Sign upLogin

red6/dmn-check

View on GitHub
Star

Showing 324 of 324 total issues

Return an empty array instead of null.
Open

            return null;
Severity: Major
Found in gradle-plugin/src/main/java/de/redsix/dmncheck/DmnCheckTask.java by sonar-java

Returning null instead of an actual array or collection forces callers of the method to explicitly test for nullity, making them more complex and less readable.

Moreover, in many cases, null is used as a synonym for empty.

Noncompliant Code Example

public static List<Result> getResults() {
  return null;                             // Noncompliant
}

public static Result[] getResults() {
  return null;                             // Noncompliant
}

public static void main(String[] args) {
  Result[] results = getResults();

  if (results != null) {                   // Nullity test required to prevent NPE
    for (Result result: results) {
      /* ... */
    }
  }
}

Compliant Solution

public static List<Result> getResults() {
  return Collections.emptyList();          // Compliant
}

public static Result[] getResults() {
  return new Result[0];
}

public static void main(String[] args) {
  for (Result result: getResults()) {
    /* ... */
  }
}

See

  • CERT, MSC19-C. - For functions that return an array, prefer returning an empty array over a null value
  • CERT, MET55-J. - Return an empty array or collection instead of a null value for methods that return an array or collection

Refactor this method to reduce its Cognitive Complexity from 21 to the 15 allowed.
Open

    private static Optional<Boolean> subsumesUnaryExpression(
Severity: Critical
Found in validators/src/main/java/de/redsix/dmncheck/feel/Subsumption.java by sonar-java

Cognitive Complexity is a measure of how hard the control flow of a method is to understand. Methods with high Cognitive Complexity will be difficult to maintain.

See

Rename "classpath" which hides the field declared at line 43.
Open

        List<String> classpath = project.getArtifacts().stream()
Severity: Major
Found in maven-plugin/src/main/java/de/redsix/dmncheck/CheckerMain.java by sonar-java

Overriding or shadowing a variable declared in an outer scope can strongly impact the readability, and therefore the maintainability, of a piece of code. Further, it could lead maintainers to introduce bugs because they think they're using one variable but are really using another.

Noncompliant Code Example

class Foo {
  public int myField;

  public void doSomething() {
    int myField = 0;
    ...
  }
}

See

Define and throw a dedicated exception instead of using a generic one.
Open

            throw new RuntimeException("Failed to load validator " + validator, e);
Severity: Major
Found in validators/src/main/java/de/redsix/dmncheck/util/ValidatorLoader.java by sonar-java

Using such generic exceptions as Error, RuntimeException, Throwable, and Exception prevents calling methods from handling true, system-generated exceptions differently than application-generated errors.

Noncompliant Code Example

public void foo(String bar) throws Throwable {  // Noncompliant
  throw new RuntimeException("My Message");     // Noncompliant
}

Compliant Solution

public void foo(String bar) {
  throw new MyOwnRuntimeException("My Message");
}

Exceptions

Generic exceptions in the signatures of overriding methods are ignored, because overriding method has to follow signature of the throw declaration in the superclass. The issue will be raised on superclass declaration of the method (or won't be raised at all if superclass is not part of the analysis).

@Override
public void myMethod() throws Exception {...}

Generic exceptions are also ignored in the signatures of methods that make calls to methods that throw generic exceptions.

public void myOtherMethod throws Exception {
  doTheThing();  // this method throws Exception
}

See

Severity
Category
Status
Source
Language