Skip to content

Update sonar-java to version 7.2.0.26923 #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 25, 2023
Merged

Update sonar-java to version 7.2.0.26923 #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ dependencies {
implementation("com.github.codeclimate:codeclimate-ss-analyzer-wrapper:beta-SNAPSHOT")

// Plugins
implementation("org.sonarsource.java:sonar-java-plugin:6.15.1.26025")
implementation("org.sonarsource.java:sonar-java-plugin:7.2.0.26923")

testImplementation("org.assertj:assertj-core:2.8.0")
testImplementation("org.skyscreamer:jsonassert:1.5.0")
Expand Down
54 changes: 27 additions & 27 deletions src/test/resources/sanity_check_expected_issues.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"severity": "major",
"description": "Provide the parametrized type for this generic.",
"content": {
"body": "<p>Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking,\nand defers the catch of unsafe code to runtime.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nList myList; // Noncompliant\nSet mySet; // Noncompliant\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nList&lt;String&gt; myList;\nSet&lt;? extends Number&gt; mySet;\n</pre>"
"body": "<p>Generic types shouldnt be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking,\nand defers the catch of unsafe code to runtime.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nList myList; // Noncompliant\nSet mySet; // Noncompliant\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nList&lt;String&gt; myList;\nSet&lt;? extends Number&gt; mySet;\n</pre>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -24,7 +24,7 @@
"severity": "major",
"description": "Provide the parametrized type for this generic.",
"content": {
"body": "<p>Generic types shouldn't be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking,\nand defers the catch of unsafe code to runtime.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nList myList; // Noncompliant\nSet mySet; // Noncompliant\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nList&lt;String&gt; myList;\nSet&lt;? extends Number&gt; mySet;\n</pre>"
"body": "<p>Generic types shouldnt be used raw (without type parameters) in variable declarations or return values. Doing so bypasses generic type checking,\nand defers the catch of unsafe code to runtime.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nList myList; // Noncompliant\nSet mySet; // Noncompliant\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nList&lt;String&gt; myList;\nSet&lt;? extends Number&gt; mySet;\n</pre>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -37,25 +37,6 @@
"Clarity"
]
},
{
"type": "issue",
"check_name": "java:S1220",
"severity": "minor",
"description": "Move this file to a named package.",
"content": {
"body": "<p>According to the Java Language Specification:</p>\n<blockquote>\n <p>Unnamed packages are provided by the Java platform principally for convenience when developing small or temporary applications or when just\n beginning development.</p>\n</blockquote>\n<p>To enforce this best practice, classes located in default package can no longer be accessed from named ones since Java 1.4.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\npublic class MyClass { /* ... */ }\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\npackage org.example;\n\npublic class MyClass{ /* ... */ }\n</pre>"
},
"location": {
"path": "main/java/Library.java",
"lines": {
"begin": 1,
"end": 1
}
},
"categories": [
"Style"
]
},
{
"type": "issue",
"check_name": "java:S1134",
Expand Down Expand Up @@ -100,7 +81,7 @@
"severity": "major",
"description": "Replace this use of System.out or System.err by a logger.",
"content": {
"body": "<p>When logging a message there are several important requirements which must be fulfilled:</p>\n<ul>\n <li> The user must be able to easily retrieve the logs </li>\n <li> The format of all logged message must be uniform to allow the user to easily read the log </li>\n <li> Logged data must actually be recorded </li>\n <li> Sensitive data must only be logged securely </li>\n</ul>\n<p>If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. That's why defining and using a\ndedicated logger is highly recommended.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nSystem.out.println(\"My Message\"); // Noncompliant\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nlogger.log(\"My Message\");\n</pre>\n<h2>See</h2>\n<ul>\n <li> <a href=\"https://wiki.sei.cmu.edu/confluence/x/nzdGBQ\">CERT, ERR02-J.</a> - Prevent exceptions while logging data </li>\n</ul>"
