Sign upLogin

codeclimate/sonar-wrapper

View on GitHub
Star

Showing 13 of 18 total issues

Method execute has 5 arguments (exceeds 4 allowed). Consider refactoring.
Open

    public void execute(String projectName, Date date, Collection<Trackable> trackables, AnalysisResults result, Function<String, RuleDetails> ruleDescriptionProducer) {
Severity: Minor
Found in src/main/java/cc/report/JsonReport.java - About 35 mins to fix

    Replace this use of System.out or System.err by a logger.
    Open

        this.stdErr = System.err;
    Severity: Major
    Found in src/main/java/org/sonarlint/cli/util/Logger.java by sonar-java

    When logging a message there are several important requirements which must be fulfilled:

    • The user must be able to easily retrieve the logs
    • The format of all logged message must be uniform to allow the user to easily read the log
    • Logged data must actually be recorded
    • Sensitive data must only be logged securely

    If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.

    Noncompliant Code Example

    System.out.println("My Message");  // Noncompliant

    Compliant Solution

    logger.log("My Message");

    See

    Replace this use of System.out or System.err by a logger.
    Open

                    System.out.println(gson.toJson(codeClimateIssue) + "\0");
    Severity: Major
    Found in src/main/java/cc/report/JsonReport.java by sonar-java

    When logging a message there are several important requirements which must be fulfilled:

    • The user must be able to easily retrieve the logs
    • The format of all logged message must be uniform to allow the user to easily read the log
    • Logged data must actually be recorded
    • Sensitive data must only be logged securely

    If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.

    Noncompliant Code Example

    System.out.println("My Message");  // Noncompliant

    Compliant Solution

    logger.log("My Message");

    See

    Remove this unused "stdOut" private field.
    Open

      private PrintStream stdOut;
    Severity: Major
    Found in src/main/java/org/sonarlint/cli/util/Logger.java by sonar-java

    If a private field is declared but not used in the program, it can be considered dead code and should therefore be removed. This will improve maintainability because developers will not wonder what the variable is used for.

    Note that this rule does not take reflection into account, which means that issues will be raised on private fields that are only accessed using the reflection API.

    Noncompliant Code Example

    public class MyClass {
  private int foo = 42;

  public int compute(int a) {
    return a * 42;
  }

}

    Compliant Solution

    public class MyClass {
  public int compute(int a) {
    return a * 42;
  }
}

    Exceptions

    The Java serialization runtime associates with each serializable class a version number, called serialVersionUID, which is used during deserialization to verify that the sender and receiver of a serialized object have loaded classes for that object that are compatible with respect to serialization.

    A serializable class can declare its own serialVersionUID explicitly by declaring a field named serialVersionUID that must be static, final, and of type long. By definition those serialVersionUID fields should not be reported by this rule:

    public class MyClass implements java.io.Serializable {
  private static final long serialVersionUID = 42L;
}

    Moreover, this rule doesn't raise any issue on annotated fields.

    Define and throw a dedicated exception instead of using a generic one.
    Open

                throw new RuntimeException("Error creating matcher with pattern: " + pattern, e);
    Severity: Major
    Found in src/main/java/cc/files/Matcher.java by sonar-java

    Using such generic exceptions as Error, RuntimeException, Throwable, and Exception prevents calling methods from handling true, system-generated exceptions differently than application-generated errors.

    Noncompliant Code Example

    public void foo(String bar) throws Throwable {  // Noncompliant
  throw new RuntimeException("My Message");     // Noncompliant
}

    Compliant Solution

    public void foo(String bar) {
  throw new MyOwnRuntimeException("My Message");
}

    Exceptions

    Generic exceptions in the signatures of overriding methods are ignored, because overriding method has to follow signature of the throw declaration in the superclass. The issue will be raised on superclass declaration of the method (or won't be raised at all if superclass is not part of the analysis).

    @Override
public void myMethod() throws Exception {...}

    Generic exceptions are also ignored in the signatures of methods that make calls to methods that throw generic exceptions.

    public void myOtherMethod throws Exception {
  doTheThing();  // this method throws Exception
}

    See

    Replace this use of System.out or System.err by a logger.
    Open

        this.stdOut = System.out;
    Severity: Major
    Found in src/main/java/org/sonarlint/cli/util/Logger.java by sonar-java

    When logging a message there are several important requirements which must be fulfilled:

    • The user must be able to easily retrieve the logs
    • The format of all logged message must be uniform to allow the user to easily read the log
    • Logged data must actually be recorded
    • Sensitive data must only be logged securely

    If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.

