Consider simplifying this complex logical expression. Open
if (!("testinstanceid".equals(name) && "AUTO".equals(getPcModel().getAutoTestInstanceID()))
&& !(("retrydelay".equals(name) && "NO_RETRY".equals(getPcModel().getRetry())) || getPcModel().getRetry().isEmpty())
&& !(("retryoccurrences".equals(name) && "NO_RETRY".equals(getPcModel().getRetry())) || getPcModel().getRetry().isEmpty())
) {
if ("doCheckCredentialsId".equals(method.getName()) && "credentialsid".equals(name) && "getCredentialsId".equals(modelMethodName)Avoid deeply nested control flow statements. Open
if (!obj.equals(FormValidation.ok())) {
logger.println(obj);
ret = false;
}Avoid deeply nested control flow statements. Open
if (!("testinstanceid".equals(name) && "AUTO".equals(getPcModel().getAutoTestInstanceID()))
&& !(("retrydelay".equals(name) && "NO_RETRY".equals(getPcModel().getRetry())) || getPcModel().getRetry().isEmpty())
&& !(("retryoccurrences".equals(name) && "NO_RETRY".equals(getPcModel().getRetry())) || getPcModel().getRetry().isEmpty())
) {
if ("doCheckCredentialsId".equals(method.getName()) && "credentialsid".equals(name) && "getCredentialsId".equals(modelMethodName)Consider simplifying this complex logical expression. Open
if ("doCheckCredentialsId".equals(method.getName()) && "credentialsid".equals(name) && "getCredentialsId".equals(modelMethodName)
|| "doCheckCredentialsProxyId".equals(method.getName()) && "credentialsproxyid".equals(name) && "getCredentialsProxyId".equals(modelMethodName)
)
obj = method.invoke(getDescriptor(), null, null, modelMethod.invoke(getPcModel()));
elseAvoid too many return statements within this method. Open
return FormValidation.warning(String.format("%s s",
Messages.CannotFindAnyCredentials(),
credentialIdValueStr));Avoid too many return statements within this method. Open
return FormValidation.ok();Constructor has 23 parameters, which is greater than 7 authorized. Open
public PcBuilder(- Read upRead up
- Exclude checks
A long parameter list can indicate that a new structure should be created to wrap the numerous parameters or that the function is doing too many things.
Noncompliant Code Example
With a maximum number of 4 parameters:
public void doSomething(int param1, int param2, int param3, String param4, long param5) {
...
}
Compliant Solution
public void doSomething(int param1, int param2, int param3, String param4) {
...
}
Exceptions
Methods annotated with :
- Spring's
@RequestMapping(and related shortcut annotations, like@GetRequest) - JAX-RS API annotations (like
@javax.ws.rs.GET) - Bean constructor injection with
@org.springframework.beans.factory.annotation.Autowired - CDI constructor injection with
@javax.inject.Inject -
@com.fasterxml.jackson.annotation.JsonCreator
may have a lot of parameters, encapsulation being possible. Such methods are therefore ignored.
Refactor this method to reduce its Cognitive Complexity from 20 to the 15 allowed. Open
private Testsuites run(PcClient pcClient, Run<?, ?> build)- Read upRead up
- Exclude checks
Cognitive Complexity is a measure of how hard the control flow of a method is to understand. Methods with high Cognitive Complexity will be difficult to maintain.
See
Refactor this method to reduce its Cognitive Complexity from 42 to the 15 allowed. Open
private boolean validatePcForm() {- Read upRead up
- Exclude checks
Cognitive Complexity is a measure of how hard the control flow of a method is to understand. Methods with high Cognitive Complexity will be difficult to maintain.
See
Refactor this method to not always return the same value. Open
private boolean saveFileToWorkspacePath(PcClient pcClient, String trendReportID, int runId, TrendReportTypes.DataType dataType, TrendReportTypes.PctType pctType, TrendReportTypes.Measurement measurement) throws IOException, PcException, IntrospectionException, NoSuchMethodException {- Read upRead up
- Exclude checks
When a method is designed to return an invariant value, it may be poor design, but it shouldn't adversely affect the outcome of your program. However, when it happens on all paths through the logic, it is surely a bug.
This rule raises an issue when a method contains several return statements that all return the same value.
Noncompliant Code Example
int foo(int a) {
int b = 12;
if (a == 1) {
return b;
}
return b; // Noncompliant
}
Make the enclosing method "static" or remove this set. Open
_run = build;- Read upRead up
- Exclude checks
Correctly updating a static field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple
class instances and/or multiple threads in play. Ideally, static fields are only updated from synchronized static
methods.
This rule raises an issue each time a static field is updated from a non-static method.
