK_VERSION_USE' priority='MAJOR'> <name>Correctness - Method uses rt.jar class or method that does not exist</name> <configKey>SJVU_SUSPICIOUS_JDK_VERSION_USE</configKey> <description><p>This method calls a method that does not exist, on a class that does not exist in the JDK that this class has been compiled for. This can happen if you compile the class specifying the -source and -target options, and use a version that is before the version of the compiler's JDK.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UAA_USE_ADD_ALL' priority='INFO'> <name>Style - Method uses simple loop to copy contents of one collection to another</name> <configKey>UAA_USE_ADD_ALL</configKey> <description><p>This method uses a simple <code>for</code> loop to copy the contents of a set, list, map key/value, array or other collection to another collection. It is simpler and more straightforward to just call the addAll method of the destination collection passing in the source collection. In the case that the source is an array, you can use the Arrays.asList method to wrap the array into a collection.</p></description> <tag>style</tag> </rule> <rule key='MRC_METHOD_RETURNS_CONSTANT' priority='INFO'> <name>Style - Private or static method only returns one constant value</name> <configKey>MRC_METHOD_RETURNS_CONSTANT</configKey> <description><p>This private or static method only returns one constant value. As this method is private or static, its behavior can't be overridden, and thus the return of a constant value seems dubious. Either the method should be changed to return no value, or perhaps another return value was expected to be returned in another code path in this method.</p></description> <tag>style</tag> </rule> <rule key='NCS_NEEDLESS_CUSTOM_SERIALIZATION' priority='MAJOR'> <name>Correctness - Method needlessly implements what is default streaming behavior</name> <configKey>NCS_NEEDLESS_CUSTOM_SERIALIZATION</configKey> <description><p>This method implements the Serializable interface by performing the same operations that would be done if this method did not exist. Since this is the case, this method is not needed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MOM_MISLEADING_OVERLOAD_MODEL' priority='INFO'> <name>Style - Class 'overloads' a method with both instance and static versions</name> <configKey>MOM_MISLEADING_OVERLOAD_MODEL</configKey> <description><p>This class 'overloads' the same method with both instance and static versions. As the use of these two models is different, it will be confusing to the users of these methods.</p></description> <tag>style</tag> </rule> <rule key='EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS' priority='INFO'> <name>Style - Unconstrained method converts checked exception to unchecked</name> <configKey>EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS</configKey> <description><p>This method is not constrained by an interface or superclass, but converts a caught checked exception to an unchecked exception and throws it. It would be more appropriate just to throw the checked exception, adding the exception to the throws clause of the method.</p></description> <tag>style</tag> </rule> <rule key='EXS_EXCEPTION_SOFTENING_HAS_CHECKED' priority='INFO'> <name>Style - Constrained method converts checked exception to unchecked instead of another allowable checked exception</name> <configKey>EXS_EXCEPTION_SOFTENING_HAS_CHECKED</configKey> <description><p>This method's exception signature is constrained by an interface of superclass not to throw a checked exception that was caught. Therefore this exception was converted to an unchecked exception and thrown. It would probably be better to throw the closest checked exception allowed, and to annotate the new exception with the original exception using the initial cause field.</p></description> <tag>style</tag> </rule> <rule key='EXS_EXCEPTION_SOFTENING_NO_CHECKED' priority='INFO'> <name>Style - Constrained method converts checked exception to unchecked</name> <configKey>EXS_EXCEPTION_SOFTENING_NO_CHECKED</configKey> <description><p>This method's exception signature is constrained by an interface or superclass not to throw any checked exceptions. Therefore a caught checked exception was converted to an unchecked exception and thrown. However, it appears that the class in question is owned by the same author as the constraining interface or superclass. Consider changing the signature of this method to include the checked exception.</p></description> <tag>style</tag> </rule> <rule key='EXS_EXCEPTION_SOFTENING_RETURN_FALSE' priority='INFO'> <name>Style - method converts an exception into a boolean 'error code' value</name> <configKey>EXS_EXCEPTION_SOFTENING_RETURN_FALSE</configKey> <description><p>This method catches an exception and returns a boolean that represents whether an exception occurred or not. This throws away the value of exception handling and lets code ignore the resultant 'error code' return value. You should just throw the exception to the caller instead.</p></description> <tag>style</tag> </rule> <rule key='CFS_CONFUSING_FUNCTION_SEMANTICS' priority='INFO'> <name>Style - Method returns modified parameter</name> <configKey>CFS_CONFUSING_FUNCTION_SEMANTICS</configKey> <description><p>This method appears to modify a parameter, and then return this parameter as the method's return value. This will be confusing to callers of this method, as it won't be apparent that the 'original' passed-in parameter will be changed as well. If the purpose of this method is to change the parameter, it would be more clear to change the method to have a void return value. If a return type is required due to interface or superclass contract, perhaps a clone of the parameter should be made.</p></description> <tag>style</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_ACTUAL_CONSTANT' priority='INFO'> <name>Style - JUnit test method passes constant to second (actual) assertion parameter</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_ACTUAL_CONSTANT</configKey> <description><p>This method calls <code>assertXXX</code> passing a constant value as the second of the two values. The assert methods assume that the expected value is the first parameter, and so it appears that the order of values has been swapped here.</p></description> <tag>style</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_INEXACT_DOUBLE' priority='INFO'> <name>Style - JUnit test method asserts that two doubles are exactly equal</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_INEXACT_DOUBLE</configKey> <description><p>This method calls <code>assertXXX</code> with two doubles or Doubles. Due to the imprecision of doubles, you should be using the assert method that takes a range parameter that gives a range of error.</p></description> <tag>style</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_BOOLEAN_ASSERT' priority='INFO'> <name>Style - JUnit test method asserts that a value is equal to true or false</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_BOOLEAN_ASSERT</configKey> <description><p>This method asserts that a value is equal to true or false. It is simpler to just use assertTrue or assertFalse instead.</p></description> <tag>style</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_IMPOSSIBLE_NULL' priority='CRITICAL'> <name>Correctness - JUnit test method asserts that an autoboxed value is not null</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_IMPOSSIBLE_NULL</configKey> <description><p>This method asserts that a primitive value that was autoboxed into a boxed primitive was not null. This will never happen, as primitives are never null, and thus the autoboxed value isn't either.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_ASSERT_USED' priority='MAJOR'> <name>Correctness - JUnit test method uses Java asserts rather than a JUnit assertion</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_ASSERT_USED</configKey> <description><p>This method uses a Java assert to assure that a certain state is in effect. As this is a JUnit test it makes more sense to either check this condition with a JUnit assert, or allow a following exception to occur.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_NULL' priority='MAJOR'> <name>Correctness - JUnit test method passes null Assert.assertEquals</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_NULL</configKey> <description><p>This method compares an object's equality to null. It is better to use the Assert.assertNull method so that the JUnit failure method is more descriptive of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_NOT_NULL' priority='MAJOR'> <name>Correctness - JUnit test method passes null Assert.assertNotEquals</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_NOT_NULL</configKey> <description><p>This method compares an object's inequality to null. It is better to use the Assert.assertNotNull method so that the JUnit failure method is more descriptive of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_EQUALS' priority='MAJOR'> <name>Correctness - JUnit test method passes boolean expression to Assert.assertFalse / Assert.assertTrue</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_EQUALS</configKey> <description><p>This method evaluates a boolean expression and passes that to Assert.assertFalse / Assert.assertTrue. It is better to pass the two values that are being equated to the Assert.assertEquals method so that the JUnit failure method is more descriptive of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_NOT_EQUALS' priority='MAJOR'> <name>Correctness - JUnit test method passes boolean expression to Assert.assertFalse / Assert.assertTrue</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_USE_ASSERT_NOT_EQUALS</configKey> <description><p>This method evaluates a boolean expression and passes that to Assert.assertFalse / Assert.assertTrue. It is better to pass the two values that are being equated to the Assert.assertNotEquals method so that the JUnit failure method is more descriptive of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_NO_ASSERT' priority='MAJOR'> <name>Correctness - JUnit test method appears to have no assertions</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_NO_ASSERT</configKey> <description><p>This JUnit test method has no assertions. While a unit test could still be valid if it relies on whether or not an exception is thrown, it is usually a sign of a weak test if there are no assertions. Consider calling <code>fail</code> after an exception was expected. It is also possible that assertions occur in a called method that is not seen by this detector, but this makes the logic of this test more difficult to reason about.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_JUNIT_ASSERTION_ODDITIES_USING_DEPRECATED' priority='MAJOR'> <name>Correctness - JUnit 4 test using deprecated junit.framework.* classes</name> <configKey>UTAO_JUNIT_ASSERTION_ODDITIES_USING_DEPRECATED</configKey> <description><p>This JUnit 4 test is still using classes from the junit.framework.* package. You should switch them over to the corresponding org.junit.* set of classes, instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_ACTUAL_CONSTANT' priority='INFO'> <name>Style - TestNG test method passes constant to first (actual) assertion parameter</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_ACTUAL_CONSTANT</configKey> <description><p>This method calls <code>assertXXX</code> passing a constant value as the first of the two values. The assert method assumes that the expected value is the second parameter, and so it appears that the order of values has been swapped here.</p></description> <tag>style</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_INEXACT_DOUBLE' priority='INFO'> <name>Style - TestNG test method asserts that two doubles are exactly equal</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_INEXACT_DOUBLE</configKey> <description><p>This method calls <code>assertXXX</code> with two doubles or Doubles. Due to the imprecision of doubles, you should be using the assert method that takes a range parameter that gives a range of error.</p></description> <tag>style</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_BOOLEAN_ASSERT' priority='INFO'> <name>Style - TestNG test method asserts that a value is true or false</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_BOOLEAN_ASSERT</configKey> <description><p>This method asserts that a value is equal to true or false. It is simpler to just use assertTrue, or assertFalse, instead.</p></description> <tag>style</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_IMPOSSIBLE_NULL' priority='CRITICAL'> <name>Correctness - TestNG test method asserts that an autoboxed value is not null</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_IMPOSSIBLE_NULL</configKey> <description><p>This method asserts that a primitive value that was autoboxed into a boxed primitive was not null. This will never happen, as primitives are never null, and thus the autoboxed value isn't either.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_ASSERT_USED' priority='MAJOR'> <name>Correctness - TestNG test method uses Java asserts rather than a TestNG assertion</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_ASSERT_USED</configKey> <description><p>This method uses a Java assert to assure that a certain state is in effect. As this is a TestNG test it makes more sense to either check this condition with a TestNG assert, or allow a following exception to occur.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_NULL' priority='MAJOR'> <name>Correctness - TestNG test method passes null Assert.assertEquals</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_NULL</configKey> <description><p>This method compares an object's equality to null. It is better to use the Assert.assertNull method so that the TestNG failure method is more descriptive of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_NOT_NULL' priority='MAJOR'> <name>Correctness - TestNG test method passes null Assert.assertNotEquals</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_NOT_NULL</configKey> <description><p>This method compares an object's inequality to null. It is better to use the Assert.assertNotNull method so that the TestNG failure method is more descriptive of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_EQUALS' priority='MAJOR'> <name>Correctness - TestNG test method passes boolean expression to Assert.assertFalse / Assert.assertTrue</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_EQUALS</configKey> <description><p>This method evaluates a boolean expression and passes that to Assert.assertFalse / Assert.assertTrue. It is better to pass the two values that are being equated to the Assert.assertEquals method so that the TestNG failure method is more meaningful of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_NOT_EQUALS' priority='MAJOR'> <name>Correctness - TestNG test method passes boolean expression to Assert.assertFalse / Assert.assertTrue</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_USE_ASSERT_NOT_EQUALS</configKey> <description><p>This method evaluates a boolean expression and passes that to Assert.assertFalse / Assert.assertTrue. It is better to pass the two values that are being equated to the Assert.assertNotEquals method so that the TestNG failure method is more meaningful of the intended test.