Showing 899 of 899 total issues
Reduce the number of returns of this function 4, down to the maximum allowed 3. Open
public function getDB()
- Read upRead up
- Exclude checks
Having too many return statements in a function increases the function's essential complexity because the flow of execution is broken each time a return statement is encountered. This makes it harder to read and understand the logic of the function.
Noncompliant Code Example
With the default threshold of 3:
function myFunction(){ // Noncompliant as there are 4 return statements if (condition1) { return true; } else { if (condition2) { return false; } else { return true; } } return false; }
Define a constant instead of duplicating this literal "Not logged in!" 3 times. Open
$this->util->sendResponse(401, 'Not logged in!');
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define and throw a dedicated exception instead of using a generic one. Open
throw new RuntimeException('Import of Issues is already locked!');
- Read upRead up
- Exclude checks
If you throw a general exception type, such as ErrorException, RuntimeException, or Exception in a library or framework, it forces consumers to catch all exceptions, including unknown exceptions that they do not know how to handle.
Instead, either throw a subtype that already exists in the Standard PHP Library, or create your own type that derives from Exception.
Noncompliant Code Example
throw new Exception(); // Noncompliant
Compliant Solution
throw new InvalidArgumentException(); // or throw new UnexpectedValueException();
See
- MITRE, CWE-397 - Declaration of Throws for Generic Exception
- CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable
Rename "$db" which has the same name as the field declared at line 14. Open
$db = $this->getDB();
- Read upRead up
- Exclude checks
Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.
Noncompliant Code Example
class Foo { public $myField; public function doSomething() { $myField = 0; ... } }
See
- CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes
Define a constant instead of duplicating this literal "lockdir" 6 times. Open
$lockFN = $conf['lockdir'] . '/' . md5('_' . $id) . '.lock';
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "AJAX_CALL_UNKNOWN" 4 times. Open
$controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleAjax');
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "testpage" 4 times. Open
$ID = 'testpage';
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "sqlite init failed" 3 times. Open
throw new \Exception('sqlite init failed');
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Take the required action to fix the issue indicated by this "FIXME" comment. Open
// FIXME: somehow validate that we are allowed to retrieve that issue
- Read upRead up
- Exclude checks
FIXME
tags are commonly used to mark places where a bug is suspected, but which the developer wants to deal with later.
Sometimes the developer will not have the time or will simply forget to get back to that tag.
This rule is meant to track those tags and to ensure that they do not go unnoticed.
Noncompliant Code Example
function divide($numerator, $denominator) { return $numerator / $denominator; // FIXME denominator value might be 0 }
See
- MITRE, CWE-546 - Suspicious Comment
Define a constant instead of duplicating this literal "issuelinks_db" 8 times. Open
$db = plugin_load('helper', 'issuelinks_db');
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "full_name" 3 times. Open
$repo->full_name = $repoData['full_name'];
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "config" 4 times. Open
"config" => $config,
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "project_id" 3 times. Open
'project_id' => $projectKey,
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Add curly braces around the nested statement(s). Open
if (!$db) return;
- Read upRead up
- Exclude checks
While not technically incorrect, the omission of curly braces can be misleading, and may lead to the introduction of errors during maintenance.
Noncompliant Code Example
if (condition) // Noncompliant executeSomething();
Compliant Solution
if (condition) { executeSomething(); }
See
- MISRA C:2004, 14.8 - The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement
- MISRA C:2004, 14.9 - An if (expression) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement
- MISRA C++:2008, 6-3-1 - The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement
- MISRA C++:2008, 6-4-1 - An if (condition) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement
- MISRA C:2012, 15.6 - The body of an iteration-statement or a selection-statement shall be a compound-statement
- CERT, EXP19-C. - Use braces for the body of an if, for, or while statement
- CERT, EXP52-J. - Use braces for the body of an if, for, or while statement
Define and throw a dedicated exception instead of using a generic one. Open
throw new RuntimeException('Import of Issues aborted because lock removed');
- Read upRead up
- Exclude checks
If you throw a general exception type, such as ErrorException, RuntimeException, or Exception in a library or framework, it forces consumers to catch all exceptions, including unknown exceptions that they do not know how to handle.
Instead, either throw a subtype that already exists in the Standard PHP Library, or create your own type that derives from Exception.
Noncompliant Code Example
throw new Exception(); // Noncompliant
Compliant Solution
throw new InvalidArgumentException(); // or throw new UnexpectedValueException();
See
- MITRE, CWE-397 - Declaration of Throws for Generic Exception
- CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable
Rename "$labels" which has the same name as the field declared at line 24. Open
$labels = $this->getLabels();
- Read upRead up
- Exclude checks
Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.
Noncompliant Code Example
class Foo { public $myField; public function doSomething() { $myField = 0; ... } }
See
- CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes
Class "Jira" has 22 methods, which is greater than 20 authorized. Split it into smaller classes. Open
class Jira extends AbstractService
- Read upRead up
- Exclude checks
A class that grows too much tends to aggregate too many responsibilities and inevitably becomes harder to understand and therefore to maintain. Above a specific threshold, it is strongly advised to refactor the class into smaller ones which focus on well defined topics.
Define a constant instead of duplicating this literal "merged" 4 times. Open
$issue->setStatus(isset($info['merged']) ? 'merged' : $info['state']);
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Rename "$scopes" which has the same name as the field declared at line 27. Open
$scopes = implode(', ', $this->scopes);
- Read upRead up
- Exclude checks
Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.
Noncompliant Code Example
class Foo { public $myField; public function doSomething() { $myField = 0; ... } }
See
- CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes
Define a constant instead of duplicating this literal "helper" 8 times. Open
$db = plugin_load('helper', 'issuelinks_db');
- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
function run() { prepare('action1'); // Non-Compliant - 'action1' is duplicated 3 times execute('action1'); release('action1'); }
Compliant Solution
ACTION_1 = 'action1'; function run() { prepare(ACTION_1); execute(ACTION_1); release(ACTION_1); }
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.