Sign upLogin

JavaDogs/cws

View on GitHub
Star

Showing 10 of 10 total issues

Method checkNotTooLong has 5 arguments (exceeds 4 allowed). Consider refactoring.
Open

    protected static void checkNotTooLong(final Map<String, String> errors, final String field, final String value, final int maxLength, final String message) {
Severity: Minor
Found in eds-api/src/main/java/net/haugr/eds/api/requests/AbstractRequest.java - About 35 mins to fix

    Method runRequest has 5 arguments (exceeds 4 allowed). Consider refactoring.
    Open

        public static Response runRequest(final Settings settings, final Object bean, final String invokeMethod, final Authentication request, final String logAction) {
    Severity: Minor
    Found in eds-rest/src/main/java/net/haugr/eds/rest/CommonService.java - About 35 mins to fix

      Method checkNotNullEmptyOrTooLong has 5 arguments (exceeds 4 allowed). Consider refactoring.
      Open

          protected static void checkNotNullEmptyOrTooLong(final Map<String, String> errors, final String field, final String value, final int maxLength, final String message) {
      Severity: Minor
      Found in eds-api/src/main/java/net/haugr/eds/api/requests/AbstractRequest.java - About 35 mins to fix

        Method checkIntegerWithMax has 5 arguments (exceeds 4 allowed). Consider refactoring.
        Open

            protected static void checkIntegerWithMax(final Map<String, String> errors, final String field, final int value, final int max, final String message) {
        Severity: Minor
        Found in eds-api/src/main/java/net/haugr/eds/api/requests/AbstractRequest.java - About 35 mins to fix

          Method sanitize has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
          Open

              @Transactional(Transactional.TxType.REQUIRED)
    public void sanitize() {
        clearExpireSessions();
        List<Long> ids = findNextBatch(BLOCK);
        long count = 0;
          Severity: Minor
          Found in eds-core/src/main/java/net/haugr/eds/core/SanitizerBean.java - About 25 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method validate has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
          Open

              @Override
    public Map<String, String> validate() {
        final Map<String, String> errors = super.validate();

        if ((secret == null) == (url == null)) {
          Severity: Minor
          Found in eds-api/src/main/java/net/haugr/eds/api/requests/MasterKeyRequest.java - About 25 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Line length
          Open

          testing to guarantee that the stability will remain high. The build requires Java 21,
          Severity: Info
          Found in README.md by markdownlint

          MD013 - Line length

          Tags: line_length

          Aliases: line-length Parameters: linelength, codeblocks, tables (number; default 80, boolean; default true)

          This rule is triggered when there are lines that are longer than the configured line length (default: 80 characters). To fix this, split the line up into multiple lines.

          This rule has an exception where there is no whitespace beyond the configured line length. This allows you to still include items such as long URLs without being forced to break them in the middle.

          You also have the option to exclude this rule for code blocks and tables. To do this, set the code_blocks and/or tables parameters to false.

          Code blocks are included in this rule by default since it is often a requirement for document readability, and tentatively compatible with code rules. Still, some languages do not lend themselves to short lines.

          Not following: release/bin/edsFunctions.sh: openFile: does not exist (No such file or directory)
          Open

          source release/bin/edsFunctions.sh
          Severity: Minor
          Found in accessories/docker.sh by shellcheck

          Not following: (error message here)

          Reasons include: file not found, no permissions, not included on the command line, not allowing shellcheck to follow files with -x, etc.

          Problematic code:

          source somefile

          Correct code:

          # shellcheck disable=SC1091
source somefile

          Rationale:

          ShellCheck, for whichever reason, is not able to access the source file.

          This could be because you did not include it on the command line, did not use shellcheck -x to allow following other files, don't have permissions or a variety of other problems.

          Feel free to ignore the error with a [[directive]].

          Exceptions:

          If you're fine with it, ignore the message with a [[directive]].

          Notice

          Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

          Line length
          Open

          is supported, but thanks to the flexibility of Jakarta EE, it is possible to use any
          Severity: Info
          Found in README.md by markdownlint

          MD013 - Line length

          Tags: line_length

          Aliases: line-length Parameters: linelength, codeblocks, tables (number; default 80, boolean; default true)

          This rule is triggered when there are lines that are longer than the configured line length (default: 80 characters). To fix this, split the line up into multiple lines.

          This rule has an exception where there is no whitespace beyond the configured line length. This allows you to still include items such as long URLs without being forced to break them in the middle.

          You also have the option to exclude this rule for code blocks and tables. To do this, set the code_blocks and/or tables parameters to false.

          Code blocks are included in this rule by default since it is often a requirement for document readability, and tentatively compatible with code rules. Still, some languages do not lend themselves to short lines.

          Use a dynamically-generated, random IV.
          Open

                                  new IvParameterSpec(((SecretEDSKey) key).getSalt().getBytes());
          Severity: Critical
          Found in eds-core/src/main/java/net/haugr/eds/core/jce/Crypto.java by sonar-java

          When encrypting data with the Cipher Block Chaining (CBC) mode an Initialization Vector (IV) is used to randomize the encryption, ie under a given key the same plaintext doesn't always produce the same ciphertext. The IV doesn't need to be secret but should be unpredictable to avoid "Chosen-Plaintext Attack".

          To generate Initialization Vectors, NIST recommends to use a secure random number generator.

          Noncompliant Code Example

          public class MyCbcClass {

  public String applyCBC(String strKey, String plainText) {
    byte[] bytesIV = "7cVgr5cbdCZVw5WY".getBytes("UTF-8");

    /* KEY + IV setting */
    IvParameterSpec iv = new IvParameterSpec(bytesIV);
    SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");

    /* Ciphering */
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);  // Noncompliant: the IV is hard coded and thus not generated with a secure random generator
    byte[] encryptedBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
    return DatatypeConverter.printBase64Binary(bytesIV)
            + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);
  }
}

          Compliant Solution

          public class MyCbcClass {

  SecureRandom random = new SecureRandom();

  public String applyCBC(String strKey, String plainText) {
    byte[] bytesIV = new byte[16];
    random.nextBytes(bytesIV);

    /* KEY + IV setting */
    IvParameterSpec iv = new IvParameterSpec(bytesIV);
    SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");

    /* Ciphering */
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); // Compliant
    byte[] encryptedBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
    return DatatypeConverter.printBase64Binary(bytesIV)
            + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);
  }
}

          See

          Severity
          Category
          Status
          Source
          Language