Showing 117 of 158 total issues
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
this.runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Provide the parametrized type for this generic. Open
public void launchActivity(Class activityClass) {
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
activityRule.getActivity().runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
executeOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
activityRule.getActivity().runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Save and re-use this "Random". Open
Random random = new Random();
- Read upRead up
- Exclude checks
Creating a new Random
object each time a random value is needed is inefficient and may produce numbers which are not random depending
on the JDK. For better efficiency and randomness, create a single Random
, then store, and reuse it.
The Random()
constructor tries to set the seed with a distinct value every time. However there is no guarantee that the seed will be
random or even uniformly distributed. Some JDK will use the current time as seed, which makes the generated numbers not random at all.
This rule finds cases where a new Random
is created each time a method is invoked and assigned to a local random variable.
Noncompliant Code Example
public void doSomethingCommon() { Random rand = new Random(); // Noncompliant; new instance created with each invocation int rValue = rand.nextInt(); //...
Compliant Solution
private Random rand = SecureRandom.getInstanceStrong(); // SecureRandom is preferred to Random public void doSomethingCommon() { int rValue = this.rand.nextInt(); //...
Exceptions
A class which uses a Random
in its constructor or in a static main
function and nowhere else will be ignored by this
rule.
See
- OWASP Top 10 2017 Category A6 - Security Misconfiguration
Use "java.nio.file.Files#delete" here for better messages on error conditions. Open
file.delete();
- Read upRead up
- Exclude checks
When java.io.File#delete
fails, this boolean
method simply returns false
with no indication of the cause. On
the other hand, when java.nio.file.Files#delete
fails, this void
method returns one of a series of exception types to better
indicate the cause of the failure. And since more information is generally better in a debugging situation, java.nio.file.Files#delete
is
the preferred option.
Noncompliant Code Example
public void cleanUp(Path path) { File file = new File(path); if (!file.delete()) { // Noncompliant //... } }
Compliant Solution
public void cleanUp(Path path) throws NoSuchFileException, DirectoryNotEmptyException, IOException { Files.delete(path); }
Provide the parametrized type for this generic. Open
final Class activityClass) {
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Provide the parametrized type for this generic. Open
final Class activityClass) {
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Provide the parametrized type for this generic. Open
class Player implements Comparable {
- Read upRead up
- Exclude checks
Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking, and defers the catch of unsafe code to runtime.
Noncompliant Code Example
List myList; // Noncompliant Set mySet; // Noncompliant
Compliant Solution
List<String> myList; Set<? extends Number> mySet;
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
((WaitingPageActivity) context).runOnUiThread(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Replace this assert with a proper check. Open
assert name != null : "name is null";
- Read upRead up
- Exclude checks
An assert
is inappropriate for parameter validation because assertions can be disabled at runtime in the JVM, meaning that a bad
operational setting would completely eliminate the intended checks. Further, assert
s that fail throw AssertionError
s, rather
than throwing some type of Exception
. Throwing Error
s is completely outside of the normal realm of expected
catch
/throw
behavior in normal programs.
This rule raises an issue when a public
method uses one or more of its parameters with assert
s.
Noncompliant Code Example
public void setPrice(int price) { assert price >= 0 && price <= MAX_PRICE; // Set the price }
Compliant Solution
public void setPrice(int price) { if (price < 0 || price > MAX_PRICE) { throw new IllegalArgumentException("Invalid price: " + price); } // Set the price }
See
Make this anonymous inner class a lambda (sonar.java.source not set. Assuming 8 or greater.) Open
scrollView.post(new Runnable() {
- Read upRead up
- Exclude checks
Before Java 8, the only way to partially support closures in Java was by using anonymous inner classes. But the syntax of anonymous classes may seem unwieldy and unclear.
With Java 8, most uses of anonymous inner classes should be replaced by lambdas to highly increase the readability of the source code.
Note that this rule is automatically disabled when the project's sonar.java.source
is lower than 8
.
Noncompliant Code Example
myCollection.stream().map(new Mapper<String,String>() { public String map(String input) { return new StringBuilder(input).reverse().toString(); } }); Predicate<String> isEmpty = new Predicate<String> { boolean test(String myString) { return myString.isEmpty(); } }
Compliant Solution
myCollection.stream().map(input -> new StringBuilder(input).reverse().toString()); Predicate<String> isEmpty = myString -> myString.isEmpty();
Make the enclosing method "static" or remove this set. Open
bitmaps = dbHandler.getBitmaps(this);
- Read upRead up
- Exclude checks
Correctly updating a static
field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple
class instances and/or multiple threads in play. Ideally, static
fields are only updated from synchronized static
methods.
This rule raises an issue each time a static
field is updated from a non-static method.
Noncompliant Code Example
public class MyClass { private static int count = 0; public void doSomething() { //... count++; // Noncompliant } }