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTAO_TESTNG_ASSERTION_ODDITIES_NO_ASSERT' priority='MAJOR'> <name>Correctness - TestNG test method appears to have no assertions</name> <configKey>UTAO_TESTNG_ASSERTION_ODDITIES_NO_ASSERT</configKey> <description><p>This TestNG test method has no assertions. While a unit test could still be valid if it relies on whether or not an exception is thrown, it is usually a sign of a weak test if there are no assertions. Consider calling <code>fail</code> after an exception was expected. It is also possible that assertions occur in a called method that is not seen by this detector, but this makes the logic of this test more difficult to reason about.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SCA_SUSPICIOUS_CLONE_ALGORITHM' priority='MAJOR'> <name>Correctness - Clone method stores a new value to member field of source object</name> <configKey>SCA_SUSPICIOUS_CLONE_ALGORITHM</configKey> <description><p>The clone method stores a value to a member field of the source object. Normally, all changes are made to the cloned object, and given that cloning is almost always considered a read-only operation, this seems incorrect.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='WEM_WEAK_EXCEPTION_MESSAGING' priority='INFO'> <name>Style - Method throws exception with static message string</name> <configKey>WEM_WEAK_EXCEPTION_MESSAGING</configKey> <description><p>This method creates and throws an exception using a static string as the exceptions message. Without any specific context of this particular exception invocation, such as the values of parameters, key member variables, or local variables, it may be difficult to infer how this exception occurred. Consider adding context to the exception message.</p></description> <tag>style</tag> </rule> <rule key='WEM_OBSCURING_EXCEPTION' priority='INFO'> <name>Style - Method throws a java.lang.Exception that wraps a more useful exception</name> <configKey>WEM_OBSCURING_EXCEPTION</configKey> <description><p>This method catches an exception and generates a new exception of type java.lang.Exception, passing the original exception as the new Exception's cause. If the original Exception was actually a java.lang.Error, this is dubious as you should not be handling errors. If the original exception is a more specific exception, there is no reason to wrap it in a java.lang.Exception; this just obfuscates the type of error that is occurring. </p></description> <tag>style</tag> </rule> <rule key='SCSS_SUSPICIOUS_CLUSTERED_SESSION_SUPPORT' priority='MAJOR'> <name>Correctness - Method modifies an http session attribute without calling setAttribute</name> <configKey>SCSS_SUSPICIOUS_CLUSTERED_SESSION_SUPPORT</configKey> <description><p>This method fetches a complex object from an HttpSession object, modifies this object, but does not call setAttribute, to inform the application server that this attribute has been changed. This will cause this attribute not to be updated in other servers in a clustered environment, as only changes marked by a call to setAttribute are replicated.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_LOGGER_LOST_EXCEPTION_STACK_TRACE' priority='MAJOR'> <name>Correctness - Method incorrectly passes exception as first argument to logger method</name> <configKey>LO_LOGGER_LOST_EXCEPTION_STACK_TRACE</configKey> <description><p>This method passes an exception as the first argument to a logger method. The stack trace is potentially lost due to the logger emitting the exception using toString(). It is better to construct a log message with sufficient context and pass the exception as the second argument to capture the stack trace.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_SUSPECT_LOG_CLASS' priority='MAJOR'> <name>Correctness - Method specifies an unrelated class when allocating a Logger</name> <configKey>LO_SUSPECT_LOG_CLASS</configKey> <description><p>This method creates a Logger by passing in a specification for a class that is unrelated to the class in which the logger is going to be used. This is likely caused by copy/paste code.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_SUSPECT_LOG_PARAMETER' priority='MAJOR'> <name>Correctness - Constructor declares a Logger parameter</name> <configKey>LO_SUSPECT_LOG_PARAMETER</configKey> <description><p>This constructor declares a parameter that is a Logger. As loggers are meant to be created statically per class, it doesn't make sense that you would pass a Logger from one class to another. Declare the Logger static in each class instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_STUTTERED_MESSAGE' priority='INFO'> <name>Style - Method stutters exception message in logger</name> <configKey>LO_STUTTERED_MESSAGE</configKey> <description><p>This method uses a logger method that takes an exception, and passes the result of the exception's getMessage() method as the log message. Since you are already passing in the exception, that message is already present in the logs, and by passing it in as the message, you are just stuttering information. It would be more helpful to provide a handwritten message that describes the error in this method, possibly including the values of key variables.</p></description> <tag>style</tag> </rule> <rule key='LO_INVALID_FORMATTING_ANCHOR' priority='MAJOR'> <name>Correctness - Method attempts to log using numbered formatting anchors</name> <configKey>LO_INVALID_FORMATTING_ANCHOR</configKey> <description><p>This method attempts to use an SLF4J or Log4j2 logger to log a parameterized expression using formatting anchors. However, SLF4J and Log4j2 use simple non numbered anchors such as {}, rather than anchors with digits in them as the code uses. Thus no parameter replacement will occur.</p> <p>This pattern is invalid: <code>LOGGER.error("{0} is broken", theThing);</code> Use instead <code>LOGGER.error("{} is broken", theThing);</code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_INVALID_STRING_FORMAT_NOTATION' priority='MAJOR'> <name>Correctness - Method attempts to log using String.format notation</name> <configKey>LO_INVALID_STRING_FORMAT_NOTATION</configKey> <description><p>This method attempts to use an SLF4J or Log4j2 logger to log a parameterized expression using String.format notation. However, SLF4J and Log4j2 uses simple non numbered anchors such as {}, rather than anchors with percent signs in them as the code uses. Thus no parameter replacement will occur.</p> <p>This pattern is invalid: <code>LOGGER.error("%s is broken", theThing);</code> Use instead <code>LOGGER.error("{} is broken", theThing);</code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_INCORRECT_NUMBER_OF_ANCHOR_PARAMETERS' priority='MAJOR'> <name>Correctness - Method passes an incorrect number of parameters to an SLF4J or Log4j2 logging statement</name> <configKey>LO_INCORRECT_NUMBER_OF_ANCHOR_PARAMETERS</configKey> <description><p>This method passes the wrong number of parameters to an SLF4J or Log4j2 logging method (error, warn, info, debug) based on the number of anchors {} in the format string. An additional exception argument is allowed if found.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_EXCEPTION_WITH_LOGGER_PARMS' priority='MAJOR'> <name>Correctness - Method creates exception with logger parameter markers in message</name> <configKey>LO_EXCEPTION_WITH_LOGGER_PARMS</configKey> <description><p>This method passes a standard exception as a logger parameter, and expects this exception to be substituted in an SLF4J or Log4j style parameter marker '{}'. This marker will not be translated as SLF4J and Log4j2 don't process the Exception class for markers. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_APPENDED_STRING_IN_FORMAT_STRING' priority='MAJOR'> <name>Performance - Method passes a concatenated string to SLF4J's or Log4j2's format string</name> <configKey>LO_APPENDED_STRING_IN_FORMAT_STRING</configKey> <description><p>This method uses an SLF4J or Log4j2 logger to log a string, where the first (format) string is created using concatenation. You should use {} markers to inject dynamic content into the string, so that String building is delayed until the actual log string is needed. If the log level is high enough that this log statement isn't used, then the appends will never be executed.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='LO_EMBEDDED_SIMPLE_STRING_FORMAT_IN_FORMAT_STRING' priority='MAJOR'> <name>Correctness - Method passes a simple String.format result to an SLF4J's or Log4j2's format string</name> <configKey>LO_EMBEDDED_SIMPLE_STRING_FORMAT_IN_FORMAT_STRING</configKey> <description><p>This method uses an SLF4J or Log4J2 logger to log a string which was produced through a call to String.format, where the format string passed was a constant string containing only simple format markers that could be directly handled by SLF4J or Log4J. Rather than doing <pre> logger.error(String.format("This %s is an error", s)); <pre> do <pre> logger.error("This {} is an error", s); </pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_TOSTRING_PARAMETER' priority='MAJOR'> <name>Correctness - Method explicitly calls toString() on a logger parameter</name> <configKey>LO_TOSTRING_PARAMETER</configKey> <description><p>This method uses parameterized logging to avoid the cost of string concatenation in the case that the log level does not meet the needed level. However, one or more of the parameters passed to the logging method uses .toString() to present a String representation for the parameter. This is unneeded as the logger will do this for you, and because it is explicitly done, will always be called even if the log statement is not actually written. Also, by dropping the '.toString()' you may avoid unnecessary NPEs. Just pass the variable as a parameter instead.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LO_NON_PRIVATE_STATIC_LOGGER' priority='MAJOR'> <name>Correctness - Class defines non private logger using a static class context</name> <configKey>LO_NON_PRIVATE_STATIC_LOGGER</configKey> <description><p>This class defines a static logger as non private. It does so by passing the name of a class such as <code><pre>public static final Logger LOG = LoggerFactory.getLogger(Foo.class);</pre></code> Since this class is public it may be used in other classes, but doing so will provide the incorrect class reference as the class is hard coded. </p> <p> It is recommend to define static loggers as private, and just redefine a new logger in any class that you need to have logging done. <p> <p>If you wish to have a base class define the logger, and have derived classes use that logger, you can potentially use instance based logging, such as <code><pre>protected final Logger LOG = LoggerFactory.getLogger(getClass());</pre></code> However this has the downside of being an instance based logger, and creating a logger object in each instance of the class where it is used. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='IICU_INCORRECT_INTERNAL_CLASS_USE' priority='MAJOR'> <name>Correctness - Class relies on internal API classes</name> <configKey>IICU_INCORRECT_INTERNAL_CLASS_USE</configKey> <description><p>This class makes use of internal API classes. As these classes are not documented, nor externally released as part of the API, they are subject to change or removal. You should not be using these classes.</p> Packages that shouldn't be used are: <ul> <li>sun.xxx</li> <li>org.apache.xerces.xxx</li> <li>org.apache.xalan.xxx</li> </ul></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='DSOC_DUBIOUS_SET_OF_COLLECTIONS' priority='MAJOR'> <name>Performance - Method uses a set of collections</name> <configKey>DSOC_DUBIOUS_SET_OF_COLLECTIONS</configKey> <description><p>This method creates a set that contains other collections, or a Map whose keySet is another collection. As collections tend to calculate hashCode, equals, and compareTo by iterating the contents of the collection, this can perform poorly.</p> <p>In addition, when a set is used, you typically are using it to do 'contains', or 'find' type functionality, which seems dubious when done on a collection.</p> <p>Finally, as a collection is often modified, problems will occur if the collection is contained in a set, because the hashCode, equals or compareTo values will change while the collection is in the set.</p> <p>If you wish to maintain a collection of collections, it is probably better to use a List as the outer collection.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='BED_BOGUS_EXCEPTION_DECLARATION' priority='MAJOR'> <name>Correctness - Non derivable method declares throwing an exception that isn't thrown</name> <configKey>BED_BOGUS_EXCEPTION_DECLARATION</configKey> <description><p>This method declares that it throws a checked exception that it does not throw. As this method is either a constructor, static method or private method, there is no reason for this method to declare the exception in its throws clause, and just causes calling methods to unnecessarily handle an exception that will never be thrown. The exception in question should be removed from the throws clause.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='BED_HIERARCHICAL_EXCEPTION_DECLARATION' priority='MAJOR'> <name>Correctness - Method declares throwing two or more exceptions related by inheritance</name> <configKey>BED_HIERARCHICAL_EXCEPTION_DECLARATION</configKey> <description><p>This method declares that it throws an exception that is the child of another exception that is also declared to be thrown. Given that the parent exception is declared, there is no need for the child exception to also be declared; it just adds confusion.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UNNC_UNNECESSARY_NEW_NULL_CHECK' priority='MAJOR'> <name>Correctness - Method checks the result of a new allocation</name> <configKey>UNNC_UNNECESSARY_NEW_NULL_CHECK</configKey> <description><p>This method allocates an object with <code>new</code>, and then checks that the object is null or non null. As the new operator is guaranteed to either succeed or throw an exception, this null check is unnecessary and can be removed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='DTEP_DEPRECATED_TYPESAFE_ENUM_PATTERN' priority='INFO'> <name>Style - Class appears to implement the old style type safe enum pattern</name> <configKey>DTEP_DEPRECATED_TYPESAFE_ENUM_PATTERN</configKey> <description><p>This class appears to implement the old-style typesafe enum pattern that was used in place of real enums. Since this class is compiled with Java 1.5 or better, it would be simpler and more easy to understand if it was just switched over to an <code>enum</code>.