Noncompliant Code Example
public class MyClass {
private static int count = 0;
public void doSomething() {
//...
count++; // Noncompliant
}
}
This block of commented-out lines of code should be removed. Open
//testCase.setClassname("Performance Tests.Test ID: " + runResponse.getTestID());- Read upRead up
- Exclude checks
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
Make the enclosing method "static" or remove this set. Open
usernamePCPasswordCredentialsForProxy = getCredentialsById(credentialsProxyId, build, logger);- Read upRead up
- Exclude checks
Correctly updating a static field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple
class instances and/or multiple threads in play. Ideally, static fields are only updated from synchronized static
methods.
This rule raises an issue each time a static field is updated from a non-static method.
Noncompliant Code Example
public class MyClass {
private static int count = 0;
public void doSomething() {
//...
count++; // Noncompliant
}
}
Define a constant instead of duplicating this literal "%s. %s" 3 times. Open
String.format("%s. %s",- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
public void run() {
prepare("action1"); // Noncompliant - "action1" is duplicated 3 times
execute("action1");
release("action1");
}
@SuppressWarning("all") // Compliant - annotations are excluded
private void method1() { /* ... */ }
@SuppressWarning("all")
private void method2() { /* ... */ }
public String method3(String a) {
System.out.println("'" + a + "'"); // Compliant - literal "'" has less than 5 characters and is excluded
return ""; // Compliant - literal "" has less than 5 characters and is excluded
}
Compliant Solution
private static final String ACTION_1 = "action1"; // Compliant
public void run() {
prepare(ACTION_1); // Compliant
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "%s - %s" 6 times. Open
logger.println(String.format("%s - %s",- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
public void run() {
prepare("action1"); // Noncompliant - "action1" is duplicated 3 times
execute("action1");
release("action1");
}
@SuppressWarning("all") // Compliant - annotations are excluded
private void method1() { /* ... */ }
@SuppressWarning("all")
private void method2() { /* ... */ }
public String method3(String a) {
System.out.println("'" + a + "'"); // Compliant - literal "'" has less than 5 characters and is excluded
return ""; // Compliant - literal "" has less than 5 characters and is excluded
}
Compliant Solution
private static final String ACTION_1 = "action1"; // Compliant
public void run() {
prepare(ACTION_1); // Compliant
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Make the enclosing method "static" or remove this set. Open
logger = listener.getLogger();- Read upRead up
- Exclude checks
Correctly updating a static field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple
class instances and/or multiple threads in play. Ideally, static fields are only updated from synchronized static
methods.
This rule raises an issue each time a static field is updated from a non-static method.
Noncompliant Code Example
public class MyClass {
private static int count = 0;
public void doSomething() {
//...
count++; // Noncompliant
}
}
This block of commented-out lines of code should be removed. Open
//trendReportReady = false;- Read upRead up
- Exclude checks
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
Make the enclosing method "static" or remove this set. Open
usernamePCPasswordCredentials = getCredentialsById(credentialsId, build, logger);- Read upRead up
- Exclude checks
Correctly updating a static field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple
class instances and/or multiple threads in play. Ideally, static fields are only updated from synchronized static
methods.
This rule raises an issue each time a static field is updated from a non-static method.
Noncompliant Code Example
public class MyClass {
private static int count = 0;
public void doSomething() {
//...
count++; // Noncompliant
}
}
Remove this unused method parameter "field". Open
String field,- Read upRead up
- Exclude checks
Unused parameters are misleading. Whatever the values passed to such parameters, the behavior will be the same.
Noncompliant Code Example
void doSomething(int a, int b) { // "b" is unused
compute(a);
}
Compliant Solution
void doSomething(int a) {
compute(a);
}
Exceptions
The rule will not raise issues for unused parameters:
- that are annotated with
@javax.enterprise.event.Observes - in overrides and implementation methods
- in interface
defaultmethods - in non-private methods that only
throwor that have empty bodies - in annotated methods, unless the annotation is
@SuppressWarning("unchecked")or@SuppressWarning("rawtypes"), in which case the annotation will be ignored - in overridable methods (non-final, or not member of a final class, non-static, non-private), if the parameter is documented with a proper javadoc.
@Override
void doSomething(int a, int b) { // no issue reported on b
compute(a);
}
public void foo(String s) {
// designed to be extended but noop in standard case
}
protected void bar(String s) {
//open-closed principle
}
public void qix(String s) {
throw new UnsupportedOperationException("This method should be implemented in subclasses");
}
/**
* @param s This string may be use for further computation in overriding classes
*/
protected void foobar(int a, String s) { // no issue, method is overridable and unused parameter has proper javadoc
compute(a);
}
See
- CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
Remove this useless assignment to local variable "resultStatus". Open
Result resultStatus = Result.FAILURE;- Read upRead up
- Exclude checks
A dead store happens when a local variable is assigned a value that is not read by any subsequent instruction. Calculating or retrieving a value only to then overwrite it or throw it away, could indicate a serious error in the code. Even if it's not an error, it is at best a waste of resources. Therefore all calculated values should be used.