    Noncompliant Code Example

    System.out.println("My Message");  // Noncompliant

    Compliant Solution

    logger.log("My Message");

    See

    Provide the parametrized type for this generic.
    Open

            for (Map.Entry entry : config.entrySet()) {
    Severity: Major
    Found in src/main/java/cc/Config.java by sonar-java

    Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.

    Noncompliant Code Example

    List myList; // Noncompliant
Set mySet; // Noncompliant

    Compliant Solution

    List<String> myList;
Set<? extends Number> mySet;

    Replace this use of System.out or System.err by a logger.
    Open

                System.err.println(issue);
    Severity: Major
    Found in src/main/java/cc/models/Lines.java by sonar-java

    When logging a message there are several important requirements which must be fulfilled:

    • The user must be able to easily retrieve the logs
    • The format of all logged message must be uniform to allow the user to easily read the log
    • Logged data must actually be recorded
    • Sensitive data must only be logged securely

    If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.

    Noncompliant Code Example

    System.out.println("My Message");  // Noncompliant

    Compliant Solution

    logger.log("My Message");

    See

    Rename this class.
    Open

    public class StandaloneSonarLint extends org.sonarlint.cli.analysis.StandaloneSonarLint {
    Severity: Critical
    Found in src/main/java/cc/analysis/StandaloneSonarLint.java by sonar-java

    While it's perfectly legal to give a class the same simple name as a class in another package that it extends or interface it implements, it's confusing and could cause problems in the future.

    Noncompliant Code Example

    package my.mypackage;

public class Foo implements a.b.Foo { // Noncompliant

    Compliant Solution

    package my.mypackage;

public class FooJr implements a.b.Foo {

    Rename this class.
    Open

    public class ReportFactory extends org.sonarlint.cli.report.ReportFactory {
    Severity: Critical
    Found in src/main/java/cc/report/ReportFactory.java by sonar-java

    While it's perfectly legal to give a class the same simple name as a class in another package that it extends or interface it implements, it's confusing and could cause problems in the future.

    Noncompliant Code Example

    package my.mypackage;

public class Foo implements a.b.Foo { // Noncompliant

    Compliant Solution

    package my.mypackage;

public class FooJr implements a.b.Foo {

    Replace this use of System.out or System.err by a logger.
    Open

                e.printStackTrace(System.err);
    Severity: Major
    Found in src/main/java/cc/App.java by sonar-java

    When logging a message there are several important requirements which must be fulfilled:

    • The user must be able to easily retrieve the logs
    • The format of all logged message must be uniform to allow the user to easily read the log
    • Logged data must actually be recorded
    • Sensitive data must only be logged securely

    If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.

    Noncompliant Code Example

    System.out.println("My Message");  // Noncompliant

    Compliant Solution

    logger.log("My Message");

    See

    Replace this use of System.out or System.err by a logger.
    Open

                System.err.println("File location was not provided, defaulting to line 1.");
    Severity: Major
    Found in src/main/java/cc/models/Lines.java by sonar-java

    When logging a message there are several important requirements which must be fulfilled:

    • The user must be able to easily retrieve the logs
    • The format of all logged message must be uniform to allow the user to easily read the log
    • Logged data must actually be recorded
    • Sensitive data must only be logged securely

    If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a dedicated logger is highly recommended.

    Noncompliant Code Example

    System.out.println("My Message");  // Noncompliant

    Compliant Solution

    logger.log("My Message");

    See

    Rename field "config"
    Open

        private Map<String, Object> config = new LinkedHashMap<>();
    Severity: Major
    Found in src/main/java/cc/Config.java by sonar-java

    It's confusing to have a class member with the same name (case differences aside) as its enclosing class. This is particularly so when you consider the common practice of naming a class instance for the class itself.

    Best practice dictates that any field or member with the same name as the enclosing class be renamed to be more descriptive of the particular aspect of the class it represents or holds.

    Noncompliant Code Example

    public class Foo {
  private String foo;

  public String getFoo() { }
}

Foo foo = new Foo();
foo.getFoo() // what does this return?

    Compliant Solution

    public class Foo {
  private String name;

  public String getName() { }
}

//...

Foo foo = new Foo();
foo.getName()

    Exceptions

    When the type of the field is the containing class and that field is static, no issue is raised to allow singletons named like the type. 

    public class Foo {
  ...
  private static Foo foo;
  public Foo getInstance() {
    if(foo==null) {
      foo = new Foo();
    }
    return foo;
  }
  ...
}
    Severity
    Category
    Status
    Source
    Language