Showing 1,632 of 1,632 total issues
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Using the '.*' form of import should be avoided - org.apache.sling.models.annotations.injectorspecific.*. Open
import org.apache.sling.models.annotations.injectorspecific.*;
- Read upRead up
- Exclude checks
Checks that there are no import statements that use the *
notation.
Rationale: Importing all classes from a package or staticmembers from a class leads to tight coupling between packagesor classes and might lead to problems when a new version of alibrary introduces name clashes.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Line does not match expected header line of ' ?* ACS AEM Commons[A-Za-z ]* Bundle'. Open
* ACS AEM Commons
- Read upRead up
- Exclude checks
Checks the header of a source file against a header that contains aregular expression for each line of the source header.
Rationale: In some projects checking against afixed header is not sufficient, e.g. the header might require acopyright line where the year information is not static.
For example, consider the following header:
<source><br>line 1: ^/{71}$<br>line 2: ^// checkstyle:$<br>line 3: ^// Checks Java source code for adherence to a set of rules\.$<br>line 4: ^// Copyright \(C\) \d\d\d\d Oliver Burn$<br>line 5: ^// Last modification by \$Author.*\$$<br>line 6: ^/{71}$<br>line 7:<br>line 8: ^package<br>line 9:<br>line 10: ^import<br>line 11:<br>line 12: ^/\*\*<br>line 13: ^ \*([^/]|$)<br>line 14: ^ \*/<br> </source>Lines 1 and 6 demonstrate a more compact notation for 71 '/'characters. Line 4 enforces that the copyright notice includes afour digit year. Line 5 is an example how to enforce revisioncontrol keywords in a file header. Lines 12-14 is a template forjavadoc (line 13 is so complicated to remove conflict with and ofjavadoc comment). Lines 7, 9 and 11 will be treated as '^$' andwill forcefully expect the line to be empty.
Different programming languages have different comment syntaxrules, but all of them start a comment with a non-wordcharacter. Hence you can often use the non-word characterclass to abstract away the concrete comment syntax and allowchecking the header for different languages with a singleheader definition. For example, consider the following headerspecification (note that this is not the full Apache licenseheader):
<source><br>line 1: ^#!<br>line 2: ^<\?xml.*>$<br>line 3: ^\W*$<br>line 4: ^\W*Copyright 2006 The Apache Software Foundation or its licensors, as applicable\.$<br>line 5: ^\W*Licensed under the Apache License, Version 2\.0 \(the "License"\);$<br>line 6: ^\W*$<br> </source>Lines 1 and 2 leave room for technical header lines, e.g. the"#!/bin/sh" line in Unix shell scripts, or the XML file headerof XML files. Set the multiline property to "1, 2" so theselines can be ignored for file types where they do no apply.Lines 3 through 6 define the actual header content. Note howlines 2, 4 and 5 use escapes for characters that have specialregexp semantics.
In default configuration, if header is not specified, the default valueof header is set to null and the check does not rise any violations.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Class contains more than one logger. Open
public class NamedTransformImageServlet extends SlingSafeMethodsServlet implements OptingServlet {
private static final Logger log = LoggerFactory.getLogger(NamedTransformImageServlet.class);
private static final Logger AVOID_USAGE_LOGGER =
- Read upRead up
- Exclude checks
MoreThanOneLogger
Since: PMD 2.0
Priority: Medium High
Categories: Style
Remediation Points: 50000
Normally only one logger is used in each class.
Example:
public class Foo {
Logger log = Logger.getLogger(Foo.class.getName());
// It is very rare to see two loggers on a class, normally
// log information is multiplexed by levels
Logger log2= Logger.getLogger(Foo.class.getName());
}
Define and throw a dedicated exception instead of using a generic one. Open
public List<MarketoField> load(MarketoClientConfiguration config) throws Exception {
- Read upRead up
- Exclude checks
Using such generic exceptions as Error
, RuntimeException
, Throwable
, and Exception
prevents
calling methods from handling true, system-generated exceptions differently than application-generated errors.
