This block of commented-out lines of code should be removed. Open
/* long readCount = 0; */- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Programmers should not comment out code as it bloats programs and reduces readability.
Unused code should be deleted and can be retrieved from source control history if required.
Save and re-use this "Random". Open
Random rand = new Random();- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Creating a new Random object each time a random value is needed is inefficient and may produce numbers which are not random depending
on the JDK. For better efficiency and randomness, create a single Random, then store, and reuse it.
The Random() constructor tries to set the seed with a distinct value every time. However there is no guarantee that the seed will be
random or even uniformly distributed. Some JDK will use the current time as seed, which makes the generated numbers not random at all.
This rule finds cases where a new Random is created each time a method is invoked and assigned to a local random variable.
Noncompliant Code Example
public void doSomethingCommon() {
Random rand = new Random(); // Noncompliant; new instance created with each invocation
int rValue = rand.nextInt();
//...
Compliant Solution
private Random rand = SecureRandom.getInstanceStrong(); // SecureRandom is preferred to Random
public void doSomethingCommon() {
int rValue = this.rand.nextInt();
//...
Exceptions
A class which uses a Random in its constructor or in a static main function and nowhere else will be ignored by this
rule.
See
- OWASP Top 10 2017 Category A6 - Security Misconfiguration
Identical blocks of code found in 2 locations. Consider refactoring. Open
@RequestMapping(value = "/analysis", method = RequestMethod.GET)
public @ResponseBody String analyze(
@RequestParam("graph") String protocolGraphStr,
@RequestParam("pcapPath") String pcapPath) {
// Initializing session and protocol- Read upRead up
- Create a ticketCreate a ticket
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 93.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Identical blocks of code found in 2 locations. Consider refactoring. Open
private void init(String pcapPath) {
this.session = context.getBean(Session.class);
Random rand = new Random();
session.init("session_" + rand.nextInt(), pcapPath);
log.info("Session init complete!!");- Read upRead up
- Create a ticketCreate a ticket
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 70.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Extra separation in import group before 'in.ac.bits.protocolanalyzer.analyzer.Session' Open
import in.ac.bits.protocolanalyzer.analyzer.Session;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
'package' should be separated from previous line. Open
package in.ac.bits.protocolanalyzer.mvc.controller;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks for empty line separators before package, all import declarations,fields, constructors, methods, nested classes,static initializers and instance initializers.
Checks for empty line separators before not only statements butimplementation and documentation comments and blocks as well.
ATTENTION: empty line separator is required between token siblings,not after line where token is found.If token does not have same type sibling then empty lineis required at its end (for example for CLASS_DEF it is after '}').Also, trailing comments are skipped.
ATTENTION: violations from multiple empty lines cannot be suppressed via XPath:#8179.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Summary javadoc is missing. Open
/**- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks thatJavadoc summary sentence does not contain phrases that are not recommended to use.Summaries that contain only the {@inheritDoc} tag are skipped. Check alsoviolate Javadoc that does not contain first sentence.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Wrong lexicographical order for 'in.ac.bits.protocolanalyzer.protocol.Protocol' import. Should be before 'org.springframework.web.context.WebApplicationContext'. Open
import in.ac.bits.protocolanalyzer.protocol.Protocol;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Wrong lexicographical order for 'in.ac.bits.protocolanalyzer.protocol.ProtocolChecker' import. Should be before 'org.springframework.web.context.WebApplicationContext'. Open
import in.ac.bits.protocolanalyzer.protocol.ProtocolChecker;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Extra separation in import group before 'lombok.extern.log4j.Log4j' Open
import lombok.extern.log4j.Log4j;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Wrong lexicographical order for 'in.ac.bits.protocolanalyzer.protocol.ProtocolGraphParser' import. Should be before 'org.springframework.web.context.WebApplicationContext'. Open
import in.ac.bits.protocolanalyzer.protocol.ProtocolGraphParser;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Extra separation in import group before 'org.json.JSONObject' Open
import org.json.JSONObject;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Wrong lexicographical order for 'in.ac.bits.protocolanalyzer.analyzer.Session' import. Should be before 'org.springframework.web.context.WebApplicationContext'. Open
import in.ac.bits.protocolanalyzer.analyzer.Session;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Checks that the groups of import declarations appear in the order specifiedby the user. If there is an import but its group is not specified in theconfiguration such an import should be placed at the end of the import list.
This documentation is written and maintained by the Checkstyle community and is covered under the same license as the Checkstyle project.
Perhaps 'graphParser' could be replaced by a local variable. Open
private ProtocolGraphParser graphParser;- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
SingularField
Since: PMD 3.1
Priority: Medium
Categories: Style
Remediation Points: 50000
Fields whose scopes are limited to just single methods do not rely on the containing object to provide them to other methods. They may be better implemented as local variables within those methods.
Example:
public class Foo {
private int x; // no reason to exist at the Foo instance level
public void foo(int y) {
x = y + 5;
return x;
}
}