Noncompliant Code Example
i = a + b; // Noncompliant; calculation result not used before value is overwritten i = compute();
Compliant Solution
i = a + b; i += compute();
Exceptions
This rule ignores initializations to -1, 0, 1, null, true, false and "".
See
- MITRE, CWE-563 - Assignment to Variable without Use ('Unused Variable')
- CERT, MSC13-C. - Detect and remove unused values
- CERT, MSC56-J. - Detect and remove superfluous code and values
Define a constant instead of duplicating this literal "%s - %s. %s: %s" 3 times. Open
logger.println(String.format("%s - %s. %s: %s",- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
public void run() {
prepare("action1"); // Noncompliant - "action1" is duplicated 3 times
execute("action1");
release("action1");
}
@SuppressWarning("all") // Compliant - annotations are excluded
private void method1() { /* ... */ }
@SuppressWarning("all")
private void method2() { /* ... */ }
public String method3(String a) {
System.out.println("'" + a + "'"); // Compliant - literal "'" has less than 5 characters and is excluded
return ""; // Compliant - literal "" has less than 5 characters and is excluded
}
Compliant Solution
private static final String ACTION_1 = "action1"; // Compliant
public void run() {
prepare(ACTION_1); // Compliant
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Define a constant instead of duplicating this literal "NO_RETRY" 5 times. Open
this.retry = (retry == null || retry.isEmpty()) ? "NO_RETRY" : retry;- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
public void run() {
prepare("action1"); // Noncompliant - "action1" is duplicated 3 times
execute("action1");
release("action1");
}
@SuppressWarning("all") // Compliant - annotations are excluded
private void method1() { /* ... */ }
@SuppressWarning("all")
private void method2() { /* ... */ }
public String method3(String a) {
System.out.println("'" + a + "'"); // Compliant - literal "'" has less than 5 characters and is excluded
return ""; // Compliant - literal "" has less than 5 characters and is excluded
}
Compliant Solution
private static final String ACTION_1 = "action1"; // Compliant
public void run() {
prepare(ACTION_1); // Compliant
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Remove this unused method parameter "build". Open
private String getArtifactsUrlPattern(Run<?, ?> build) {- Read upRead up
- Exclude checks
Unused parameters are misleading. Whatever the values passed to such parameters, the behavior will be the same.
Noncompliant Code Example
void doSomething(int a, int b) { // "b" is unused
compute(a);
}
Compliant Solution
void doSomething(int a) {
compute(a);
}
Exceptions
The rule will not raise issues for unused parameters:
- that are annotated with
@javax.enterprise.event.Observes - in overrides and implementation methods
- in interface
defaultmethods - in non-private methods that only
throwor that have empty bodies - in annotated methods, unless the annotation is
@SuppressWarning("unchecked")or@SuppressWarning("rawtypes"), in which case the annotation will be ignored - in overridable methods (non-final, or not member of a final class, non-static, non-private), if the parameter is documented with a proper javadoc.
@Override
void doSomething(int a, int b) { // no issue reported on b
compute(a);
}
public void foo(String s) {
// designed to be extended but noop in standard case
}
protected void bar(String s) {
//open-closed principle
}
public void qix(String s) {
throw new UnsupportedOperationException("This method should be implemented in subclasses");
}
/**
* @param s This string may be use for further computation in overriding classes
*/
protected void foobar(int a, String s) { // no issue, method is overridable and unused parameter has proper javadoc
compute(a);
}
See
- CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
This block of commented-out lines of code should be removed. Open
// JUnitResultArchiver jUnitResultArchiver = new JUnitResultArchiver(this.getRunResultsFileName());- Read upRead up
- Exclude checks
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
Remove this unused method parameter "TrendReportID". Open
private Testsuites parsePcTrendResponse(Testsuites ret, Run<?, ?> build, PcClient pcClient, boolean trendReportReady, String TrendReportID, int runID) throws PcException, IntrospectionException, IOException, InterruptedException, NoSuchMethodException {- Read upRead up
- Exclude checks
Unused parameters are misleading. Whatever the values passed to such parameters, the behavior will be the same.