Noncompliant Code Example
public void foo(String bar) throws Throwable { // Noncompliant throw new RuntimeException("My Message"); // Noncompliant }
Compliant Solution
public void foo(String bar) { throw new MyOwnRuntimeException("My Message"); }
Exceptions
Generic exceptions in the signatures of overriding methods are ignored, because overriding method has to follow signature of the throw declaration in the superclass. The issue will be raised on superclass declaration of the method (or won't be raised at all if superclass is not part of the analysis).
@Override public void myMethod() throws Exception {...}
Generic exceptions are also ignored in the signatures of methods that make calls to methods that throw generic exceptions.
public void myOtherMethod throws Exception { doTheThing(); // this method throws Exception }
See
- MITRE, CWE-397 - Declaration of Throws for Generic Exception
- CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable
Provide the parametrized type for this generic. Open
for (Map.Entry entry : nodeInfo.entrySet()) {
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Define and throw a dedicated exception instead of using a generic one. Open
public void parseTags(ActionManager manager) throws Exception {
- Read upRead up
- Exclude checks
Using such generic exceptions as Error
, RuntimeException
, Throwable
, and Exception
prevents
calling methods from handling true, system-generated exceptions differently than application-generated errors.
Noncompliant Code Example
public void foo(String bar) throws Throwable { // Noncompliant throw new RuntimeException("My Message"); // Noncompliant }
Compliant Solution
public void foo(String bar) { throw new MyOwnRuntimeException("My Message"); }
Exceptions
Generic exceptions in the signatures of overriding methods are ignored, because overriding method has to follow signature of the throw declaration in the superclass. The issue will be raised on superclass declaration of the method (or won't be raised at all if superclass is not part of the analysis).
@Override public void myMethod() throws Exception {...}
Generic exceptions are also ignored in the signatures of methods that make calls to methods that throw generic exceptions.
public void myOtherMethod throws Exception { doTheThing(); // this method throws Exception }
See
- MITRE, CWE-397 - Declaration of Throws for Generic Exception
- CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable
Refactor this repetition that can lead to a stack overflow for large inputs. Open
private static final Pattern ACCEPT_PATTERN = Pattern.compile("^\\s*([a-zA-Z_-]+\\[[^]]+\\]\\s+)+\\{\\{(.+)}}\\s*$");
- Read upRead up
- Exclude checks
The Java regex engine uses recursive method calls to implement backtracking. Therefore when a repetition inside a regular expression contains
multiple paths (i.e. the body of the repetition contains an alternation (|
), an optional element or another repetition), trying to match
the regular expression can cause a stack overflow on large inputs. This does not happen when using a possessive quantifier (such as *+
instead of *
) or when using a character class inside a repetition (e.g. [ab]*
instead of (a|b)*
).
The size of the input required to overflow the stack depends on various factors, including of course the stack size of the JVM. One thing that significantly increases the size of the input that can be processed is if each iteration of the repetition goes through a chain of multiple constant characters because such consecutive characters will be matched by the regex engine without invoking any recursion.
For example, on a JVM with a stack size of 1MB, the regex (?:a|b)*
will overflow the stack after matching around 6000 characters
(actual numbers may differ between JVM versions and even across multiple runs on the same JVM) whereas (?:abc|def)*
can handle around
15000 characters.
Since often times stack growth can't easily be avoided, this rule will only report issues on regular expressions if they can cause a stack overflow
on realistically sized inputs. You can adjust the maxStackConsumptionFactor
parameter to adjust this.
Noncompliant Code Example
Pattern.compile("(a|b)*"); // Noncompliant Pattern.compile("(.|\n)*"); // Noncompliant Pattern.compile("(ab?)*"); // Noncompliant
Compliant Solution
Pattern.compile("[ab]*"); // Character classes don't cause recursion the way that '|' does Pattern.compile("(?s).*"); // Enabling the (?s) flag makes '.' match line breaks, so '|\n' isn't necessary Pattern.compile("(ab?)*+"); // Possessive quantifiers don't cause recursion because they disable backtracking
Refactor this method to reduce its Cognitive Complexity from 23 to the 15 allowed. Open
private String processPropertyPath(ValueMap assetProperties, Node childElement, String assetPath) {
- Read upRead up
- Exclude checks
Cognitive Complexity is a measure of how hard the control flow of a method is to understand. Methods with high Cognitive Complexity will be difficult to maintain.