</p></description> <tag>style</tag> </rule> <rule key='TBP_TRISTATE_BOOLEAN_PATTERN' priority='INFO'> <name>Style - Method returns null for Boolean type</name> <configKey>TBP_TRISTATE_BOOLEAN_PATTERN</configKey> <description><p>This method declares that it returns a Boolean value. However, the code can return a null value. As this is now three values that can be returned - Boolean.TRUE, Boolean.FALSE, null - you have changed what a Boolean means. It would be clearer to just create a new Enum that has the three values you want, and define that the method returns that type.</p></description> <tag>style</tag> </rule> <rule key='SUA_SUSPICIOUS_UNINITIALIZED_ARRAY' priority='MAJOR'> <name>Correctness - Method returns an array that appears not to be initialized</name> <configKey>SUA_SUSPICIOUS_UNINITIALIZED_ARRAY</configKey> <description><p>This method returns an array that was allocated but apparently not initialized. It is possible that the caller of this method will do the work of initializing this array, but that is not a common pattern, and it is assumed that this array has just been forgotten to be initialized.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='ITU_INAPPROPRIATE_TOSTRING_USE' priority='MAJOR'> <name>Correctness - Method performs algorithmic operations on the result of a toString() call</name> <configKey>ITU_INAPPROPRIATE_TOSTRING_USE</configKey> <description><p>This method calls algorithmic operations on a String that was returned from a toString() method. As these methods are for debugging/logging purposes, it shouldn't be the basis of core logic in your code.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='IKNC_INCONSISTENT_HTTP_ATTRIBUTE_CASING' priority='INFO'> <name>Style - Method uses the same HttpSession attribute name but with different casing</name> <configKey>IKNC_INCONSISTENT_HTTP_ATTRIBUTE_CASING</configKey> <description><p>This method sets or gets an HttpSession attribute with a parameter name that was used in other locations but with a different casing. As HttpSession attribute are case-sensitive, this will be very confusing.</p></description> <tag>style</tag> </rule> <rule key='IKNC_INCONSISTENT_HTTP_PARAM_CASING' priority='INFO'> <name>Style - Method uses the same HttpRequest parameter name but with different casing</name> <configKey>IKNC_INCONSISTENT_HTTP_PARAM_CASING</configKey> <description><p>This method fetches an HttpServletRequest parameter with a parameter name that was used in other locations but with a different casing. As HttpServletRequest parameters are case-sensitive, this will be very confusing.</p></description> <tag>style</tag> </rule> <rule key='OC_OVERZEALOUS_CASTING' priority='MAJOR'> <name>Correctness - Method manually casts the right hand side of an assignment more specifically than needed</name> <configKey>OC_OVERZEALOUS_CASTING</configKey> <description><p>This method casts the right hand side of an expression to a class that is more specific than the variable on the left hand side of the assignment. The cast only has to be as specific as the variable that is on the left. Using a more specific type on the right hand side just increases cohesion.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='PDP_POORLY_DEFINED_PARAMETER' priority='MAJOR'> <name>Correctness - Method defines parameters more abstractly than needed to function properly</name> <configKey>PDP_POORLY_DEFINED_PARAMETER</configKey> <description><p>This method defines parameters at a more abstract level than is actually needed to function correctly, as the code casts these parameters to more concrete types. Since this method is not derivable, you should just define the parameters with the type that is needed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='NSE_NON_SYMMETRIC_EQUALS' priority='MAJOR'> <name>Correctness - Equals method compares this object against other types in a non symmetric way</name> <configKey>NSE_NON_SYMMETRIC_EQUALS</configKey> <description><p>This class implements an equals method that compares this object against another type of object. This is almost always a bad thing to do, but if it is to be done, you must make sure that the basic symmetry rule of equivalence is maintained, that being if a equals b, then b equals a. It does not appear that the class that is being compared to this class knows about this class, and doesn't compare itself to this.</p> <p> Here's an example of a BAD equals method, do NOT do this: <pre><code> class Person { public boolean equals(Object o) { if (o instanceof Person) { return name.equals(((Person) o).name); } else if (o instanceof String) { return name.equals(o); } return false; } } </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CVAA_CONTRAVARIANT_ARRAY_ASSIGNMENT' priority='MAJOR'> <name>Correctness - Method performs a contravariant array assignment</name> <configKey>CVAA_CONTRAVARIANT_ARRAY_ASSIGNMENT</configKey> <description><p>This method contains a contravariant array assignment. Since arrays are mutable data structures, their use must be restricted to covariant or invariant usage.</p> <pre><code> class A {} class B extends A {} B[] b = new B[2]; A[] a = b; </code></pre></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CVAA_CONTRAVARIANT_ELEMENT_ASSIGNMENT' priority='MAJOR'> <name>Correctness - Method performs a contravariant array element assignment</name> <configKey>CVAA_CONTRAVARIANT_ELEMENT_ASSIGNMENT</configKey> <description><p>This method contains a contravariant array element assignment. Since arrays are mutable data structures, their use must be restricted to covariant or invariant usage.</p> <pre><code> class A {} class B extends A {} B[] b = new B[2]; A[] a = b; a[0] = new A(); // results in ArrayStoreException (Runtime) </code></pre></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='NFF_NON_FUNCTIONAL_FIELD' priority='MAJOR'> <name>Correctness - Serializable class defines a final transient field</name> <configKey>NFF_NON_FUNCTIONAL_FIELD</configKey> <description><p>This serializable class defines a field as both transient and final. As transient fields are not serialized across the stream, it is required that some piece of code reinitialize that field when it is deserialized. But since constructors aren't called when deserializing, the field is not initialized. And since the field is final, no other method can initialize it either.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SNG_SUSPICIOUS_NULL_FIELD_GUARD' priority='MAJOR'> <name>Correctness - Method tests a field for not null as guard and reassigns it</name> <configKey>SNG_SUSPICIOUS_NULL_FIELD_GUARD</configKey> <description><p>This method tests a field to make sure it's not null before executing a conditional block of code. However, in the conditional block it reassigns the field. It is likely that the guard should have been a check to see if the field is null, not that the field was not null.</p> <p>example: <pre><code> if (name != null) { name = person.getName(); } </code></pre> It is possible this is correct, but it seems likely the guard was meant to be <code>if (name == null)</code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SNG_SUSPICIOUS_NULL_LOCAL_GUARD' priority='MAJOR'> <name>Correctness - Method tests a local variable for not null as guard and reassigns it</name> <configKey>SNG_SUSPICIOUS_NULL_LOCAL_GUARD</configKey> <description><p>This method tests a local variable to make sure it's not null before executing a conditional block of code. However, in the conditional block it reassigns the local variable. It is likely that the guard should have been a check to see if the local variable is null, not that the local variable was not null.</p> <p>example: <pre><code> if (name != null) { name = person.getName(); } </code></pre> It is possible this is correct, but it seems likely the guard was meant to be <code>if (name == null)</code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_RUNTIME_EXIT_OR_HALT' priority='MAJOR'> <name>Correctness - Method calls Runtime.exit() or Runtime.halt()</name> <configKey>MDM_RUNTIME_EXIT_OR_HALT</configKey> <description><p>Calling <code>Runtime.exit()</code> or <code>Runtime.halt()</code> shuts down the entire Java virtual machine. This should only be done in very rare circumstances. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_RUNFINALIZATION' priority='MAJOR'> <name>Correctness - Method triggers finalization</name> <configKey>MDM_RUNFINALIZATION</configKey> <description><p>Manually triggering finalization can result in serious performance problems and may be masking resource cleanup bugs. Only the garbage collector, not application code, should be concerned with finalization.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_BIGDECIMAL_EQUALS' priority='MAJOR'> <name>Correctness - Method calls BigDecimal.equals()</name> <configKey>MDM_BIGDECIMAL_EQUALS</configKey> <description><p>This method calls <code>equals()</code> to compare two <code>java.math.BigDecimal</code> numbers. This is normally a mistake, as two <code>BigDecimal</code> objects are only equal if they are equal in both value and scale, so that <i>2.0</i> is not equal to <i>2.00</i>. To compare <code>BigDecimal</code> objects for mathematical equality, use <code>compareTo()</code> instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_INETADDRESS_GETLOCALHOST' priority='MAJOR'> <name>Correctness - Method calls InetAddress.getLocalHost()</name> <configKey>MDM_INETADDRESS_GETLOCALHOST</configKey> <description><p>Do not call <code>InetAddress.getLocalHost()</code> on multihomed servers. On a multihomed server, <code>InetAddress.getLocalHost()</code> simply returns the IP address associated with the server's internal hostname. This could be any of the network interfaces, which could expose the machine to security risks. Server applications that need to listen on sockets should add configurable properties to define which network interfaces the server should bind.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_PROMISCUOUS_SERVERSOCKET' priority='MAJOR'> <name>Correctness - Method creates promiscuous ServerSocket object</name> <configKey>MDM_PROMISCUOUS_SERVERSOCKET</configKey> <description><p>Do not use the <code>ServerSocket</code> constructor or <code>ServerSocketFactory.createServerSocket()</code> factory methods that accept connections on any network interface. By default, an application that listens on a socket will listen for connection attempts on any network interface, which can be a security risk. Only the long form of the <code>ServerSocket</code> constructor or <code>ServerSocketFactory.createServerSocket()</code> factory methods take a specific local address to define which network interface the socket should bind.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_RANDOM_SEED' priority='MAJOR'> <name>Correctness - Method creates insecure Random object</name> <configKey>MDM_RANDOM_SEED</configKey> <description><p><code>Random()</code> constructor without a seed is insecure because it defaults to an easily guessable seed: <code>System.currentTimeMillis()</code>. Initialize a seed like <code>new Random(SecureRandom.getInstance("SHA1PRNG").nextLong())</code> or replace <code>Random()</code> with <code>SecureRandom.getInstance("SHA1PRNG")</code> instead. "SHA1PRNG" is the random algorithm supported on all platforms. </p> <p> As of Java 6, you may use <code>new Random(new SecureRandom().nextLong())</code> or <code>new SecureRandom()</code> instead. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_SECURERANDOM' priority='MAJOR'> <name>Correctness - Method calls deprecated SecureRandom method</name> <configKey>MDM_SECURERANDOM</configKey> <description><p>In JDK 1.5 or less, the <code>SecureRandom()</code> constructors and <code>SecureRandom.getSeed()</code> method are recommended against using. Call <code>SecureRandom.getInstance()</code> and <code>SecureRandom.getInstance().generateSeed()</code> instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_THREAD_PRIORITIES' priority='MAJOR'> <name>Multi-threading - Method uses suspicious thread priorities</name> <configKey>MDM_THREAD_PRIORITIES</configKey> <description><p>Getting or setting thread priorities is not portable and could cause or mask race conditions.</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='MDM_THREAD_YIELD' priority='MAJOR'> <name>Multi-threading - Method attempts to manually schedule threads</name> <configKey>MDM_THREAD_YIELD</configKey> <description><p>Manual thread scheduling with <code>Thread.sleep()</code> or <code>Thread.yield()</code> has no guaranteed semantics and is often used to mask race conditions. These methods exist for supporting early processors when java was first released, and are not advised for modern processors. The operating system will take care of yielding threads for you.</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='MDM_WAIT_WITHOUT_TIMEOUT' priority='MAJOR'> <name>Multi-threading - Method sleeps without timeout</name> <configKey>MDM_WAIT_WITHOUT_TIMEOUT</configKey> <description><p>Calling one of the following methods without timeout could block forever. Consider using a timeout to detect deadlocks or performance problems. Methods: <ul> <li>Thread.join()</li> <li>Object.wait()</li> <li>Condition.await()</li> <li>Lock.lock()</li> <li>Lock.lockInterruptibly()</li> <li>ReentrantLock.lock()</li> <li>ReentrantLock.lockInterruptibly()</li> </ul> </p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='MDM_THREAD_FAIRNESS' priority='MAJOR'> <name>Multi-threading - Method ignores Lock's fairness settings by calling tryLock()</name> <configKey>MDM_THREAD_FAIRNESS</configKey> <description><p>Calling <code>Lock.tryLock()</code> or <code>ReentrantLock.tryLock()</code> without a timeout does not honor the lock's fairness setting. If you want to honor the fairness setting for this lock, then use <code>tryLock(0, TimeUnit.SECONDS)</code> which is almost equivalent (it also detects interruption).</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='MDM_SIGNAL_NOT_SIGNALALL' priority='MAJOR'> <name>Multi-threading - Method calls Condition.signal() rather than Condition.signalAll()</name> <configKey>MDM_SIGNAL_NOT_SIGNALALL</configKey> <description><p><code>Condition.signalAll()</code> is preferred over <code>Condition.signal()</code>. Calling <code>signal()</code> only wakes up one thread, meaning that the thread woken up might not be the one waiting for the condition that the caller just satisfied.</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='MDM_LOCK_ISLOCKED' priority='MAJOR'> <name>Multi-threading - Method tests if a lock is locked</name> <configKey>MDM_LOCK_ISLOCKED</configKey> <description><p>Calling <code>ReentrantLock.isLocked()</code> or <code>ReentrantLock.isHeldByCurrentThread()</code> might indicate race conditions or incorrect locking. These methods are designed for use in debug code or monitoring of the system state, not for synchronization control.</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='MDM_STRING_BYTES_ENCODING' priority='MAJOR'> <name>Correctness - Method encodes String bytes without specifying the character encoding</name> <configKey>MDM_STRING_BYTES_ENCODING</configKey> <description><p>The behavior of the <code>String(byte[] bytes)</code> and <code>String.getBytes()</code> is undefined if the string cannot be encoded in the platform's default charset. Instead, use the <code>String(byte[] bytes, String encoding)</code> or <code>String.getBytes(String encoding)</code> constructor which accepts the string's encoding as an argument. Be sure to specify the encoding used for the user's locale.