Noncompliant Code Example
void doSomething(int a, int b) { // "b" is unused
compute(a);
}
Compliant Solution
void doSomething(int a) {
compute(a);
}
Exceptions
The rule will not raise issues for unused parameters:
- that are annotated with
@javax.enterprise.event.Observes - in overrides and implementation methods
- in interface
defaultmethods - in non-private methods that only
throwor that have empty bodies - in annotated methods, unless the annotation is
@SuppressWarning("unchecked")or@SuppressWarning("rawtypes"), in which case the annotation will be ignored - in overridable methods (non-final, or not member of a final class, non-static, non-private), if the parameter is documented with a proper javadoc.
@Override
void doSomething(int a, int b) { // no issue reported on b
compute(a);
}
public void foo(String s) {
// designed to be extended but noop in standard case
}
protected void bar(String s) {
//open-closed principle
}
public void qix(String s) {
throw new UnsupportedOperationException("This method should be implemented in subclasses");
}
/**
* @param s This string may be use for further computation in overriding classes
*/
protected void foobar(int a, String s) { // no issue, method is overridable and unused parameter has proper javadoc
compute(a);
}
See
- CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
Extract this nested ternary operation into an independent statement. Open
this.retryDelay = ("NO_RETRY".equals(this.retry)) ? "0" : (retryDelay == null || retryDelay.isEmpty()) ? "5" : retryDelay;- Read upRead up
- Exclude checks
Just because you can do something, doesn't mean you should, and that's the case with nested ternary operations. Nesting ternary operators results in the kind of code that may seem clear as day when you write it, but six months later will leave maintainers (or worse - future you) scratching their heads and cursing.
Instead, err on the side of clarity, and use another line to express the nested operation as a separate statement.
Noncompliant Code Example
public String getReadableStatus(Job j) {
return j.isRunning() ? "Running" : j.hasErrors() ? "Failed" : "Succeeded"; // Noncompliant
}
Compliant Solution
public String getReadableStatus(Job j) {
if (j.isRunning()) {
return "Running";
}
return j.hasErrors() ? "Failed" : "Succeeded";
}
Extract this nested ternary operation into an independent statement. Open
this.retryOccurrences = ("NO_RETRY".equals(this.retry)) ? "0" : (retryOccurrences == null || retryOccurrences.isEmpty()) ? "3" : retryOccurrences;- Read upRead up
- Exclude checks
Just because you can do something, doesn't mean you should, and that's the case with nested ternary operations. Nesting ternary operators results in the kind of code that may seem clear as day when you write it, but six months later will leave maintainers (or worse - future you) scratching their heads and cursing.
Instead, err on the side of clarity, and use another line to express the nested operation as a separate statement.
Noncompliant Code Example
public String getReadableStatus(Job j) {
return j.isRunning() ? "Running" : j.hasErrors() ? "Failed" : "Succeeded"; // Noncompliant
}
Compliant Solution
public String getReadableStatus(Job j) {
if (j.isRunning()) {
return "Running";
}
return j.hasErrors() ? "Failed" : "Succeeded";
}
Format specifiers should be used instead of string concatenation. Open
String downloadUrl = String.format(urlPattern + "/%s", "*zip*/pcRun");- Read upRead up
- Exclude checks
Because printf-style format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that
result in the wrong strings being created. This rule statically validates the correlation of printf-style format strings to their
arguments when calling the format(...) methods of java.util.Formatter, java.lang.String,
java.io.PrintStream, MessageFormat, and java.io.PrintWriter classes and the printf(...) methods of
java.io.PrintStream or java.io.PrintWriter classes.
Noncompliant Code Example
String.format("First {0} and then {1}", "foo", "bar"); //Noncompliant. Looks like there is a confusion with the use of {{java.text.MessageFormat}}, parameters "foo" and "bar" will be simply ignored here
String.format("Display %3$d and then %d", 1, 2, 3); //Noncompliant; the second argument '2' is unused
String.format("Too many arguments %d and %d", 1, 2, 3); //Noncompliant; the third argument '3' is unused
String.format("First Line\n"); //Noncompliant; %n should be used in place of \n to produce the platform-specific line separator
String.format("Is myObject null ? %b", myObject); //Noncompliant; when a non-boolean argument is formatted with %b, it prints true for any nonnull value, and false for null. Even if intended, this is misleading. It's better to directly inject the boolean value (myObject == null in this case)
String.format("value is " + value); // Noncompliant
String s = String.format("string without arguments"); // Noncompliant
MessageFormat.format("Result '{0}'.", value); // Noncompliant; String contains no format specifiers. (quote are discarding format specifiers)
MessageFormat.format("Result {0}.", value, value); // Noncompliant; 2nd argument is not used
MessageFormat.format("Result {0}.", myObject.toString()); // Noncompliant; no need to call toString() on objects
java.util.Logger logger;
logger.log(java.util.logging.Level.SEVERE, "Result {0}.", myObject.toString()); // Noncompliant; no need to call toString() on objects
logger.log(java.util.logging.Level.SEVERE, "Result.", new Exception()); // compliant, parameter is an exception
logger.log(java.util.logging.Level.SEVERE, "Result '{0}'", 14); // Noncompliant - String contains no format specifiers.
