123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332 |
- {
- "paging": {
- "pageSize": 3,
- "total": 4,
- "pageIndex": 1
- },
- "rules": [
- {
- "key": "squid:S1067",
- "repo": "squid",
- "name": "Expressions should not be too complex",
- "createdAt": "2013-03-27T08:52:40+0100",
- "updatedAt": "2013-03-27T08:52:40+0100",
- "htmlDesc": "<p>\nThe complexity of an expression is defined by the number of <code>&&</code>, <code>||</code> and <code>condition ? ifTrue : ifFalse</code> operators it contains.\nA single expression's complexity should not become too high to keep the code readable.\n</p>\n\n<p>The following code, with a maximum complexity of 3:</p>\n\n<pre>\nif (condition1 && condition2 && condition3 && condition4) { /* ... */ } // Non-Compliant\n</pre>\n\n<p>could be refactored into something like:</p>\n\n<pre>\nif (relevantMethodName1() && relevantMethodName2()) { /* ... */ } // Compliant\n\n/* ... */\n\nprivate boolean relevantMethodName1() {\n return condition1 && condition2;\n}\n\nprivate boolean relevantMethodName2() {\n return condition3 && condition4;\n}\n</pre>",
- "severity": "MAJOR",
- "status": "READY",
- "internalKey": "S1067",
- "isTemplate": false,
- "tags": [],
- "sysTags": [
- "brain-overload"
- ],
- "lang": "java",
- "langName": "Java",
- "scope": "MAIN",
- "isExternal": false,
- "type": "CODE_SMELL",
- "cleanCodeAttributeCategory": "INTENTIONAL",
- "cleanCodeAttribute": "CLEAR",
- "impacts": [
- {
- "softwareQuality": "MAINTAINABILITY",
- "severity": "HIGH"
- }
- ],
- "descriptionSections": [
- {
- "key": "root_cause",
- "content": "<h3 class=\"page-title coding-rules-detail-header\"><big>Unnecessary imports should be removed</big></h3>"
- },
- {
- "key": "how_to_fix",
- "content": "<h2>Recommended Secure Coding Practices</h2><ul><li> activate Spring Security's CSRF protection. </li></ul>",
- "context": {
- "displayName": "Spring",
- "key": "spring"
- }
- },
- {
- "key": "how_to_fix",
- "content": "<h2>Recommended Secure Coding Practices</h2><ul><li> activate hibernate protection. </li></ul>",
- "context": {
- "displayName": "Hibernate",
- "key": "hibernate"
- }
- }
- ],
- "params": [
- {
- "key": "max",
- "desc": "Maximum number of allowed conditional operators in an expression",
- "defaultValue": "3"
- }
- ]
- },
- {
- "key": "squid:ClassCyclomaticComplexity",
- "repo": "squid",
- "name": "Avoid too complex class",
- "createdAt": "2013-03-27T08:52:40+0100",
- "updatedAt": "2013-03-27T08:52:40+0100",
- "htmlDesc": "<p>The Cyclomatic Complexity is measured by the number of (&&, ||)\n\toperators and (if, while, do, for, ?:, catch, switch, case, return,\n\tthrow) statements in the body of a class plus one for each constructor,\n\tmethod (but not getter/setter), static initializer, or instance\n\tinitializer in the class. The last return stament in method, if exists,\n\tis not taken into account.</p>\n<p>\n\tEven when the Cyclomatic Complexity of a class is very high, this\n\tcomplexity might be well distributed among all methods. Nevertheless,\n\tmost of the time, a very complex class is a class which breaks the <a\n\t\thref='http://en.wikipedia.org/wiki/Single_responsibility_principle'>Single\n\t\tResponsibility Principle</a> and which should be re-factored to be split\n\tin several classes.\n</p>",
- "severity": "MAJOR",
- "status": "READY",
- "internalKey": "ClassCyclomaticComplexity",
- "isTemplate": false,
- "tags": [],
- "sysTags": [
- "brain-overload"
- ],
- "lang": "java",
- "langName": "Java",
- "scope": "MAIN",
- "isExternal": false,
- "type": "BUG",
- "cleanCodeAttributeCategory": "INTENTIONAL",
- "cleanCodeAttribute": "CLEAR",
- "impacts": [
- {
- "softwareQuality": "RELIABILITY",
- "severity": "HIGH"
- }
- ],
- "params": [
- {
- "key": "max",
- "desc": "Maximum complexity allowed.",
- "defaultValue": "200"
- }
- ]
- },
- {
- "key": "squid:MethodCyclomaticComplexity",
- "repo": "squid",
- "name": "Methods should not be too complex",
- "createdAt": "2013-03-27T08:52:40+0100",
- "updatedAt": "2013-03-27T08:52:40+0100",