See
Provide the parametrized type for this generic. Open
Map jwtClaims = new HashMap<>();
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Define and throw a dedicated exception instead of using a generic one. Open
protected final void doActivate(ComponentContext context) throws Exception {
- Read upRead up
- Exclude checks
Using such generic exceptions as Error
, RuntimeException
, Throwable
, and Exception
prevents
calling methods from handling true, system-generated exceptions differently than application-generated errors.
Noncompliant Code Example
public void foo(String bar) throws Throwable { // Noncompliant throw new RuntimeException("My Message"); // Noncompliant }
Compliant Solution
public void foo(String bar) { throw new MyOwnRuntimeException("My Message"); }
Exceptions
Generic exceptions in the signatures of overriding methods are ignored, because overriding method has to follow signature of the throw declaration in the superclass. The issue will be raised on superclass declaration of the method (or won't be raised at all if superclass is not part of the analysis).
@Override public void myMethod() throws Exception {...}
Generic exceptions are also ignored in the signatures of methods that make calls to methods that throw generic exceptions.
public void myOtherMethod throws Exception { doTheThing(); // this method throws Exception }
See
- MITRE, CWE-397 - Declaration of Throws for Generic Exception
- CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable
Remove this unused method parameter "service". Open
protected final void unbindEnsureAuthorizable(final EnsureAuthorizable service, final Map<Object, Object> props) {
- Read upRead up
- Exclude checks
Unused parameters are misleading. Whatever the values passed to such parameters, the behavior will be the same.
Noncompliant Code Example
void doSomething(int a, int b) { // "b" is unused compute(a); }
Compliant Solution
void doSomething(int a) { compute(a); }
Exceptions
The rule will not raise issues for unused parameters:
- that are annotated with
@javax.enterprise.event.Observes
- in overrides and implementation methods
- in interface
default
methods - in non-private methods that only
throw
or that have empty bodies - in annotated methods, unless the annotation is
@SuppressWarning("unchecked")
or@SuppressWarning("rawtypes")
, in which case the annotation will be ignored - in overridable methods (non-final, or not member of a final class, non-static, non-private), if the parameter is documented with a proper javadoc.
@Override void doSomething(int a, int b) { // no issue reported on b compute(a); } public void foo(String s) { // designed to be extended but noop in standard case } protected void bar(String s) { //open-closed principle } public void qix(String s) { throw new UnsupportedOperationException("This method should be implemented in subclasses"); } /** * @param s This string may be use for further computation in overriding classes */ protected void foobar(int a, String s) { // no issue, method is overridable and unused parameter has proper javadoc compute(a); }
See
- CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
Provide the parametrized type for this generic. Open
private String getName(Enum e) {
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Provide the parametrized type for this generic. Open
Class clazz = (Class) type.getActualTypeArguments()[0];
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Rename this method to not match a restricted identifier. Open
private void record(String path, String action, String description) {
- Read upRead up
- Exclude checks
Even if it is technically possible, Restricted Identifiers should not be used as identifiers. This is only possible for compatibility reasons, using it in Java code is confusing and should be avoided.
Note that this applies to any version of Java, including the one where these identifiers are not yet restricted, to avoid future confusion.
This rule reports an issue when restricted identifiers:
- var
- yield
- record
are used as identifiers.
Noncompliant Code Example
var var = "var"; // Noncompliant: compiles but this code is confusing var = "what is this?"; int yield(int i) { // Noncompliant return switch (i) { case 1: yield(0); // This is a yield from switch expression, not a recursive call. default: yield(i-1); }; } String record = "record"; // Noncompliant
Compliant Solution
var myVariable = "var"; int minusOne(int i) { return switch (i) { case 1: yield(0); default: yield(i-1); }; } String myRecord = "record";