logger.log(java.util.logging.Level.SEVERE, "Result " + param, exception); // Noncompliant; Lambda should be used to differ string concatenation.
org.slf4j.Logger slf4jLog;
org.slf4j.Marker marker;
slf4jLog.debug(marker, "message {}");
slf4jLog.debug(marker, "message", 1); // Noncompliant - String contains no format specifiers.
org.apache.logging.log4j.Logger log4jLog;
log4jLog.debug("message", 1); // Noncompliant - String contains no format specifiers.
Compliant Solution
String.format("First %s and then %s", "foo", "bar");
String.format("Display %2$d and then %d", 1, 3);
String.format("Too many arguments %d %d", 1, 2);
String.format("First Line%n");
String.format("Is myObject null ? %b", myObject == null);
String.format("value is %d", value);
String s = "string without arguments";
MessageFormat.format("Result {0}.", value);
MessageFormat.format("Result '{0}' = {0}", value);
MessageFormat.format("Result {0}.", myObject);
java.util.Logger logger;
logger.log(java.util.logging.Level.SEVERE, "Result {0}.", myObject);
logger.log(java.util.logging.Level.SEVERE, "Result {0}'", 14);
logger.log(java.util.logging.Level.SEVERE, exception, () -> "Result " + param);
org.slf4j.Logger slf4jLog;
org.slf4j.Marker marker;
slf4jLog.debug(marker, "message {}");
slf4jLog.debug(marker, "message {}", 1);
org.apache.logging.log4j.Logger log4jLog;
log4jLog.debug("message {}", 1);
See
- CERT, FIO47-C. - Use valid format strings
Format specifiers should be used instead of string concatenation. Open
String viewUrl = String.format(urlPattern + "/%s", pcReportFileName);- Read upRead up
- Exclude checks
Because printf-style format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that
result in the wrong strings being created. This rule statically validates the correlation of printf-style format strings to their
arguments when calling the format(...) methods of java.util.Formatter, java.lang.String,
java.io.PrintStream, MessageFormat, and java.io.PrintWriter classes and the printf(...) methods of
java.io.PrintStream or java.io.PrintWriter classes.
Noncompliant Code Example
String.format("First {0} and then {1}", "foo", "bar"); //Noncompliant. Looks like there is a confusion with the use of {{java.text.MessageFormat}}, parameters "foo" and "bar" will be simply ignored here
String.format("Display %3$d and then %d", 1, 2, 3); //Noncompliant; the second argument '2' is unused
String.format("Too many arguments %d and %d", 1, 2, 3); //Noncompliant; the third argument '3' is unused
String.format("First Line\n"); //Noncompliant; %n should be used in place of \n to produce the platform-specific line separator
String.format("Is myObject null ? %b", myObject); //Noncompliant; when a non-boolean argument is formatted with %b, it prints true for any nonnull value, and false for null. Even if intended, this is misleading. It's better to directly inject the boolean value (myObject == null in this case)
String.format("value is " + value); // Noncompliant
String s = String.format("string without arguments"); // Noncompliant
MessageFormat.format("Result '{0}'.", value); // Noncompliant; String contains no format specifiers. (quote are discarding format specifiers)
MessageFormat.format("Result {0}.", value, value); // Noncompliant; 2nd argument is not used
MessageFormat.format("Result {0}.", myObject.toString()); // Noncompliant; no need to call toString() on objects
java.util.Logger logger;
logger.log(java.util.logging.Level.SEVERE, "Result {0}.", myObject.toString()); // Noncompliant; no need to call toString() on objects
logger.log(java.util.logging.Level.SEVERE, "Result.", new Exception()); // compliant, parameter is an exception
logger.log(java.util.logging.Level.SEVERE, "Result '{0}'", 14); // Noncompliant - String contains no format specifiers.
logger.log(java.util.logging.Level.SEVERE, "Result " + param, exception); // Noncompliant; Lambda should be used to differ string concatenation.
org.slf4j.Logger slf4jLog;
org.slf4j.Marker marker;
slf4jLog.debug(marker, "message {}");
slf4jLog.debug(marker, "message", 1); // Noncompliant - String contains no format specifiers.
org.apache.logging.log4j.Logger log4jLog;
log4jLog.debug("message", 1); // Noncompliant - String contains no format specifiers.
