Severity | Number of Issues | |
---|---|---|
BLOCKER | 0 | |
CRITICAL | 2 | |
MAJOR | 0 | |
MINOR | 5 |
Rule | Severity | Component | Line | Description | Message | Key | Status |
---|---|---|---|---|---|---|---|
squid:S2975 | BLOCKER | java/org/apache/catalina/util/URLEncoder.java | 190 | "clone" should not be overridden | Remove this "clone" implementation; use a copy constructor or copy factory instead. | AWK40IMu-pl6AHs22MnV | TO_REVIEW |
Rule | Description | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
squid:S864 |
The rules of operator precedence are complicated and can lead to errors. For this reason, parentheses should be used for clarification in complex statements. However, this does not mean that parentheses should be gratuitously added around every operation. This rule raises issues when
Noncompliant Code Examplex = a + b - c; x = a + 1 << b; // Noncompliant if ( a > b || c < d || a == d) {...} if ( a > b && c < d || a == b) {...} // Noncompliant if (a = f(b,c) == 1) { ... } // Noncompliant; == evaluated first Compliant Solutionx = a + b - c; x = (a + 1) << b; if ( a > b || c < d || a == d) {...} if ( (a > b && c < d) || a == b) {...} if ( (a = f(b,c)) == 1) { ... } See
|
||||||||||||||||||||||||||||||||||||
squid:S2115 |
Failure to password-protect a database is so careless or naive as to be almost negligent. Databases should always be password protected, but the use of a database connection with an empty password is a clear indication of a database that is not protected. This rule flags database connections with empty passwords. Noncompliant Code ExampleConnection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "AppLogin", ""); Connection conn2 = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password="); Compliant SolutionDriverManager.getConnection("jdbc:derby:memory:myDB;create=true?user=user&password=password"); DriverManager.getConnection("jdbc:mysql://address=(host=myhost1)(port=1111)(key1=value1)(user=sandy)(password=secret),address=(host=myhost2)(port=2222)(key2=value2)(user=sandy)(password=secret)/db"); DriverManager.getConnection("jdbc:mysql://sandy:secret@[myhost1:1111,myhost2:2222]/db"); String url = "jdbc:postgresql://localhost/test"; Properties props = new Properties(); props.setProperty("user", "fred"); props.setProperty("password", "secret"); DriverManager.getConnection(url, props); See
|
||||||||||||||||||||||||||||||||||||
squid:S1148 |
Loggers should be used instead to print
This rule raises an issue when Noncompliant Code Exampletry { /* ... */ } catch(Exception e) { e.printStackTrace(); // Noncompliant } Compliant Solutiontry { /* ... */ } catch(Exception e) { LOGGER.log("context", e); } See
|
||||||||||||||||||||||||||||||||||||
squid:S2975 |
Many consider Object's clone method is very tricky. It's based on field copies, and it's "extra-linguistic." It creates an object without calling a constructor. There are no guarantees that it preserves the invariants established by the constructors. There have been lots of bugs over the years, both in and outside Sun, stemming from the fact that if you just call super.clone repeatedly up the chain until you have cloned an object, you have a shallow copy of the object. The clone generally shares state with the object being cloned. If that state is mutable, you don't have two independent objects. If you modify one, the other changes as well. And all of a sudden, you get random behavior. A copy constructor or copy factory should be used instead. This rule raises an issue when Noncompliant Code Examplepublic class MyClass { // ... public Object clone() { // Noncompliant //... } } Compliant Solutionpublic class MyClass { // ... MyClass (MyClass source) { //... } } SeeSee Also |