admin管理员组文章数量:1565292
SonarQube内嵌了Sonar way的扫描规则,不同语言具有不同版本,比如C#/Java/Javascript等,缺省从三个维度对规则进行划分,这篇文章以Sonarqube 5.6.5版本为例,将Java部分的相关的规则进行简单整理。
规则导出
使用下图的back up功能可将相关的规则导出成xml文件格式
规则状况
此版本的Java的Sonar way共有规则254条,相关的数量如下:
总类 | 规则数量 |
---|---|
缺陷(Bug) | 75 |
安全(Vulnerability) | 20 |
改善(Code Smell) | 159 |
缺陷
缺陷相关的规则 |
---|
“.equals()” should not be used to test the values of “Atomic” classes |
“@NonNull” values should not be set to null |
“BigDecimal(double)” should not be used |
“Calendars” and “DateFormats” should not be static |
“Cloneables” should implement “clone” |
“compareTo” should not return “Integer.MIN_VALUE” |
“Double.longBitsToDouble” should not be used for “int” |
“equals(Object obj)” and “hashCode()” should be overridden in pairs |
“equals(Object obj)” should be overridden along with the “compareTo(T obj)” method |
“equals(Object obj)” should test argument type |
“Externalizable” classes should have a no-arguments constructor |
“hashCode” and “toString” should not be called on array instances |
“instanceof” operators that always return “true” or “false” should be removed |
“InterruptedException” should not be ignored |
“Iterator.hasNext()” should not call “Iterator.next()” |
“Object.wait(…)” and “Condition.await(…)” should be called inside a “while” loop |
“Object.wait(…)” should never be called on objects that implement “java.util.concurrent.locks.Condition” |
“PreparedStatement” and “ResultSet” methods should be called with valid indices |
“read” and “readLine” return values should be used |
“return” statements should not occur in “finally” blocks |
“runFinalizersOnExit” should not be called |
“ScheduledThreadPoolExecutor” should not have 0 core threads |
“Serializable” inner classes of non-serializable classes should be “static” |
“SingleConnectionFactory” instances should be set to “reconnectOnException” |
“toString()” and “clone()” methods should not return null |
“wait(…)”, “notify()” and “notifyAll()” methods should only be called when a lock is obviously held on an object |
A “for” loop update clause should move the counter in the right direction |
Assertions should be complete |
Assignments should not be made from within sub-expressions |
Classes should not be compared by name |
Collections should not be passed as arguments to their own methods |
Conditions should not unconditionally evaluate to “TRUE” or to “FALSE” |
Custom serialization method signatures should meet requirements |
Default EJB interceptors should be declared in “ejb-jar.xml” |
Dissimilar primitive wrappers should not be used with the ternary operator without explicit casting |
Fields in a “Serializable” class should either be transient or serializable |
Floating point numbers should not be tested for equality |
Identical expressions should not be used on both sides of a binary operator |
IllegalMonitorStateException should not be caught |
Inappropriate “Collection” calls should not be made |
Inappropriate regular expressions should not be used |
Instance methods should not write to “static” fields |
Ints and long |
版权声明:本文标题:sonarqube基础:扫描规则:1: Sonar way之Java版 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dongtai/1726874203a1088164.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论