Compliant Solution
String.format("First %s and then %s", "foo", "bar");
String.format("Display %2$d and then %d", 1, 3);
String.format("Too many arguments %d %d", 1, 2);
String.format("First Line%n");
String.format("Is myObject null ? %b", myObject == null);
String.format("value is %d", value);
String s = "string without arguments";
MessageFormat.format("Result {0}.", value);
MessageFormat.format("Result '{0}' = {0}", value);
MessageFormat.format("Result {0}.", myObject);
java.util.Logger logger;
logger.log(java.util.logging.Level.SEVERE, "Result {0}.", myObject);
logger.log(java.util.logging.Level.SEVERE, "Result {0}'", 14);
logger.log(java.util.logging.Level.SEVERE, exception, () -> "Result " + param);
org.slf4j.Logger slf4jLog;
org.slf4j.Marker marker;
slf4jLog.debug(marker, "message {}");
slf4jLog.debug(marker, "message {}", 1);
org.apache.logging.log4j.Logger log4jLog;
log4jLog.debug("message {}", 1);
See
- CERT, FIO47-C. - Use valid format strings
This block of commented-out lines of code should be removed. Open
// if(trendReportReady){- Read upRead up
- Exclude checks
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
Define a constant instead of duplicating this literal "%s - %s: %s" 3 times. Open
logger.println(String.format("%s - %s: %s",- Read upRead up
- Exclude checks
Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.
On the other hand, constants can be referenced from many places, but only need to be updated in a single place.
Noncompliant Code Example
With the default threshold of 3:
public void run() {
prepare("action1"); // Noncompliant - "action1" is duplicated 3 times
execute("action1");
release("action1");
}
@SuppressWarning("all") // Compliant - annotations are excluded
private void method1() { /* ... */ }
@SuppressWarning("all")
private void method2() { /* ... */ }
public String method3(String a) {
System.out.println("'" + a + "'"); // Compliant - literal "'" has less than 5 characters and is excluded
return ""; // Compliant - literal "" has less than 5 characters and is excluded
}
Compliant Solution
private static final String ACTION_1 = "action1"; // Compliant
public void run() {
prepare(ACTION_1); // Compliant
execute(ACTION_1);
release(ACTION_1);
}
Exceptions
To prevent generating some false-positives, literals having less than 5 characters are excluded.
Rename this variable to not match a restricted identifier. Open
for (PcRunEventLogRecord record : eventLog.getRecordsList()) {- Read upRead up
- Exclude checks
Even if it is technically possible, Restricted Identifiers should not be used as identifiers. This is only possible for compatibility reasons, using it in Java code is confusing and should be avoided.
Note that this applies to any version of Java, including the one where these identifiers are not yet restricted, to avoid future confusion.
This rule reports an issue when restricted identifiers:
- var
- yield
- record
are used as identifiers.
Noncompliant Code Example
var var = "var"; // Noncompliant: compiles but this code is confusing
var = "what is this?";
int yield(int i) { // Noncompliant
return switch (i) {
case 1: yield(0); // This is a yield from switch expression, not a recursive call.
default: yield(i-1);
};
}
String record = "record"; // Noncompliant
Compliant Solution
var myVariable = "var";
int minusOne(int i) {
return switch (i) {
case 1: yield(0);
default: yield(i-1);
};
}
String myRecord = "record";
See
This block of commented-out lines of code should be removed. Open
// public static FormValidation CheckOnlyAutoTestInstanceId(String autoTestInstanceID){- Read upRead up
- Exclude checks
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
A "NullPointerException" could be thrown; "build" is nullable here. Open
build.setResult(Result.ABORTED);- Read upRead up
- Exclude checks
A reference to null should never be dereferenced/accessed. Doing so will cause a NullPointerException to be thrown. At
best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or
it could allow an attacker to bypass security measures.
Note that when they are present, this rule takes advantage of @CheckForNull and @Nonnull annotations defined in JSR-305 to understand which values are and are not nullable except when @Nonnull is used
on the parameter to equals, which by contract should always work with null.
Noncompliant Code Example
@CheckForNull
String getName(){...}
public boolean isNameEmpty() {
return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked
}
Connection conn = null;
Statement stmt = null;
try{
conn = DriverManager.getConnection(DB_URL,USER,PASS);
stmt = conn.createStatement();
// ...
}catch(Exception e){
e.printStackTrace();
}finally{
stmt.close(); // Noncompliant; stmt could be null if an exception was thrown in the try{} block
conn.close(); // Noncompliant; conn could be null if an exception was thrown
}
private void merge(@Nonnull Color firstColor, @Nonnull Color secondColor){...}
public void append(@CheckForNull Color color) {
merge(currentColor, color); // Noncompliant; color should be null-checked because merge(...) doesn't accept nullable parameters
}
void paint(Color color) {
if(color == null) {
System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown
return;
}
...