"body": "<p>When logging a message there are several important requirements which must be fulfilled:</p>\n<ul>\n <li> The user must be able to easily retrieve the logs </li>\n <li> The format of all logged message must be uniform to allow the user to easily read the log </li>\n <li> Logged data must actually be recorded </li>\n <li> Sensitive data must only be logged securely </li>\n</ul>\n<p>If a program directly writes to the standard outputs, there is absolutely no way to comply with those requirements. Thats why defining and using a\ndedicated logger is highly recommended.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nSystem.out.println(\"My Message\"); // Noncompliant\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nlogger.log(\"My Message\");\n</pre>\n<h2>See</h2>\n<ul>\n <li> <a href=\"https://wiki.sei.cmu.edu/confluence/x/nzdGBQ\">CERT, ERR02-J.</a> - Prevent exceptions while logging data </li>\n</ul>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -119,7 +100,7 @@
"severity": "major",
"description": "Remove this useless assignment to local variable \"textBlock\".",
"content": {
"body": "\u003cp\u003eA dead store happens when a local variable is assigned a value that is not read by any subsequent instruction. Calculating or retrieving a value\nonly to then overwrite it or throw it away, could indicate a serious error in the code. Even if it\u0027s not an error, it is at best a waste of resources.\nTherefore all calculated values should be used.\u003c/p\u003e\n\u003ch2\u003eNoncompliant Code Example\u003c/h2\u003e\n\u003cpre\u003e\ni \u003d a + b; // Noncompliant; calculation result not used before value is overwritten\ni \u003d compute();\n\u003c/pre\u003e\n\u003ch2\u003eCompliant Solution\u003c/h2\u003e\n\u003cpre\u003e\ni \u003d a + b;\ni +\u003d compute();\n\u003c/pre\u003e\n\u003ch2\u003eExceptions\u003c/h2\u003e\n\u003cp\u003eThis rule ignores initializations to -1, 0, 1, \u003ccode\u003enull\u003c/code\u003e, \u003ccode\u003etrue\u003c/code\u003e, \u003ccode\u003efalse\u003c/code\u003e and \u003ccode\u003e\"\"\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eSee\u003c/h2\u003e\n\u003cul\u003e\n \u003cli\u003e \u003ca href\u003d\"http://cwe.mitre.org/data/definitions/563.html\"\u003eMITRE, CWE-563\u003c/a\u003e - Assignment to Variable without Use (\u0027Unused Variable\u0027) \u003c/li\u003e\n \u003cli\u003e \u003ca href\u003d\"https://wiki.sei.cmu.edu/confluence/x/39UxBQ\"\u003eCERT, MSC13-C.\u003c/a\u003e - Detect and remove unused values \u003c/li\u003e\n \u003cli\u003e \u003ca href\u003d\"https://wiki.sei.cmu.edu/confluence/x/9DZGBQ\"\u003eCERT, MSC56-J.\u003c/a\u003e - Detect and remove superfluous code and values \u003c/li\u003e\n\u003c/ul\u003e"
"body": "<p>A dead store happens when a local variable is assigned a value that is not read by any subsequent instruction. Calculating or retrieving a value\nonly to then overwrite it or throw it away, could indicate a serious error in the code. Even if it’s not an error, it is at best a waste of resources.\nTherefore all calculated values should be used.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\ni = a + b; // Noncompliant; calculation result not used before value is overwritten\ni = compute();\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\ni = a + b;\ni += compute();\n</pre>\n<h2>Exceptions</h2>\n<p>This rule ignores initializations to -1, 0, 1, <code>null</code>, <code>true</code>, <code>false</code> and <code>\"\"</code>.</p>\n<h2>See</h2>\n<ul>\n <li> <a href=\"http://cwe.mitre.org/data/definitions/563.html\">MITRE, CWE-563</a> - Assignment to Variable without Use ('Unused Variable') </li>\n <li> <a href=\"https://wiki.sei.cmu.edu/confluence/x/39UxBQ\">CERT, MSC13-C.</a> - Detect and remove unused values </li>\n <li> <a href=\"https://wiki.sei.cmu.edu/confluence/x/9DZGBQ\">CERT, MSC56-J.</a> - Detect and remove superfluous code and values </li>\n</ul>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -138,7 +119,7 @@
"severity": "major",