</p> <p>As per the Java specifications, "UTF-8", "US-ASCII", "UTF-16" and "ISO-8859-1" will all be valid <a href = "http://docs.oracle.com/javase/7/docs/api/java/nio/charset/Charset.html#standard">encoding charsets</a>. If you aren't sure, try "UTF-8".</p> <p><b>New in Java 1.7</b>, you can specify an encoding from <code>StandardCharsets</code>, like <code>StandardCharsets.UTF_8</code>. These are generally preferrable because you don't have to deal with <code>UnsupportedEncodingException</code>.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MDM_SETDEFAULTLOCALE' priority='MAJOR'> <name>Multi-threading - Method calls Locale.setDefault()</name> <configKey>MDM_SETDEFAULTLOCALE</configKey> <description><p>Do not use the <code>Locale.setDefault()</code> method to change the default locale. It changes the JVM's default locale for all threads and makes your applications unsafe to threads. It does not affect the host locale. Since changing the JVM's default locale may affect many different areas of functionality, this method should only be used if the caller is prepared to reinitialize locale-sensitive code running within the same Java Virtual Machine, such as the user interface.</p></description> <tag>multi-threading</tag> <tag>bug</tag> </rule> <rule key='ROOM_REFLECTION_ON_OBJECT_METHODS' priority='MAJOR'> <name>Correctness - Method uses reflection to call a method available on java.lang.Object</name> <configKey>ROOM_REFLECTION_ON_OBJECT_METHODS</configKey> <description><p>This method uses reflection to call a method that is defined in java.lang.Object. As these methods are always available, it is not necessary to call these methods with reflection.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='IPU_IMPROPER_PROPERTIES_USE' priority='MAJOR'> <name>Correctness - Method puts non-String values into a Properties object</name> <configKey>IPU_IMPROPER_PROPERTIES_USE</configKey> <description><p>This method places non-String objects into a Properties object. As the Properties object is intended to be a String to String map, putting non String objects is wrong, and takes advantage of a design flaw in the Properties class by deriving from Hashtable instead of using aggregation. If you want a collection that holds other types of objects, use a Hashtable, or better still newer collections like HashMap or TreeMap.</p> <p> Don't use <code>properties.put("foo", bar);</code> </p> <p> Do use <code>properties.setProperty("foo", "bar");</code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='IPU_IMPROPER_PROPERTIES_USE_SETPROPERTY' priority='MAJOR'> <name>Correctness - Method uses Properties.put instead of Properties.setProperty</name> <configKey>IPU_IMPROPER_PROPERTIES_USE_SETPROPERTY</configKey> <description><p>This method uses the inherited method from Hashtable put(String key, Object value) in a Properties object. Since the Properties object was intended to be only a String to String map, use of the derived put method is discouraged. Use the Properties.setProperty method instead.</p> <p> Don't use <code>properties.put("foo", "bar");</code> </p> <p> Do use <code>properties.setProperty("foo", "bar");</code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP' priority='MAJOR'> <name>Performance - Method allocates an object that is used in a constant way in a loop</name> <configKey>PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP</configKey> <description><p>This method allocates an object using the default constructor in a loop, and then only uses it in a quasi-static way. It is never assigned to anything that lives outside the loop, and could potentially be allocated once outside the loop. Often this can be achieved by calling a clear() like method in the loop, to reset the state of the object in the loop.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='WOC_WRITE_ONLY_COLLECTION_LOCAL' priority='MAJOR'> <name>Correctness - Method creates and initializes a collection but never reads or gains information from it</name> <configKey>WOC_WRITE_ONLY_COLLECTION_LOCAL</configKey> <description><p>This method creates and initializes a collection but then never accesses this collection to gain information or fetch items from the collection. It is likely that this collection is left over from a past effort, and can be removed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='WOC_WRITE_ONLY_COLLECTION_FIELD' priority='MAJOR'> <name>Correctness - Class creates and initializes a collection but never reads or gains information from it</name> <configKey>WOC_WRITE_ONLY_COLLECTION_FIELD</configKey> <description><p>This class creates and initializes a collection as a field but then never accesses this collection to gain information or fetch items from the collection. It is likely that this collection is left over from a past effort, and can be removed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UVA_USE_VAR_ARGS' priority='INFO'> <name>Style - Method defines parameter list with array as last argument, rather than vararg</name> <configKey>UVA_USE_VAR_ARGS</configKey> <description><p>This method defines a parameter list that ends with an array. As this class is compiled with Java 1.5 or better, this parameter could be defined as a vararg parameter instead, which can be more convenient for client developers to use. This is not a bug, per se, just an improvement.</p></description> <tag>style</tag> </rule> <rule key='PUS_POSSIBLE_UNSUSPECTED_SERIALIZATION' priority='MAJOR'> <name>Correctness - Method serializes an instance of a non-static inner class</name> <configKey>PUS_POSSIBLE_UNSUSPECTED_SERIALIZATION</configKey> <description><p>This method serializes an instance of a non-static inner class. Since this class has a reference to the containing class, this outer class will be serialized as well. This is often not intentional, and will make the amount of data that is serialized much more than is needed. If the outer class is not desired to be serialized, either make the inner class static, or pull it out into a separate "first class" class.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SEC_SIDE_EFFECT_CONSTRUCTOR' priority='INFO'> <name>Style - Method uses a Side Effect Constructor</name> <configKey>SEC_SIDE_EFFECT_CONSTRUCTOR</configKey> <description><p>This method creates an object but does not assign this object to any variable or field. This implies that the class operates through side effects in the constructor, which is a bad pattern to use, as it adds unnecessary coupling. Consider pulling the side effect out of the constructor, into a separate method, or into the calling method.</p></description> <tag>style</tag> </rule> <rule key='SGSU_SUSPICIOUS_GETTER_SETTER_USE' priority='MAJOR'> <name>Correctness - Method uses same bean's getter value for setter</name> <configKey>SGSU_SUSPICIOUS_GETTER_SETTER_USE</configKey> <description><p>This method retrieves the property of a Java bean, only to use it in the setter for the same property of the same bean. This is usually a copy/paste typo.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LGO_LINGERING_GRAPHICS_OBJECT' priority='MAJOR'> <name>Performance - Method allocations a java.awt.Graphics object without disposing it</name> <configKey>LGO_LINGERING_GRAPHICS_OBJECT</configKey> <description><p>This method allocates a java.awt.Graphics object but doesn't dispose of it when done. While the garbage collector will clean this up, given that a large number of Graphics objects can be created in a short period of time, it is recommended that you explicitly dispose() of them.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='STB_STACKED_TRY_BLOCKS' priority='INFO'> <name>Style - Method stacks similar try/catch blocks</name> <configKey>STB_STACKED_TRY_BLOCKS</configKey> <description><p>This method declares two try-catch blocks one after another, where each catch block catches the same type of exception. They also throw uniformly the same type of exception. These two catch blocks can be combined into one to simplify the method.</p></description> <tag>style</tag> </rule> <rule key='CEBE_COMMONS_EQUALS_BUILDER_ISEQUALS' priority='MAJOR'> <name>Correctness - Method returns the result of invoking equals() on EqualsBuilder</name> <configKey>CEBE_COMMONS_EQUALS_BUILDER_ISEQUALS</configKey> <description><p>This method returns the result of <code>equals</code> on the EqualsBuilder type instead of calling the method isEqual().</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CHTH_COMMONS_HASHCODE_BUILDER_TOHASHCODE' priority='MAJOR'> <name>Correctness - Method returns the result of invoking hashCode() on HashCodeBuilder</name> <configKey>CHTH_COMMONS_HASHCODE_BUILDER_TOHASHCODE</configKey> <description><p>This method returns the result of <code>hashCode</code> on the HashCodeBuilder type instead of calling the method toHashCode().</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CSBTS_COMMONS_STRING_BUILDER_TOSTRING' priority='MAJOR'> <name>Correctness - Method returns the result of invoking toString() without intermediate invocation of append() in ToStringBuilder</name> <configKey>CSBTS_COMMONS_STRING_BUILDER_TOSTRING</configKey> <description><p>This method returns the result of <code>toString</code> on a ToStringBuilder without an intermediate invocation of append().</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CCNE_COMPARE_CLASS_EQUALS_NAME' priority='MAJOR'> <name>Correctness - Method compares class name instead of comparing class</name> <configKey>CCNE_COMPARE_CLASS_EQUALS_NAME</configKey> <description><p>In a JVM, two classes are the same class (and consequently the same type) if they are loaded by the same class loader, and they have the same fully qualified name [JVMSpec 1999]. Comparing class name ignores the class loader.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='BRPI_BACKPORT_REUSE_PUBLIC_IDENTIFIERS' priority='MAJOR'> <name>Performance - Method uses backported libraries that are now built in</name> <configKey>BRPI_BACKPORT_REUSE_PUBLIC_IDENTIFIERS</configKey> <description><p>This class uses either Backport Utils concurrent classes from Emory, or Time classes from ThreeTen Backport. Updated/efficient versions of these classes are available in the version of the JDK that this code is compiled against - JDK 1.5 for the concurrent classes, and JDK 1.8 for the time classes - and these classes should only be used if you are targeting a JDK lower than this.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='CU_CLONE_USABILITY_OBJECT_RETURN' priority='INFO'> <name>Style - Clone method declares it returns an Object</name> <configKey>CU_CLONE_USABILITY_OBJECT_RETURN</configKey> <description><p>This class implements the Cloneable interface but defines its clone method to return an Object. Since most likely users of this method will need to cast it to the real type, this will be more painful than necessary. Just declare the return value to be the type of this class.</p></description> <tag>style</tag> </rule> <rule key='CU_CLONE_USABILITY_MISMATCHED_RETURN' priority='INFO'> <name>Style - Clone method declares it returns a type different than the owning class</name> <configKey>CU_CLONE_USABILITY_MISMATCHED_RETURN</configKey> <description><p>This class implements the Cloneable interface but defines its clone method to return a type that is different than the class itself, or any interfaces that the class implements.</p></description> <tag>style</tag> </rule> <rule key='CU_CLONE_USABILITY_THROWS' priority='INFO'> <name>Style - Clone method declares it throws CloneNotSupportedException</name> <configKey>CU_CLONE_USABILITY_THROWS</configKey> <description><p>This class implements the Cloneable interface but defines its clone method to still throw a CloneNotSupportedException. Since you are implementing clone() it would make sense that the method in question will <em>not</em> throw that exception, so annotating your method with it just makes clients' use of your class more painful as they have to handle an exception that will never happen. Just remove the throws clause from your method.</p></description> <tag>style</tag> </rule> <rule key='CAAL_CONFUSING_ARRAY_AS_LIST' priority='MAJOR'> <name>Correctness - Method calls Array.asList on an array of primitive values</name> <configKey>CAAL_CONFUSING_ARRAY_AS_LIST</configKey> <description><p>This method passes an array of primitive values to the Arrays.asList call. As primitive values in arrays aren't automatically promoted to boxed primitives in arrays, the asList call cannot convert this array to a list of boxed primitives. It therefore just creates an array with one item in it, the array itself. This is rarely what is desired.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='PSC_PRESIZE_COLLECTIONS' priority='MAJOR'> <name>Performance - Method does not presize the allocation of a collection</name> <configKey>PSC_PRESIZE_COLLECTIONS</configKey> <description><p>This method allocates a collection using the default constructor even though it is known a priori (or at least can be reasonably guessed) how many items are going to be placed in the collection, and thus needlessly causes intermediate reallocations of the collection.</p> <p>You can use the constructor that takes an initial size and that will be much better, but due to the loadFactor of Maps and Sets, even this will not be a correct estimate.</p> <p>If you are using Guava, use its methods that allocate maps and sets with a predetermined size, to get the best chance for no reallocations, such as: <ul> <li>Sets.newHashSetWithExpectedSize(int)</li> <li>Maps.newHashMapWithExpectedSize(int)</li> </ul> If not, a good estimate would be the expectedSize / {LOADING_FACTOR} which by default is 0.75 </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='PSC_SUBOPTIMAL_COLLECTION_SIZING' priority='MAJOR'> <name>Performance - Method uses suboptimal sizing to allocate a collection</name> <configKey>PSC_SUBOPTIMAL_COLLECTION_SIZING</configKey> <description><p>This method allocates a collection using the a constructor that takes a size parameter. However, because Maps and Sets have a loading factor, passing in the exact size you want is an incorrect way to presize the collection, and may still cause reallocations. Since you are using Guava, it is better to use <code><pre> Maps.newHashMapWithExpectedSize(c.size()); </pre></code> or <code><pre> Sets.newHashSetWithExpectedsize(c.size()); </pre></code> as this method calculates the correct size taking into account the loading factor. Alternatively, if you know that the collection will not grow beyond the initial size, you can specify a load factor of 1.0F in the constructor. </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='UMTP_UNBOUND_METHOD_TEMPLATE_PARAMETER' priority='MAJOR'> <name>Correctness - Method declares unbound method template parameter(s)</name> <configKey>UMTP_UNBOUND_METHOD_TEMPLATE_PARAMETER</configKey> <description><p>This method declares a method level template parameter that is not bound by any parameter of this method. Therefore the template parameter adds no validation or type safety and can be removed, as it's just confusing to the reader.