}
See
- MITRE, CWE-476 - NULL Pointer Dereference
- CERT, EXP34-C. - Do not dereference null pointers
- CERT, EXP01-J. - Do not use a null in a case where an object is required
"NullPointerException" will be thrown when invoking method "parsePcRunResponse()". Open
parsePcRunResponse(ret, response, build, errorMessage, eventLogString);- Read upRead up
- Exclude checks
A reference to null should never be dereferenced/accessed. Doing so will cause a NullPointerException to be thrown. At
best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or
it could allow an attacker to bypass security measures.
Note that when they are present, this rule takes advantage of @CheckForNull and @Nonnull annotations defined in JSR-305 to understand which values are and are not nullable except when @Nonnull is used
on the parameter to equals, which by contract should always work with null.
Noncompliant Code Example
@CheckForNull
String getName(){...}
public boolean isNameEmpty() {
return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked
}
Connection conn = null;
Statement stmt = null;
try{
conn = DriverManager.getConnection(DB_URL,USER,PASS);
stmt = conn.createStatement();
// ...
}catch(Exception e){
e.printStackTrace();
}finally{
stmt.close(); // Noncompliant; stmt could be null if an exception was thrown in the try{} block
conn.close(); // Noncompliant; conn could be null if an exception was thrown
}
private void merge(@Nonnull Color firstColor, @Nonnull Color secondColor){...}
public void append(@CheckForNull Color color) {
merge(currentColor, color); // Noncompliant; color should be null-checked because merge(...) doesn't accept nullable parameters
}
void paint(Color color) {
if(color == null) {
System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown
return;
}
...
}
See
- MITRE, CWE-476 - NULL Pointer Dereference
- CERT, EXP34-C. - Do not dereference null pointers
- CERT, EXP01-J. - Do not use a null in a case where an object is required
Remove this expression which always evaluates to "true" Open
if ((getPcModel() != null) && (build != null) && (build instanceof AbstractBuild))- Read upRead up
- Exclude checks
If a boolean expression doesn't change the evaluation of the condition, then it is entirely unnecessary, and can be removed. If it is gratuitous because it does not match the programmer's intent, then it's a bug and the expression should be fixed.
Noncompliant Code Example
a = true;
if (a) { // Noncompliant
doSomething();
}
if (b && a) { // Noncompliant; "a" is always "true"
doSomething();
}
if (c || !a) { // Noncompliant; "!a" is always "false"
doSomething();
}
Compliant Solution
a = true;
if (foo(a)) {
doSomething();
}
if (b) {
doSomething();
}
if (c) {
doSomething();
}
See
- MITRE, CWE-571 - Expression is Always True
- MITRE, CWE-570 - Expression is Always False
Either re-interrupt this method or rethrow the "InterruptedException" that can be caught here. Open
} catch (InterruptedException e) {- Read upRead up
- Exclude checks
InterruptedExceptions should never be ignored in the code, and simply logging the exception counts in this case as "ignoring". The
throwing of the InterruptedException clears the interrupted state of the Thread, so if the exception is not handled properly the fact
that the thread was interrupted will be lost. Instead, InterruptedExceptions should either be rethrown - immediately or after cleaning up
the method's state - or the thread should be re-interrupted by calling Thread.interrupt() even if this is supposed to be a
single-threaded application. Any other course of action risks delaying thread shutdown and loses the information that the thread was interrupted -
probably without finishing its task.
Similarly, the ThreadDeath exception should also be propagated. According to its JavaDoc:
If
ThreadDeathis caught by a method, it is important that it be rethrown so that the thread actually dies.
Noncompliant Code Example
public void run () {
try {
while (true) {
// do stuff
}
}catch (InterruptedException e) { // Noncompliant; logging is not enough
LOGGER.log(Level.WARN, "Interrupted!", e);
}
}
Compliant Solution
public void run () {
try {
while (true) {
// do stuff
}
}catch (InterruptedException e) {
LOGGER.log(Level.WARN, "Interrupted!", e);
// Restore interrupted state...
Thread.currentThread().interrupt();
}
}
See
- MITRE, CWE-391 - Unchecked Error Condition
- Dealing with InterruptedException
Add the missing @deprecated Javadoc tag. Open
public boolean perform(Build<?, ?> build, Launcher launcher, BuildListener listener) throws InterruptedException, IOException {- Read upRead up
- Exclude checks
Deprecation should be marked with both the @Deprecated annotation and @deprecated Javadoc tag. The annotation enables tools such as
IDEs to warn about referencing deprecated elements, and the tag can be used to explain when it was deprecated, why, and how references should be
refactored.