"description": "Replace this usage of \"String.class.isInstance()\" with \"instanceof String\".",
"content": {
"body": "<p>The <code>instanceof</code> construction is a preferred way to check whether a variable can be cast to some type statically because a compile-time\nerror will occur in case of incompatible types. The method <a\nhref=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html#isInstance-java.lang.Object-\">isInstance()</a> from <code>java.lang.Class</code>\nworks differently and does type check at runtime only, incompatible types will therefore not be detected early in the developement, potentially\nresulting in dead code. The <code>isInstance()</code> method should only be used in dynamic cases when the <code>instanceof</code> operator can't be\nused.</p>\n<p>This rule raises an issue when <code>isInstance()</code> is used and could be replaced with an <code>instanceof</code> check.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nint f(Object o) {\n&nbsp; if (String.class.isInstance(o)) {&nbsp; // Noncompliant\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\nint f(Number n) {\n&nbsp; if (String.class.isInstance(n)) {&nbsp; // Noncompliant\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nint f(Object o) {\n&nbsp; if (o instanceof String) {&nbsp; // Compliant\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\nint f(Number n) {\n&nbsp; if (n instanceof String) {&nbsp; // Compile-time error\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\nboolean fun(Object o, String c) throws ClassNotFoundException\n{\n return Class.forName(c).isInstance(o); // Compliant, can't use instanceof operator here\n}\n</pre>"
"body": "<p>The <code>instanceof</code> construction is a preferred way to check whether a variable can be cast to some type statically because a compile-time\nerror will occur in case of incompatible types. The method <a\nhref=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Class.html#isInstance-java.lang.Object-\">isInstance()</a> from <code>java.lang.Class</code>\nworks differently and does type check at runtime only, incompatible types will therefore not be detected early in the developement, potentially\nresulting in dead code. The <code>isInstance()</code> method should only be used in dynamic cases when the <code>instanceof</code> operator can’t be\nused.</p>\n<p>This rule raises an issue when <code>isInstance()</code> is used and could be replaced with an <code>instanceof</code> check.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nint f(Object o) {\n&nbsp; if (String.class.isInstance(o)) {&nbsp; // Noncompliant\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\nint f(Number n) {\n&nbsp; if (String.class.isInstance(n)) {&nbsp; // Noncompliant\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nint f(Object o) {\n&nbsp; if (o instanceof String) {&nbsp; // Compliant\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\nint f(Number n) {\n&nbsp; if (n instanceof String) {&nbsp; // Compile-time error\n&nbsp; &nbsp; return 42;\n&nbsp; }\n&nbsp; return 0;\n}\n\nboolean fun(Object o, String c) throws ClassNotFoundException\n{\n return Class.forName(c).isInstance(o); // Compliant, can't use instanceof operator here\n}\n</pre>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -157,7 +138,7 @@
"severity": "minor",
"description": "Use simple literal for a single-line string.",
"content": {
"body": "<p>If a string fits on a single line, without concatenation and escaped newlines, you should probably continue to use a string literal.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nString question = \"\"\"\n What's the point, really?\"\"\";\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nString question = \"What's the point, really?\";\n</pre>\n<h2>See</h2>\n<ul>\n <li> <a href=\"https://openjdk.java.net/jeps/378\">JEP 378: Text Blocks</a> </li>\n <li> <a href=\"https://cr.openjdk.java.net/~jlaskey/Strings/TextBlocksGuide_v9.html\">Programmer's Guide To Text Blocks</a>, by Jim Laskey and Stuart\n Marks </li>\n</ul>"