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='NPMC_NON_PRODUCTIVE_METHOD_CALL' priority='MAJOR'> <name>Correctness - Method ignores return value of a non mutating method</name> <configKey>NPMC_NON_PRODUCTIVE_METHOD_CALL</configKey> <description><p>This method ignores the return value of a common method that is assumed to be non-mutating. If this method does in fact not modify the object it is called on, there is no reason to call this method, and it can be removed.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='AIOB_ARRAY_INDEX_OUT_OF_BOUNDS' priority='MAJOR'> <name>Correctness - Method attempts to access an array element outside the array's size</name> <configKey>AIOB_ARRAY_INDEX_OUT_OF_BOUNDS</configKey> <description><p>This method accesses an array element using a literal index that is known to be outside the size of the specified array. This will cause an ArrayIndexOutOfBoundsException at runtime.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='AIOB_ARRAY_STORE_TO_NULL_REFERENCE' priority='MAJOR'> <name>Correctness - Method attempts to store an array element to an array that does not appear to be allocated</name> <configKey>AIOB_ARRAY_STORE_TO_NULL_REFERENCE</configKey> <description><p>This method attempts to store an array element into an array that appears not to have been allocated.</p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S2259} instead.</p></description> <status>DEPRECATED</status> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='ICA_INVALID_CONSTANT_ARGUMENT' priority='MAJOR'> <name>Correctness - Method passes an invalid value as a method argument</name> <configKey>ICA_INVALID_CONSTANT_ARGUMENT</configKey> <description><p>This method passes an invalid constant value to a method parameter that expects only a select number of possible values. This is likely going to cause this method to fail to operate correctly.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CNC_COLLECTION_NAMING_CONFUSION' priority='INFO'> <name>Style - Collection variable is named with a different type of collection in the name</name> <configKey>CNC_COLLECTION_NAMING_CONFUSION</configKey> <description><p>This class defines a field or local collection variable with a name that contains a different type of collection in its name. An example would be a Set<User> called userList. This is confusing to the reader, and likely caused by a previous refactor of type, without changing the name. This detector is obviously only checking for English names.</p></description> <tag>style</tag> </rule> <rule key='PME_POOR_MANS_ENUM' priority='INFO'> <name>Style - Simple field is used like an enum</name> <configKey>PME_POOR_MANS_ENUM</configKey> <description><p>This field, although defined as a simple variable (int, String, etc), only has a set of constant values assigned to it. Thus it appears to be used like an enum value, and should probably be defined as such. </p></description> <tag>style</tag> </rule> <rule key='UP_UNUSED_PARAMETER' priority='INFO'> <name>Style - Static or private method has unused parameters</name> <configKey>UP_UNUSED_PARAMETER</configKey> <description><p>This method defines parameters that are never used. As this method is either static or private, and can't be derived from, it is safe to remove these parameters and simplify your method. You should consider, while unlikely, that this method may be used reflectively, and thus you will want to change that call as well. In this case, it is likely that once you remove the parameter, there will be a chain of method calls that have spent time creating this parameter and passing it down the line. All of this may be able to be removed.</p></description> <tag>style</tag> </rule> <rule key='FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY' priority='MAJOR'> <name>Correctness - Class has a circular dependency with other classes</name> <configKey>FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY</configKey> <description><p> This class has a circular dependency with other classes. This makes building these classes difficult, as each is dependent on the other to build correctly. Consider using interfaces to break the hard dependency. The dependency chain can be seen in the GUI version of FindBugs. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MUC_MODIFYING_UNMODIFIABLE_COLLECTION' priority='MAJOR'> <name>Correctness - This method attempts to modify collection that appears to possibly be immutable</name> <configKey>MUC_MODIFYING_UNMODIFIABLE_COLLECTION</configKey> <description><p>This method attempts to modify a collection that it got from a source that could potentially have created an immutable collection, through Arrays.asList, Collections.unmodifiableXXX, or one of Guava's methods. Doing so will cause an exception, as these collections are not mutable.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='HES_EXECUTOR_NEVER_SHUTDOWN' priority='MAJOR'> <name>Correctness - ExecutorService field doesn't ever get shutdown</name> <configKey>HES_EXECUTOR_NEVER_SHUTDOWN</configKey> <description><p>Most <code>ExecutorService</code> objects must be explicitly shut down, otherwise their internal threads can prolong the running of the JVM, even when everything else has stopped.</p> <p>FindBugs has detected that there are no calls to either the <code>shutdown()</code> or <code>shutdownNow()</code> method, and thus, the <code>ExecutorService</code> is not guaranteed to ever terminate. This is especially problematic for <code>Executors.newFixedThreadPool()</code> and most of the other convenience methods in the <code>Executors</code> class.</p> <p>Even though there are some exceptions to this, particularly when a custom <code>ThreadFactory</code> is provided, or for <code>ThreadPoolExecutor</code>s with <code>allowsCoreThreadTimeOut()</code> set to true, it is good practice to explicitly shutdown the <code>ExecutorService</code> when its utility is done.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='HES_LOCAL_EXECUTOR_SERVICE' priority='MAJOR'> <name>Correctness - Suspicious Local Executor Service</name> <configKey>HES_LOCAL_EXECUTOR_SERVICE</configKey> <description><p><code>ExecutorService</code>s are typically instantiated as fields so that many tasks can be executed on a controlled number of <code>Thread</code>s across many method calls. Therefore, it is unusual for <code>ExecutorService</code>s to be a local variable, where tasks will be added only one time, in the enclosing method. </p> <p>Furthermore, when a local <code>ExecutorService</code> reaches the end of scope and goes up for garbage collection, the internal <code>Thread</code>s are not necessarily terminated and can prevent the JVM from ever shutting down.</p> <p>Consider making this local variable a field and creating a method that will explicitly shut down the <code>ExecutorService</code></p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='HES_EXECUTOR_OVERWRITTEN_WITHOUT_SHUTDOWN' priority='MAJOR'> <name>Correctness - An ExecutorService isn't shutdown before the reference to it is lost</name> <configKey>HES_EXECUTOR_OVERWRITTEN_WITHOUT_SHUTDOWN</configKey> <description><p>Most <code>ExecutorService</code> objects must be explicitly shut down, otherwise their internal threads can prevent the JVM from ever shutting down, even when everything else has stopped.</p> <p>FindBugs has detected that something like the following is happening:<br/> <pre><code> ExecutorService executor = ... //e.g. Executors.newCachedThreadPool(); ... public void reset() { this.executor = Executors.newCachedThreadPool(); this.executor.execute(new SampleExecutable()); }<br/> </code></pre> For normal objects, losing the last reference to them like this would trigger the object to be cleaned up in garbage collection. For <code>ExecutorService</code>s, this isn't enough to terminate the internal threads in the thread pool, and the <code>ExecutorService</code> isn't guaranteed to shut down, causing the JVM to never stop. <br/> To fix this, simply add a call to <code>shutdown()</code> like this:<br/> <pre><code> ExecutorService executor = ... //e.g. Executors.newCachedThreadPool(); ... public void reset() { this.executor.shutDown(); //Fix this.executor = Executors.newCachedThreadPool(); this.executor.execute(new SampleExecutable()); } </code></pre> </p> <p>Even though there are some exceptions to this, particularly when a custom <code>ThreadFactory</code> is provided, or for <code>ThreadPoolExecutor</code>s with <code>allowsCoreThreadTimeOut()</code> set to true, it is good practice to explicitly shut down the <code>ExecutorService</code> at the end of execution, or when it is being replaced.</p> <p><b>Note:</b> <code>ExecutorService</code>s are generally created once in a program's life cycle. If you find yourself replacing the <code>ExecutorService</code>, perhaps you may consider restructuring your code to use calls like <code>awaitTermination()</code> or <code>Future</code>s/<code>Callable</code>s to avoid recreating the <code>ExecutorService</code>.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='HCP_HTTP_REQUEST_RESOURCES_NOT_FREED_FIELD' priority='MAJOR'> <name>Correctness - Unreleased HttpRequest network resources (field)</name> <configKey>HCP_HTTP_REQUEST_RESOURCES_NOT_FREED_FIELD</configKey> <description><p>FindBugs has detected an <code>org.apache.http.HttpRequest</code> (e.g. <code>HttpGet</code>, <code>HttpPost</code>, etc) that didn't release its associated resources. Code like the following: <br/> <pre>code> private HttpGet httpGet; public String requestInfo(URI u) { this.httpGet = new HttpGet(u); try(CloseableHttpResponse response = client.execute(httpGet);) { return getResponseAsString(response); } catch (IOException e) { e.printStackTrace(); } return null; } </code></pre> will freeze after a few requests, usually with no indication as to why. </p> <p> The reason this code freezes is because <code>org.apache.http.HttpRequest</code>s need to explicitly release their connection with a call to either <code>reset()</code> or <code>releaseConnection()</code>. The above example can be easily fixed:<br/> <pre><code> private HttpGet httpGet; ... public String requestInfo(URI u) { this.httpGet = new HttpGet(u); try(CloseableHttpResponse response = client.execute(httpGet);) { return getResponseAsString(response); } catch (IOException e) { e.printStackTrace(); } <b>finally { this.httpGet.reset(); }</b> return null; }<br/> </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='HCP_HTTP_REQUEST_RESOURCES_NOT_FREED_LOCAL' priority='MAJOR'> <name>Correctness - Unreleased HttpRequest network resources (local)</name> <configKey>HCP_HTTP_REQUEST_RESOURCES_NOT_FREED_LOCAL</configKey> <description><p>FindBugs has detected an <code>org.apache.http.HttpRequest</code> (e.g. <code>HttpGet</code>, <code>HttpPost</code>, etc) that didn't release its associated resources. Code like the following: <br/> <pre><code> public String requestInfo(URI u) { HttpGet httpGet = new HttpGet(u); try(CloseableHttpResponse response = client.execute(httpGet);) { return getResponseAsString(response); } catch (IOException e) { e.printStackTrace(); } return null; } </code></pre> will freeze after a few requests, usually with no indication as to why. </p> <p> The reason this code freezes is because <code>org.apache.http.HttpRequest</code>s need to explicitly release their connection with a call to either <code>reset()</code> or <code>releaseConnection()</code>, <b>even if the request is a local</b>. The garbage collector will not release these resources, leading to the frustrating freezing scenario described above. <br/>The above example can be easily fixed:<br/> <pre><code> public String requestInfo(URI u) { HttpGet httpGet = new HttpGet(u); try(CloseableHttpResponse response = client.execute(httpGet);) { return getResponseAsString(response); } catch (IOException e) { e.printStackTrace(); } <b>finally { httpGet.reset(); }</b> return null; } </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UJM_UNJITABLE_METHOD' priority='MAJOR'> <name>Performance - This method is too long to be compiled by the JIT</name> <configKey>UJM_UNJITABLE_METHOD</configKey> <description><p>This method is longer than 8000 bytes. By default the JIT will not attempt to compile this method no matter how hot it is, and so this method will always be interpreted. If performance is important, you should consider breaking this method up into smaller chunks. (And it's probably a good idea for readability too!)</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='CTU_CONFLICTING_TIME_UNITS' priority='MAJOR'> <name>Correctness - This method performs arithmetic operations on time values with different units</name> <configKey>CTU_CONFLICTING_TIME_UNITS</configKey> <description><p>This method takes two values that appear to be representing time, and performs arithmetic operations on these two values directly, even though it appears that the two values are representing different time units, such as adding a millisecond value to a nanosecond value. You should convert the two values to the same time unit before performing this calculation in order for it to be meaningful.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CSI_CHAR_SET_ISSUES_USE_STANDARD_CHARSET' priority='MAJOR'> <name>Correctness - This method needlessly uses a String literal as a Charset encoding</name> <configKey>CSI_CHAR_SET_ISSUES_USE_STANDARD_CHARSET</configKey> <description><p>This method uses a string literal to specify a <code>Charset</code> encoding. However, the method invoked has an alternative signature that takes a <code>Charset</code> object. You should use this signature, as this class is compiled with JDK 7 (or better), and the <code>Charset</code> in question is available as a constant from the <code>java.nio.charset.StandardCharsets</code> class.</p> <p>Instead of specifying "UTF-8", use <code>StandardCharsets.UTF_8</code>, for instance. An added benefit of this is that you will not need to catch <code>UnsupportedEncodingException</code>.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CSI_CHAR_SET_ISSUES_USE_STANDARD_CHARSET_NAME' priority='MAJOR'> <name>Correctness - This method should use a StandardCharsets.XXX.name() to specify an encoding</name> <configKey>CSI_CHAR_SET_ISSUES_USE_STANDARD_CHARSET_NAME</configKey> <description><p>This method uses a hand-typed <code>String</code> literal to specify a <code>Charset</code> encoding. As this class is compiled with JDK 7 (or better), and the charset in question is available as a constant from the <code>java.nio.charset.StandardCharsets</code> class, it is better to use the .name() method of the appropriate <code>StandardCharsets</code> constant.</p> <p>The method in question doesn't directly support a <code>Charset</code> as a parameter, only a <code>String</code>. Still, instead of specifying something like "UTF-8" (and potentially mistyping it), use <code>StandardCharsets.UTF_8.name()</code>. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CSI_CHAR_SET_ISSUES_UNKNOWN_ENCODING' priority='MAJOR'> <name>Correctness - This method uses an unknown character encoding literal</name> <configKey>CSI_CHAR_SET_ISSUES_UNKNOWN_ENCODING</configKey> <description><p>This method specifies a <code>Charset</code> encoding with a String literal that is not recognized by the current JDK. It's possible that this application will only be deployed on a JVM that does recognize this encoding, but it seems dubious that this is the case.</p> <p> The standard JDK encodings (for Java 8) are "UTF-8", "US-ASCII", "ISO-8859-1", "UTF-16BE", "UTF-16LE", "UTF-16". These are all case-sensitive. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CBC_CONTAINS_BASED_CONDITIONAL' priority='INFO'> <name>Style - This method uses an excessively complex conditional that can be replaced with Set.contains</name> <configKey>CBC_CONTAINS_BASED_CONDITIONAL</configKey> <description><p>This method uses an overly complex <code>if</code> expression made up of multiple conditions joined by OR, where the same local variable is compared to a static value. When the number of conditions grows, it is much cleaner to build a static set of the possible values, and use the contains method on that set. This will shorten the code, and make it more self documenting.</p></description> <tag>style</tag> </rule> <rule key='OPM_OVERLY_PERMISSIVE_METHOD' priority='INFO'> <name>Style - This method is declared more permissively than is used in the code base</name> <configKey>OPM_OVERLY_PERMISSIVE_METHOD</configKey> <description><p>This method is declared more permissively than the code is using. Having this method be more permissive than is needed limits your ability to make observations about this method, like parameter usage, refactorability, and derivability. It is possible that this detector will report erroneously if: <ul> <li>The method is called from code not being scanned, such as unit tests</li> <li>The method is an API method, expected to be used by unknown client code</li> <li>The method is called through reflection </ul> </p></description> <tag>style</tag> </rule> <rule key='STT_TOSTRING_STORED_IN_FIELD' priority='INFO'> <name>Style - This method stores the value of a toString() call into a field</name> <configKey>STT_TOSTRING_STORED_IN_FIELD</configKey> <description><p>This method calls the toString() method on an object and stores the value in a field. Doing this throws away the type safety of having the object defined by a Class. Using String makes it very easy to use the wrong type of value, and the compiler will not catch these mistakes. You should delay converting values to Strings for as long as possible, and thus not store them as fields. </p></description> <tag>style</tag> </rule> <rule key='STT_STRING_PARSING_A_FIELD' priority='INFO'> <name>Style - This method parses a String that is a field</name> <configKey>STT_STRING_PARSING_A_FIELD</configKey> <description><p>This method calls a parsing method (indexOf, lastIndexOf, startsWith, endsWith, substring, indexOf) on a String that is a field, or comes from a collection that is a field. This implies that the String in question is holding multiple parts of information inside the string, which would be more maintainable and type safe if that value was a true collection or a first class object with fields, rather than a String. </p></description> <tag>style</tag> </rule> <rule key='STT_TOSTRING_MAP_KEYING' priority='INFO'> <name>Style - This method uses a concatenated String as a map key</name> <configKey>STT_TOSTRING_MAP_KEYING</configKey> <description><p>This method builds a key for a map, using a StringBuilder, either implicitly or explicitly. This means the type of the key is something more than a String constant, it is a properly formatted String. However, there is no type based verification that all uses of this key will follow this formatting. It is much better to use a proper, simple, bean class that holds two (or more) fields so that it is clear what is expected for key use. </p> <p> Example<br/> instead of <pre><code> V v = myMap.get(tableName + "-" + columnName); </code></pre> use <pre><code> V v = myMap.get(new ColumnSpec(tableName, columnName)); </code></pre> where ColumnSpec is a simple bean-like class of your creation. The advantages, are <ul> <li>The ColumnSpec fully describes what is expected, you need a tableName and columnName</li> <li>There is no guessing by the programmer what the format is, was it tableName + "_" + columnName?</li> </ul> </p></description> <tag>style</tag> </rule> <rule key='SLS_SUSPICIOUS_LOOP_SEARCH' priority='MAJOR'> <name>Correctness - This method continues a loop after finding an equality condition</name> <configKey>SLS_SUSPICIOUS_LOOP_SEARCH</configKey> <description><p>This method continues with a loop, and does not break out of it, after finding and setting a variable in an <code>if</code> condition based on equality. Since continuing on in the loop would seem to be unlikely to find the item again, breaking at this point would seem to be the proper action.</p> <p>Example: <pre><code> int age = 0; for (Person p : people) { if (p.getName().equals("Dave")) { age = p.getAge(); } } </code></pre> It is likely you wanted a break after getting the age for "Dave".</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CRF_CONFLATING_RESOURCES_AND_FILES' priority='MAJOR'> <name>Correctness - This method accesses URL resources using the File API</name> <configKey>CRF_CONFLATING_RESOURCES_AND_FILES</configKey> <description><p>This method fetches a resource from a URL, and uses the File API to manipulate it. If this resource is a classpath resource, it will work if the resource is a file in a directory. If, however, the file is inside a JAR file this will fail. To avoid this confusing inconsistency, use the URL.openStream API instead to access the data of the classpath resource. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='IMC_IMMATURE_CLASS_NO_EQUALS' priority='INFO'> <name>Style - Class does not implement an equals method</name> <configKey>IMC_IMMATURE_CLASS_NO_EQUALS</configKey> <description><p>This class, which has instance fields, has no equals(Object o) method. It is possible that this class is never used in a context where this is required; it is often assumed, however, from clients of this class that it is, so it is good to add such methods when you create them. </p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_NO_HASHCODE' priority='INFO'> <name>Style - Class does not implement a hashCode method</name> <configKey>IMC_IMMATURE_CLASS_NO_HASHCODE</configKey> <description><p>This class, which has instance fields, has no hashCode() method. It is possible that this class is never used in a context where this is required; it is often assumed, however, from clients of this class that it is, so it is good to add such methods when you create them. </p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_NO_PACKAGE' priority='INFO'> <name>Style - Class is defined in the default package</name> <configKey>IMC_IMMATURE_CLASS_NO_PACKAGE</configKey> <description><p>This class has been created in the default package. Classes should be defined in a proper package structure, typically defined by the reverse of the domain name of the owner of the code base. Putting code in the default (no) package limits its usefulness, including: <ol> <li>Not being able to import this class into classes with packages</li> <li>Leaving it open to name collisions with other packages.</li> </ol> </p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_NO_TOSTRING' priority='INFO'> <name>Style - Class does not implement a toString method</name> <configKey>IMC_IMMATURE_CLASS_NO_TOSTRING</configKey> <description><p>This class, which has instance fields, has no toString() method, which will make debugging with this class more difficult than it could be. Consider adding a toString() method. Using libraries like commons-lang3 ToStringBuilder makes this process easy. </p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_IDE_GENERATED_PARAMETER_NAMES' priority='INFO'> <name>Style - Method uses IDE generated parameter names</name> <configKey>IMC_IMMATURE_CLASS_IDE_GENERATED_PARAMETER_NAMES</configKey> <description><p>This method appears to have been generated from an interface or superclass using an IDE. As such the IDE generated generic names (arg0, arg1, arg2) for parameters for this method, and the author of this method did not change them to be meaningful. For better understandability it is recommended that you name these parameters with regard to their function.</p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_PRINTSTACKTRACE' priority='INFO'> <name>Style - Method prints the stack trace to the console</name> <configKey>IMC_IMMATURE_CLASS_PRINTSTACKTRACE</configKey> <description><p>This method prints a stack trace to the console. This is non configurable, and causes an application to look unprofessional. Switch to using loggers so that users can control what is logged and where.</p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_WRONG_FIELD_ORDER' priority='INFO'> <name>Style - Class orders instance fields before static fields</name> <configKey>IMC_IMMATURE_CLASS_WRONG_FIELD_ORDER</configKey> <description><p>This class defines fields in an order that is confusing, and not expected by other developers. The standard is for static fields to be listed first, followed by instance fields. When fields are listed out of order, developers may make assumptions about their behaviour that are incorrect and lead to bugs.</p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_UPPER_PACKAGE' priority='INFO'> <name>Style - Class is defined in a package with upper case characters</name> <configKey>IMC_IMMATURE_CLASS_UPPER_PACKAGE</configKey> <description><p>This class is defined within a package that uses upper case letters. Package names are expected to be in the form of all lowercase.</p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_LOWER_CLASS' priority='INFO'> <name>Style - Class does not start with an upper case letter</name> <configKey>IMC_IMMATURE_CLASS_LOWER_CLASS</configKey> <description><p>This class has been given a name that does not start with an upper case letter. Classes should follow a pattern of uppercasing the first letter of each word, AsAnExample</p></description> <tag>style</tag> </rule> <rule key='IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID' priority='MAJOR'> <name>Correctness - Class defines a computed serialVersionUID that doesn't equate to the calculated value</name> <configKey>IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID</configKey> <description><p>This serializable class defines a serialVersionUID that appears to be a computed value, however the value does not match the computed value, and thus losses it's value as version indicator. Either create a custom value like 1, 2, 3, 4.. etc, or recompute the serialVersionUID using your IDE.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='IMC_IMMATURE_CLASS_VAR_NAME' priority='MAJOR'> <name>Correctness - Class defines a field or local variable named 'var'</name> <configKey>IMC_IMMATURE_CLASS_VAR_NAME</configKey> <description><p>A field or variable is named 'var' which will conflict with the built in Java 10 feature using 'var' as a keyword.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JXI_GET_ENDPOINT_CONSUMES_CONTENT' priority='MAJOR'> <name>Correctness - JAX-RS Method implements a GET request but consumes input</name> <configKey>JXI_GET_ENDPOINT_CONSUMES_CONTENT</configKey> <description><p>This JAX-RS endpoint is annotated to be used with @GET requests, but also documents that it consumes JSON or XML data. Since a GET request pulls parameters from the URL, and not the body of the request, this pattern is problematic. If you wish to consume JSON or XML data, this request should be annotated with @POST.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JXI_INVALID_CONTEXT_PARAMETER_TYPE' priority='MAJOR'> <name>Correctness - JAX-RS Method specifies an invalid @Context parameter type</name> <configKey>JXI_INVALID_CONTEXT_PARAMETER_TYPE</configKey> <description><p>This JAX-RS endpoint annotates a parameter with a @Context annotation. This annotation can supply values for the following types: <ul> <li>javax.ws.rs.core.UriInfo</li> <li>javax.ws.rs.core.HttpHeaders</li> <li>javax.ws.rs.core.Request</li> <li>javax.ws.rs.core.SecurityContext</li> <li>javax.ws.rs.ext.Providers</li> <li>javax.servlet.ServletConfig</li> <li>javax.servlet.ServletContext</li> <li>javax.servlet.HttpServletRequest</li> <li>javax.servlet.HttpServletResponse</li> </ul> It is possible that your container can supply additional types, but these types are not standard and may not be supported on other application servers.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JXI_PARM_PARAM_NOT_FOUND_IN_PATH' priority='MAJOR'> <name>Correctness - JAX-RS Method specifies non-resolveable @PathParam</name> <configKey>JXI_PARM_PARAM_NOT_FOUND_IN_PATH</configKey> <description><p>This JAX-RS endpoint has a @PathParam specified that is not found in the @Path annotation and thus can not determine from where to populate that parameter.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JXI_UNDEFINED_PARAMETER_SOURCE_IN_ENDPOINT' priority='MAJOR'> <name>Correctness - JAX-RS Method defines a parameter that has no @*Param or @Context annotation, or @Consumes method annotation</name> <configKey>JXI_UNDEFINED_PARAMETER_SOURCE_IN_ENDPOINT</configKey> <description><p>This JAX-RS endpoint declares a parameter without specifying where the value of this parameter comes from. You can specify this by using one of several 'Param' annotations (@PathParam, @CookieParam, @FormParam @HeaderParam @MatrixParam @QueryParam), by adding a @Context parameter annotation, or you can declare that the method @Consumes an XML or JSON stream.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_TRANSACTION_ON_NON_PUBLIC_METHOD' priority='MAJOR'> <name>Correctness - Method has a Spring @Transactional annotation on it, but is non-public</name> <configKey>JPAI_TRANSACTION_ON_NON_PUBLIC_METHOD</configKey> <description><p>This method specifies a Spring @Transactional annotation but the method is defined as being non-public. Spring only creates transactional boundaries on methods that are public, and so this annotation is not doing anything for this method. Make the method public, or place the annotation on a more appropriate method.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_HC_EQUALS_ON_MANAGED_ENTITY' priority='MAJOR'> <name>Correctness - JPA Entity with Generated @Id defined with hashCode/equals</name> <configKey>JPAI_HC_EQUALS_ON_MANAGED_ENTITY</configKey> <description><p>This class is defined to be a JPA Entity, and has an @Id field that is generated by the JPA provider. Since you do not control when that Id is created directly, it is risky to implement hashCode/equals for this class, and especially for use with Collections, as the data behind the algorithms will not be immutable, and thus cause problems when those fields change, and the object is in the collection. It is usually safer to not define hashCode and equals for entity objects, but treat them as objects for IdentityHashSet/Maps instead.