Further, Java 9 adds two additional arguments to the annotation:
-
sinceallows you to describe when the deprecation took place -
forRemoval, indicates whether the deprecated element will be removed at some future date
If your compile level is Java 9 or higher, you should be using one or both of these arguments.
Noncompliant Code Example
class MyClass {
@Deprecated
public void foo1() {
}
/**
* @deprecated
*/
public void foo2() { // Noncompliant
}
}
Compliant Solution
class MyClass {
/**
* @deprecated (when, why, refactoring advice...)
*/
@Deprecated
public void foo1() {
}
/**
* Java >= 9
* @deprecated (when, why, refactoring advice...)
*/
@Deprecated(since="5.1")
public void foo2() {
}
/**
* Java >= 9
* @deprecated (when, why, refactoring advice...)
*/
@Deprecated(since="4.2", forRemoval=true)
public void foo3() {
}
}
Exceptions
The members and methods of a deprecated class or interface are ignored by this rule. The classes and interfaces themselves are still subject to it.
/**
* @deprecated (when, why, etc...)
*/
@Deprecated
class Qix {
public void foo() {} // Compliant; class is deprecated
}
/**
* @deprecated (when, why, etc...)
*/
@Deprecated
interface Plop {
void bar();
}
Identical blocks of code found in 5 locations. Consider refactoring. Open
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item project,
@QueryParameter String credentialsId) {
if (project == null || !project.hasPermission(Item.CONFIGURE)) {
return new StandardUsernameListBoxModel().includeCurrentValue(credentialsId);- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 75.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Rename this constant name to match the regular expression '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'. Open
private static final String artifactsDirectoryName = "archive";- Read upRead up
- Exclude checks
Shared coding conventions allow teams to collaborate efficiently. This rule checks that all constant names match a provided regular expression.
Noncompliant Code Example
With the default regular expression ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$:
public class MyClass {
public static final int first = 1;
}
public enum MyEnum {
first;
}
Compliant Solution
public class MyClass {
public static final int FIRST = 1;
}
public enum MyEnum {
FIRST;
}
Rename this constant name to match the regular expression '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'. Open
public static final String runReportStructure = "%s/%s/performanceTestsReports/pcRun";- Read upRead up
- Exclude checks
Shared coding conventions allow teams to collaborate efficiently. This rule checks that all constant names match a provided regular expression.
Noncompliant Code Example
With the default regular expression ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$:
public class MyClass {
public static final int first = 1;
}
public enum MyEnum {
first;
}
Compliant Solution
public class MyClass {
public static final int FIRST = 1;
}
public enum MyEnum {
FIRST;
}
Rename this constant name to match the regular expression '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'. Open
public static final String pcReportArchiveName = "Reports.zip";- Read upRead up
- Exclude checks
Shared coding conventions allow teams to collaborate efficiently. This rule checks that all constant names match a provided regular expression.
Noncompliant Code Example
With the default regular expression ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$:
public class MyClass {
public static final int first = 1;
}
public enum MyEnum {
first;
}
Compliant Solution
public class MyClass {
public static final int FIRST = 1;
}
public enum MyEnum {
FIRST;
}
Rename this constant name to match the regular expression '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'. Open
public static final String pcReportFileName = "Report.html";- Read upRead up
- Exclude checks
Shared coding conventions allow teams to collaborate efficiently. This rule checks that all constant names match a provided regular expression.
Noncompliant Code Example
With the default regular expression ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$:
public class MyClass {
public static final int first = 1;
}
public enum MyEnum {
first;
}
Compliant Solution
public class MyClass {
public static final int FIRST = 1;
}
public enum MyEnum {
FIRST;
}
Rename this constant name to match the regular expression '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'. Open
public static final String artifactsResourceName = "artifact";- Read upRead up
- Exclude checks
Shared coding conventions allow teams to collaborate efficiently. This rule checks that all constant names match a provided regular expression.
Noncompliant Code Example
With the default regular expression ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$:
public class MyClass {
public static final int first = 1;
}
public enum MyEnum {
first;
}
Compliant Solution
public class MyClass {
public static final int FIRST = 1;
}
public enum MyEnum {
FIRST;
}
Rename this constant name to match the regular expression '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'. Open
public static final String trendReportStructure = "%s/%s/performanceTestsReports/TrendReports";- Read upRead up
- Exclude checks
Shared coding conventions allow teams to collaborate efficiently. This rule checks that all constant names match a provided regular expression.
Noncompliant Code Example
With the default regular expression ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$:
public class MyClass {
public static final int first = 1;
}
public enum MyEnum {
first;
}
Compliant Solution
public class MyClass {
public static final int FIRST = 1;
}
public enum MyEnum {
FIRST;
}