"body": "<p>If a string fits on a single line, without concatenation and escaped newlines, you should probably continue to use a string literal.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\nString question = \"\"\"\n What's the point, really?\"\"\";\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nString question = \"What's the point, really?\";\n</pre>\n<h2>See</h2>\n<ul>\n <li> <a href=\"https://openjdk.java.net/jeps/378\">JEP 378: Text Blocks</a> </li>\n <li> <a href=\"https://cr.openjdk.java.net/~jlaskey/Strings/TextBlocksGuide_v9.html\">Programmers Guide To Text Blocks</a>, by Jim Laskey and Stuart\n Marks </li>\n</ul>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -176,7 +157,7 @@
"severity": "minor",
"description": "Use '\\\"\"\"' to escape \"\"\".",
"content": {
"body": "<p>The use of escape sequences is mostly unnecessary in text blocks.</p>\n<h2>Noncompliant Code Example</h2>\n<p><code>\\n</code> can be replaced by simply introducing the newline, <code>\\\"\\\"\\\"</code> it is sufficient to escape only the first qoute.</p>\n<pre>\nString textBlock = \"\"\"\n \\\"\\\"\\\" this \\nis\n text block!\n !!!!\n \"\"\";\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nString textBlock = \"\"\"\n \\\"\"\" this\n is\n text block!\n !!!!\n \"\"\";\n</pre>\n<h2>See</h2>\n<ul>\n <li> <a href=\"https://openjdk.java.net/jeps/378\">JEP 378: Text Blocks</a> </li>\n <li> <a href=\"https://cr.openjdk.java.net/~jlaskey/Strings/TextBlocksGuide_v9.html\">Programmer's Guide To Text Blocks</a>, by Jim Laskey and Stuart\n Marks </li>\n</ul>"
"body": "<p>The use of escape sequences is mostly unnecessary in text blocks.</p>\n<h2>Noncompliant Code Example</h2>\n<p><code>\\n</code> can be replaced by simply introducing the newline, <code>\\\"\\\"\\\"</code> it is sufficient to escape only the first qoute.</p>\n<pre>\nString textBlock = \"\"\"\n \\\"\\\"\\\" this \\nis\n text block!\n !!!!\n \"\"\";\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\nString textBlock = \"\"\"\n \\\"\"\" this\n is\n text block!\n !!!!\n \"\"\";\n</pre>\n<h2>See</h2>\n<ul>\n <li> <a href=\"https://openjdk.java.net/jeps/378\">JEP 378: Text Blocks</a> </li>\n <li> <a href=\"https://cr.openjdk.java.net/~jlaskey/Strings/TextBlocksGuide_v9.html\">Programmers Guide To Text Blocks</a>, by Jim Laskey and Stuart\n Marks </li>\n</ul>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -195,7 +176,7 @@
"severity": "minor",
"description": "Remove this unused \"textBlock\" local variable.",
"content": {
"body": "\u003cp\u003eIf a local variable is declared but not used, it is dead code and should be removed. Doing so will improve maintainability because developers will\nnot wonder what the variable is used for.\u003c/p\u003e\n\u003ch2\u003eNoncompliant Code Example\u003c/h2\u003e\n\u003cpre\u003e\npublic int numberOfMinutes(int hours) {\n int seconds \u003d 0; // seconds is never used\n return hours * 60;\n}\n\u003c/pre\u003e\n\u003ch2\u003eCompliant Solution\u003c/h2\u003e\n\u003cpre\u003e\npublic int numberOfMinutes(int hours) {\n return hours * 60;\n}\n\u003c/pre\u003e"
"body": "<p>If a local variable is declared but not used, it is dead code and should be removed. Doing so will improve maintainability because developers will\nnot wonder what the variable is used for.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\npublic int numberOfMinutes(int hours) {\n int seconds = 0; // seconds is never used\n return hours * 60;\n}\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\npublic int numberOfMinutes(int hours) {\n return hours * 60;\n}\n</pre>"
},
"location": {
"path": "main/java/Library.java",
Expand All @@ -207,5 +188,24 @@
"categories": [
"Clarity"
]
},
{
"type": "issue",
"check_name": "java:S1220",
"severity": "minor",
"description": "Move this file to a named package.",
"content": {
"body": "<p>According to the Java Language Specification:</p>\n<blockquote>\n <p>Unnamed packages are provided by the Java platform principally for convenience when developing small or temporary applications or when just\n beginning development.</p>\n</blockquote>\n<p>To enforce this best practice, classes located in default package can no longer be accessed from named ones since Java 1.4.</p>\n<h2>Noncompliant Code Example</h2>\n<pre>\npublic class MyClass { /* ... */ }\n</pre>\n<h2>Compliant Solution</h2>\n<pre>\npackage org.example;\n\npublic class MyClass{ /* ... */ }\n</pre>"
},
"location": {
"path": "main/java/Library.java",
"lines": {
"begin": 1,
"end": 1
}
},
"categories": [
"Style"
]
}
]