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_NON_PROXIED_TRANSACTION_CALL' priority='MAJOR'> <name>Correctness - Method annotated with @Transactional is called from a non Spring proxy</name> <configKey>JPAI_NON_PROXIED_TRANSACTION_CALL</configKey> <description><p>This method call is to a method that has a @Transactional annotation on it. However, since this call is from the same class, it is not going through any Spring proxy, and thus the transactional quality of this method is completely lost. @Transactional methods must always be called through a Spring bean that is autowired.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_INEFFICIENT_EAGER_FETCH' priority='MAJOR'> <name>Correctness - OneToMany join specifies 1+n EAGER join</name> <configKey>JPAI_INEFFICIENT_EAGER_FETCH</configKey> <description><p>This JPA entity specifies a @OneToMany join with a fetch type of EAGER. By default EAGER joins perform select operations on each element returned from the original query in sequence, thus producing 1 + n queries. If you are going to use EAGER joins, it is wise to specify a Join type by using @Fetch annotations in Hibernate or @JoinFetch/@BatchFetch annotations (or hints) in EclipseLink, for example. Even so, these annotations may only apply in limited cases, such as in the use of find.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_IGNORED_MERGE_RESULT' priority='MAJOR'> <name>Correctness - Method ignores the return value of EntityManager.merge</name> <configKey>JPAI_IGNORED_MERGE_RESULT</configKey> <description><p>This method calls EntityManager.merge, and throws away the resultant value. This result is the managed entity version of the potentially unmanaged object that was passed to merge. You should use the returned managed entity for any further use.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_NON_SPECIFIED_TRANSACTION_EXCEPTION_HANDLING' priority='MAJOR'> <name>Correctness - Method does not specify how to handle transaction when exception is thrown</name> <configKey>JPAI_NON_SPECIFIED_TRANSACTION_EXCEPTION_HANDLING</configKey> <description><p>This method declares that it throws one or more non-runtime exceptions. It also is annotated with a @Transactional annotation but fails to describe whether to rollback the transaction or not based on this thrown exception. Use 'rollbackFor' or 'noRollbackFor' attributes of the Transactional annotation to document this.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='JPAI_UNNECESSARY_TRANSACTION_EXCEPTION_HANDLING' priority='MAJOR'> <name>Correctness - Method declares handling a transactional exception that won't be thrown</name> <configKey>JPAI_UNNECESSARY_TRANSACTION_EXCEPTION_HANDLING</configKey> <description><p>This method declares that it either rolls back or does not rollback a transaction based on an expected exception being thrown. However, neither this exception, nor any derived exceptions can be thrown from this method, and so the annotation is useless.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SEO_SUBOPTIMAL_EXPRESSION_ORDER' priority='MAJOR'> <name>Performance - Method orders expressions in a conditional in a sub optimal way</name> <configKey>SEO_SUBOPTIMAL_EXPRESSION_ORDER</configKey> <description><p>This method builds a conditional expression, for example, in an <code>if</code> or <code>while</code> statement, where the expressions contain both simple local variable comparisons and comparisons on method calls. The expression orders these so that the method calls come before the simple local variable comparisons. This causes method calls to be executed in conditions when they do not need to be, and thus potentially causes a lot of code to be executed for nothing. By ordering the expressions so that the simple conditions containing local variable conditions are first, you eliminate this waste. This assumes that the method calls do not have side effects. If the methods do have side effects, it is probably a better idea to pull these calls out of the condition and execute them first, assigning a value to a local variable. In this way you give a hint that the call may have side effects.</p> <p>Example: <pre><code> if ((calculateHaltingProbability() &gt; 0) && shouldCalcHalting) { } </code></pre> would be better as <pre><code> if (shouldCalcHalting && (calculateHaltingProbability() &gt; 0) { } </code></pre> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='IOI_DOUBLE_BUFFER_COPY' priority='MAJOR'> <name>Performance - Method passes a Buffered Stream/Reader/Writer to a already buffering copy method</name> <configKey>IOI_DOUBLE_BUFFER_COPY</configKey> <description><p>This method copies data from input to output using streams or reader/writers using a well known copy method, from java.nio, commons-io, springframework, guava or poi. These methods are efficient in that they copy these files using buffers. However, this method is also buffering the streams, causing a double buffering to occur. So data first goes to one buffer, then is copied to another buffer, before making it to the destination (or vice-versa). This just causes the copy operation to be inefficient both from a time perspective and a memory allocation one. When using these copy methods, do not pass buffered streams/readers/writers.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='IOI_COPY_WITH_READER' priority='MAJOR'> <name>Performance - Method performs bulk stream copy with a java.io.Reader derived input</name> <configKey>IOI_COPY_WITH_READER</configKey> <description><p>This method copies data from a java.io.Reader derived class to an output class, using a bulk copy method supplied by java.nio, commons-io, springframework, guava or poi. Since you are copying the entire stream, you don't care about its contents, and thus using a Reader is wasteful, as a reader has to do the hard work of converting byte data to characters, when there is no need to do this. Use stream based inputs for better performance.</p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='IOI_USE_OF_FILE_STREAM_CONSTRUCTORS' priority='MAJOR'> <name>Performance - Method uses a FileInputStream or FileOutputStream constructor</name> <configKey>IOI_USE_OF_FILE_STREAM_CONSTRUCTORS</configKey> <description><p>This method creates and uses a java.io.FileInputStream or java.io.FileOutputStream object. Unfortunately both of these classes implement a finalize method, which means that objects created will likely hang around until a full garbage collection occurs, which will leave excessive garbage on the heap for longer, and potentially much longer than expected. Java 7 introduced two ways to create streams for reading and writing files that do not have this concern. You should consider switching from these above classes to <code> InputStream is = java.nio.file.Files.newInputStream(myfile.toPath()); OutputStream os = java.nio.file.Files.newOutputStream(myfile.toPath()); </code> </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='IOI_UNENDED_ZLIB_OBJECT' priority='MAJOR'> <name>Performance - Method creates a ZLIB Inflater or Deflater and doesn't appear to end() it</name> <configKey>IOI_UNENDED_ZLIB_OBJECT</configKey> <description><p>This method constructs a java.util.zip.Inflater or java.util.zip.Deflater and does not appear to call end() on it. This will cause a potentially large amount of memory to hang around inside the object until the object gets garbage collected. To avoid this unnecessary bloat, put a call to end() in a finally block of the code where you are using this instance. </p></description> <tag>performance</tag> <tag>bug</tag> </rule> <rule key='DMC_DUBIOUS_MAP_COLLECTION' priority='MAJOR'> <name>Correctness - Class holds a map-type field, but uses it as only a List</name> <configKey>DMC_DUBIOUS_MAP_COLLECTION</configKey> <description><p>This method instantiates a map-type field in a static initializer or constructor, but then only uses it through iteration. This means that this data structure should really just be a List&lt;SomeObject&gt;, where the class held by the list contains the two fields held by the key and value of the Map. It was likely done this way to avoid having to create a class, but this just obfuscates the purpose of the field. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='BL_BURYING_LOGIC' priority='INFO'> <name>Style - Method buries logic to the right (indented) more than it needs to be</name> <configKey>BL_BURYING_LOGIC</configKey> <description><p>Looks for relatively large <code>if</code> blocks of code, where you unconditionally return from them, and then follow that with an unconditional return of a small block. This places the bulk of the logic to the right indentation-wise, making it more difficult to read than needed. It would be better to invert the logic of the if block, and immediately return, allowing the bulk of the logic to be move to the left for easier reading.</p></description> <tag>style</tag> </rule> <rule key='WI_DUPLICATE_WIRED_TYPES' priority='MAJOR'> <name>Correctness - Class auto wires the same object into two separate fields in a class hierarchy</name> <configKey>WI_DUPLICATE_WIRED_TYPES</configKey> <description><p>This class has two fields in either itself or a parent class, which autowire (without specialization) the same object for both fields. This is likely caused by a developer just not being aware that the field already is available for your use, and just causes wasted space, and confuses code access to the same object through two different pathways.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='WI_MANUALLY_ALLOCATING_AN_AUTOWIRED_BEAN' priority='MAJOR'> <name>Correctness - Method allocates an object with new when the class is defined as an autowireable bean</name> <configKey>WI_MANUALLY_ALLOCATING_AN_AUTOWIRED_BEAN</configKey> <description><p>This method allocates an object with new, but the class of the object that is being created is marked with a Spring annotation denoting that this class is to be used through an @Autowire annotation. Allocating it with <code>new</code> will likely mean that fields on the class will not be autowired, but instead be null. You should just autowire an instance of this class into the class in question, or if need be, use Spring's getBean(name) method to fetch one.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY' priority='MAJOR'> <name>Correctness - Method gets and sets a value of a ConcurrentHashMap in a racy manner</name> <configKey>CCI_CONCURRENT_COLLECTION_ISSUES_USE_PUT_IS_RACY</configKey> <description><p>This method retrieves the value of a key from a ConcurrentHashMap, where the value is itself a collection. It checks this value for null, and if it is so, creates a new collection and places it in the map. This may cause thread race conditions where two threads overwrite each other's values. You should be using <code> ConcurrentHashMap.putIfAbsent(K, V) </code> instead.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UTWR_USE_TRY_WITH_RESOURCES' priority='INFO'> <name>Style - Method manually handles closing an auto-closeable resource</name> <configKey>UTWR_USE_TRY_WITH_RESOURCES</configKey> <description>[ <p>This method allocates and uses an auto closeable resource. However, it manually closes the resource in a finally block. While this is correct management, it doesn't rely on the idiomatic way available to JDK 7 and above, allows for possible subtle problems, and complicates the reading of code by developers expecting the use of try-with-resources. </p> <p>Switch to using try with resources, as: <pre> try (InputStream is = getAStream()) { useTheStream(is); } </pre></description> <tag>style</tag> </rule> <rule key='SSCU_SUSPICIOUS_SHADED_CLASS_USE' priority='MAJOR'> <name>Correctness - Method calls a method from a class that has been shaded by a 3rdparty jar</name> <configKey>SSCU_SUSPICIOUS_SHADED_CLASS_USE</configKey> <description><p>This method calls a method found in a 3rd-party library, which appears to be shaded from another 3rd-party library. This occurs when a jar includes other code that uses tools like the maven shade plugin. It is likely you wanted to use the "first-class" class from the original jar, rather than the class with the shaded package structure, but your IDE pulled in the wrong import.</p> <p>An example might be, you attempted to use a method from the class: <pre><code> com.google.common.collect.Sets </code></pre> But instead, you import: <pre><code> org.apache.jena.ext.com.google.common.collect.Sets </code></pre> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES' priority='MAJOR'> <name>Correctness - Method of Singleton class writes to a field in an unsynchronized manner</name> <configKey>USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES</configKey> <description><p>This method writes to a field of this class. Since this class is seen as a Singleton this can produce race conditions, or cause non-visible changes to other threads, because the field isn't accessed synchronously.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='OI_OPTIONAL_ISSUES_USES_IMMEDIATE_EXECUTION' priority='MAJOR'> <name>Correctness - Method uses immediate execution of a block of code that is often not used</name> <configKey>OI_OPTIONAL_ISSUES_USES_IMMEDIATE_EXECUTION</configKey> <description><p>This method uses the Optional.orElse() method passing in some code that will execute immediately, whether or not the else case of the Optional is needed. This may cause incorrect side effects to happen, or at the minimum, code to execute for no reason. It would be better to use Optional.orElseGet()</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='OI_OPTIONAL_ISSUES_USES_DELAYED_EXECUTION' priority='MAJOR'> <name>Correctness - Method uses delayed execution of a block of code that is trivial</name> <configKey>OI_OPTIONAL_ISSUES_USES_DELAYED_EXECUTION</configKey> <description><p>This method uses the Optional.orElseGet() method passing in a simple variable or constant value. As this value takes no time to execute and causes no side effects, the use of Optional.orElseGet is unnecessary and potentially confusing. You can use Optional.orElse() instead.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='OI_OPTIONAL_ISSUES_CHECKING_REFERENCE' priority='MAJOR'> <name>Correctness - Method checks an Optional reference for null</name> <configKey>OI_OPTIONAL_ISSUES_CHECKING_REFERENCE</configKey> <description><p>This method compares an Optional reference variable against null. As the whole point of the Optional class is to avoid the null pointer exception, this use pattern is highly suspect. The code should always make sure the Optional reference is valid, and should count on the APIs of this class to check for the held reference instead.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='OI_OPTIONAL_ISSUES_PRIMITIVE_VARIANT_PREFERRED' priority='MAJOR'> <name>Correctness - Method uses a java.util.Optional when use of OptionalInt, OptionalLong, OptionalDouble would be more clear</name> <configKey>OI_OPTIONAL_ISSUES_PRIMITIVE_VARIANT_PREFERRED</configKey> <description><p>This method creates an Optional object to hold an int, double or long. In these cases it is more natural to use the Optional variants OptionalInt, OptionalDouble and OptionalLong. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='OI_OPTIONAL_ISSUES_USES_ORELSEGET_WITH_NULL' priority='MAJOR'> <name>Correctness - Method uses Optional.orElseGet(null)</name> <configKey>OI_OPTIONAL_ISSUES_USES_ORELSEGET_WITH_NULL</configKey> <description><p>This method uses Optional.orElseGet(null). This method is supposed to to receive a lambda expression for what to execute when the Optional is not there. If you want to just return null, use Optional.orElse(null) instead. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT' priority='MAJOR'> <name>Correctness - Method constructs a Date object, merely to convert it to an Instant object</name> <configKey>UAC_UNNECESSARY_API_CONVERSION_DATE_TO_INSTANT</configKey> <description><p>This method creates a java.time.Instant object by first creating a java.util.Date object, and then calling toInstant() on it. It is simpler to just construct the Instant object directly, say by using {@code Instant.now()} to get the current time, of by using {@code Instant.parse(CharSequence)} to convert a String. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH' priority='MAJOR'> <name>Correctness - Method constructs a File object, merely to convert it to a Path object</name> <configKey>UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH</configKey> <description><p>This method creates a java.nio.file.Path object by first creating a java.io.File object, and then calling toPath() on it. It is simpler to just construct the Path object directly, say by using {@code Paths.get(String...)}. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='RFI_SET_ACCESSIBLE' priority='MAJOR'> <name>Correctness - Method uses AccessibleObject.setAccessible to modify accessibility of classes</name> <configKey>RFI_SET_ACCESSIBLE</configKey> <description><p>This method uses the reflective setAccessible method to alter the behavior of methods and fields in classes in ways that were not expected to be accessed by the author. Doing so circumvents the protections that the author provided through the class definition, and may expose your application to unexpected side effects and problems. This functionality is deprecated in Java 9, and in Java 10 it is expected that this functionality won't work at all.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='AI_ANNOTATION_ISSUES_NEEDS_NULLABLE' priority='MAJOR'> <name>Correctness - Method that can return null, is missing a @Nullable annotation</name> <configKey>AI_ANNOTATION_ISSUES_NEEDS_NULLABLE</configKey> <description><p>This method can return null, but is not annotated with an @Nullable annotation. Without this annotation, various IDEs, and static analysis tools may not be able to fully discover possible NullPointerExceptions in your code. By adding these annotations, you will discover problems around null-ness, more easily.</p> <p>Unfortunately there isn't just one @Nullable annotation, but this detector will recognize:</p> <ul> <li>org.jetbrains.annotations.Nullable</li> <li>javax.annotation.Nullable</li> <li>javax.annotation.CheckForNull</li> <li>edu.umd.cs.findbugs.annotations.Nullable</li> <li>org.springframework.lang.Nullable</li> <li>android.support.annotations.Nullable</li> </ul> <p> You can supply a comma separated list of classes that are custom Nullable Annotations if you desire, by using the system property -Dfb-contrib.ai.annotations="com.acme.Foo,com.acme.Boo" when run.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MUI_CALLING_SIZE_ON_SUBCONTAINER' priority='MAJOR'> <name>Correctness - Method calls size() on a sub collection of a Map</name> <configKey>MUI_CALLING_SIZE_ON_SUBCONTAINER</configKey> <description><p>This method calls <code>size</code> on the keySet(), entrySet() or values() collections of a Map. These sub collections will have the same size as the base Map and so it is just simpler to call size on that Map. Calling size() on one of these sub collections will causes unnecessary allocations to occur. </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MUI_CONTAINSKEY_BEFORE_GET' priority='MAJOR'> <name>Correctness - Method check a map with containsKey(), before using get()</name> <configKey>MUI_CONTAINSKEY_BEFORE_GET</configKey> <description><p>This method checks for the presence of a key in a map using containsKey(), before attempting to fetch the value of the key using get(). This equates to doing two map lookups in a row. It is much simpler to just fetch the value with get, and checking for non null instead.</p> <p>As an example, instead of using <code> <pre> Map<String, String> myMap = getSomeMap(); if (myMap.containsKey("foo")) { String value = myMap.get("foo"); .... } </pre> </code> convert this to <code> <pre> Map<String, String> myMap = getSomeMap(); String value = myMap.get("foo"); if (value != null) { .... } </pre> </code> </p> <p>The only caveat to this is that if you use a null value in a map to represent a third state for the key, then in this case using containsKey is 'correct'. This means an entry found in the map with a null value is taken differently than no entry at all. However, this is a very subtle programming paradigm, and likely to cause problems. If you wish to mark an entry as not being present, it is better to use a named 'sentinel' value to denote this, so instead of: <code> <pre> Map<String, String> myMap = getSomeMap(); if (myMap.containsKey("foo")) { String value = myMap.get("foo"); .... } </pre> </code> convert this to <code> <pre> Map<String, String> myMap = getSomeMap(); String value = myMap.get("foo"); if (NOT_FOUND.equals(value)) { .... } where NOT_FOUND is some constant that denotes this special status. Of course you will need to find a special sentinel value for each type you are using that isn't possible to have normally. </pre> </code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='MUI_GET_BEFORE_REMOVE' priority='MAJOR'> <name>Correctness - Method gets an item from a map with get(), before using remove()</name> <configKey>MUI_GET_BEFORE_REMOVE</configKey> <description><p>This method fetches the value of an entry in a map using get(K k), and then follows it up with a remove(K k). Since a remove() also returns the value, there is no point for doing the get, and just causes two map lookups to occur when it can be done with just one.</p> <p>As an example, instead of using <code> <pre> Map<String, String> myMap = getSomeMap(); String v = myMap.get("foo")) { myMap.remove("foo"); </pre> </code> convert this to <code> <pre> Map<String, String> myMap = getSomeMap(); String v = myMap.remove("foo"); </pre> </code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LUI_USE_SINGLETON_LIST' priority='MAJOR'> <name>Correctness - Method builds a list from one element using Arrays.asList</name> <configKey>LUI_USE_SINGLETON_LIST</configKey> <description><p>This method builds a list using Arrays.asList(foo), passing in a single element. Arrays.asList needs to first create an array from this one element, and then build a List that wraps this array. It is simpler to use Collections.singletonList(foo), which does not create the array, and produces a far simpler instance of List. Since both of these arrays are immutable (from the List's point of view) they are equivalent from a usage standpoint. </p> <p>There is one difference between Array.asList and Collections.singletonList that you should be mindful of. The rarely used set(index, value) method is allowed to be used with a List created by Array.asList, but not with Collections.singletonList. So if you do use the set(index, value) method continue using Arrays.asList.</description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LUI_USE_GET0' priority='MAJOR'> <name>Correctness - Method uses collection streaming to get first item in a List</name> <configKey>LUI_USE_GET0</configKey> <description><p>This method fetches the first item in a List using collection streaming. As a list is already ordered there is no need to do that, just use the regular get(0) interface.<br/> Example: <code><pre> String s = myList.stream().findFirst().get(); </pre></code> Can be more simply done using <code><pre> String s = myList.get(0); </pre></code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='LUI_USE_COLLECTION_ADD' priority='MAJOR'> <name>Correctness - Method passes a temporary one item list to Collection.addAll()</name> <configKey>LUI_USE_COLLECTION_ADD</configKey> <description><p>This method creates a temporary list using Collections.singletonList, or Arrays.asList with one element in it, and then turns around and calls the addAll() method on another collection. Since you are only adding one element to the collection, it is simpler to just call the add(object) method on the collection you are using and by pass creating the intermediate List.</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_AVOID_CONTAINS_ON_COLLECTED_STREAM' priority='MAJOR'> <name>Correctness - Method calls contains() on a collected lambda expression</name> <configKey>FII_AVOID_CONTAINS_ON_COLLECTED_STREAM</configKey> <description><p>This method builds a collection using lambda expressions with a collect terminal operation. It then immediately calls the contains() method on it, to see if an item is present. This is sub optimal as the lambda still needs to build the entire collection, iterating the entire source list. It is better to use anyMatch() to short circuit the building of the collection. </p> <p> Instead of <code><pre> baubles.stream().map(Bauble::getName).collect(Collectors.toSet()).contains(name) </pre></code> do <code></pre> baubles.stream().anyMatch(b -> name.equals(b.getName())) </pre></code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_USE_METHOD_REFERENCE' priority='MAJOR'> <name>Correctness - Method creates an anonymous lambda expression instead of specifying a method reference</name> <configKey>FII_USE_METHOD_REFERENCE</configKey> <description><p>This method defines an anonymous lambda function to be called to fetch a single value from the passed in value. While this will work, it is needlessly complex as this function merely calls a single getter method on the object, and thus the code can be simplied by just passing in a method reference instead.</p> <p> Instead of <code><pre> baubles.stream().map(b -> b.getName()).collect(Collectors.toSet()) </pre></code> do <code></pre> baubles.stream().map(Bauble::getName).collect(Collectors.toSet()) </pre></code> </p> <h2>Deprecated</h2> <p>This rule is deprecated; use {rule:java:S1612} instead.</p></description> <status>DEPRECATED</status> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_USE_ANY_MATCH' priority='MAJOR'> <name>Correctness - Method suboptimally finds any match in a stream</name> <configKey>FII_USE_ANY_MATCH</configKey> <description><p>This method looks for one item in a stream using filter().findFirst.isPresent() when .anyMatch() will do the same thing more succintly</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_USE_FIND_FIRST' priority='MAJOR'> <name>Correctness - Method collects a List from a stream() just to get the first element</name> <configKey>FII_USE_FIND_FIRST</configKey> <description><p>This method streams data into a List just to call get(0) to get the first item. You can just use findFirst() to short circuit the processing of the stream.</p> <p> Instead of <code><pre> baubles.stream().collect(Collectors.toList()).get(0) </pre></code> do <code></pre> baubles.stream().findFirst().get()) </pre></code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_COMBINE_FILTERS' priority='MAJOR'> <name>Correctness - Method implements a stream using back to back filters</name> <configKey>FII_COMBINE_FILTERS</configKey> <description><p>This method streams data using more than one filter back to back. These can just be combined into one filter</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_USE_FUNCTION_IDENTITY' priority='MAJOR'> <name>Correctness - Method declares an identity lambda function rather than using Function.identity()</name> <configKey>FII_USE_FUNCTION_IDENTITY</configKey> <description><p>This method declares a no-op (identity) lambda method rather than just specifying Function.identity()</p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='FII_AVOID_SIZE_ON_COLLECTED_STREAM' priority='MAJOR'> <name>Correctness - Method calls size() on a collected lambda expression</name> <configKey>FII_AVOID_SIZE_ON_COLLECTED_STREAM</configKey> <description><p>This method builds a collection using lambda expressions with a collect terminal operation. It then immediately calls the size() method on it, to get a count of items. This is sub optimal as the lambda still needs to build the entire collection, iterating the entire source list. It is better to use count() predicate to short circuit the building of the collection. If you were using a Set, then also add the distinct() predicate. </p> <p> Instead of <code><pre> baubles.stream().filter(b -> b.getName("orb")).collect(Collectors.toList()).size()) </pre></code> do <code></pre> baubles.stream().filter(b -> b.getName("orb")).count() </pre></code> or for sets you can use <code></pre> baubles.stream().filter(b -> b.getName("orb")).distinct().count() </pre></code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SUI_CONTAINS_BEFORE_ADD' priority='MAJOR'> <name>Correctness - Method checks for an item in a set with contains, before using add()</name> <configKey>SUI_CONTAINS_BEFORE_ADD</configKey> <description><p>This method checks to see if an element is not in a set before adding it. This is unnecessary as you can just add the item, and if the item exists, it won't add it, otherwise it will.</p> <p>As an example, instead of using <code> <pre> Set<String> mySet = getSomeSet(); if (!mySet.contains("foo")) { mySet.add("foo"); } </pre> </code> convert this to <code> <pre> Set<String> mySet = getSomeSet(); if (mySet.add("foo")) { } </pre> </code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SUI_CONTAINS_BEFORE_REMOVE' priority='MAJOR'> <name>Correctness - Method checks for an item in a set with contains, before using remove()</name> <configKey>SUI_CONTAINS_BEFORE_REMOVE</configKey> <description><p>This method checks to see if an element is in a set before removing it. This is unnecessary as you can just remove the item, and if the item exists, it will return true.</p> <p>As an example, instead of using <code> <pre> Set<String> mySet = getSomeSet(); if (mySet.contains("foo")) { mySet.remove("foo"); } </pre> </code> convert this to <code> <pre> Set<String> mySet = getSomeSet(); if (mySet.remove("foo")) { } </pre> </code> </p></description> <tag>correctness</tag> <tag>bug</tag> </rule> <rule key='SAT_SUSPICIOUS_ARGUMENT_TYPES' priority='MAJOR'> <name>Correctness - This method invokes a method with parameters that seem incorrect for their intended use</name> <configKey>SAT_SUSPICIOUS_ARGUMENT_TYPES</configKey> <description><p>This method calls a method passing arguments that seem incorrect for the intended purpose of the method. Make sure that the argument types are valid</p> <ul> <li><p>For Match.hasEntry it seems unlikely you want to pass a Matcher and non-Matcher at the same time</p></li> </ul></description> <tag>correctness</tag> <tag>bug</tag> </rule> </rules>
© 2015 - 2025 Weber Informatics LLC | Privacy Policy