- "htmlDesc": "<p>The Cyclomatic Complexity is measured by the number of\n\t(&&, ||) operators and (if, while, do, for, ?:, catch, switch,\n\tcase, return, throw) statements in the body of a class plus one for\n\teach constructor, method (but not getter/setter), static initializer,\n\tor instance initializer in the class. The last return stament in\n\tmethod, if exists, is not taken into account.</p>\n<p>\n\tEven when the Cyclomatic Complexity of a class is very high, this\n\tcomplexity might be well distributed among all methods. Nevertheless,\n\tmost of the time, a very complex class is a class which breaks the <a\n\t\thref=\"http://en.wikipedia.org/wiki/Single_responsibility_principle\">Single\n\t\tResponsibility Principle</a> and which should be re-factored to be split\n\tin several classes.\n</p>",
- "severity": "MAJOR",
- "status": "READY",
- "internalKey": "MethodCyclomaticComplexity",
- "isTemplate": false,
- "tags": [],
- "sysTags": [
- "brain-overload"
- ],
- "lang": "java",
- "langName": "Java",
- "scope": "MAIN",
- "isExternal": false,
- "type": "VULNERABILITY",
- "cleanCodeAttributeCategory": "INTENTIONAL",
- "cleanCodeAttribute": "CLEAR",
- "impacts": [
- {
- "softwareQuality": "SECURITY",
- "severity": "HIGH"
- }
- ],
- "params": [
- {
- "key": "max",
- "desc": "Maximum complexity allowed.",
- "defaultValue": "10"
- }
- ]
- },
- {
- "key": "squid:XPath",
- "repo": "squid",
- "name": "XPath rule",
- "createdAt": "2013-03-27T08:52:40+0100",
- "updatedAt": "2013-03-27T08:52:40+0100",
- "htmlDesc": "<p>\nThis rule allows to define some homemade Java rules with help of an XPath expression.\n</p>\n\n<p>\nIssues are created depending on the return value of the XPath expression. If the XPath expression returns:\n</p>\n<ul>\n <li>a single or list of AST nodes, then a line issue with the given message is created for each node</li>\n <li>a boolean, then a file issue with the given message is created only if the boolean is true</li>\n <li>anything else, no issue is created</li>\n</ul>\n\n<p>\nHere is an example of an XPath expression to log an issue on each if statement : //ifStatement\n</p>",
- "severity": "MAJOR",
- "status": "READY",
- "internalKey": "XPath",
- "isTemplate": true,
- "tags": [],
- "sysTags": [],
- "mdNote": "<p>\nThe tree produced by the <code>firstOf()</code> matcher is hard to work with from checks when alternatives are not named.\n</p>\n\n<p>\nConsider the following rule:\n</p>\n\n<pre>\nb.rule(COMPILATION_UNIT).is(\n b.firstOf( /* Non-Compliant */\n \"FOO\",\n \"BAR\"));\n</pre>\n\n<p>\nIf, from a check, one wants to forbid the usage of the \"BAR\" alternative,\nthe easiest option will be to verify that the value of the first token is \"BAR\",\ni.e. <code>\"BAR\".equals(compilationUnitNode.getTokenValue())</code>.\n</p>\n\n<p>\nThis is not maintainable, for at least two reasons:\n</p>\n\n<ul>\n <li>The grammar might evolve to also accept \"bar\" in lowercase, which will break <code>\"BAR\".equals(...)</code></li>\n <li>The grammar might evolve to optionally accept \"hello\" before the <code>firstOf()</code>, which will break <code>compilationUnitNode.getTokenValue()</code></li>\n</ul>\n\n<p>\nInstead, it is much better to rewrite the grammar as:\n</p>\n\n<pre>\nb.rule(COMPILATION_UNIT).is(\n firstOf( /* Compliant */\n FOO,\n BAR));\nb.rule(FOO).is(\"FOO\");\nb.rule(BAR).is(\"BAR\");\n</pre>\n\n<p>\nThe same check which forbids \"BAR\" would be written as: <code>compilationUnitNode.hasDirectChildren(BAR)</code>.\nThis allows both of the previous grammar evolutions to be made without impacting the check at all.\n</p>",
- "htmlNote": "<p><br/>The tree produced by the <code>firstOf()</code> matcher is hard to work with from checks when alternatives are not named.<br/></p><br/><br/><p><br/>Consider the following rule:<br/></p><br/><br/><pre><br/>b.rule(COMPILATION_UNIT).is(<br/> b.firstOf( /* Non-Compliant */<br/> "FOO",<br/> "BAR"));<br/></pre><br/><br/><p><br/>If, from a check, one wants to forbid the usage of the "BAR" alternative,<br/>the easiest option will be to verify that the value of the first token is "BAR",<br/>i.e. <code>"BAR".equals(compilationUnitNode.getTokenValue())</code>.<br/></p><br/><br/><p><br/>This is not maintainable, for at least two reasons:<br/></p><br/><br/><ul><br/> <li>The grammar might evolve to also accept "bar" in lowercase, which will break <code>"BAR".equals(...)</code></li><br/> <li>The grammar might evolve to optionally accept "hello" before the <code>firstOf()</code>, which will break <code>compilationUnitNode.getTokenValue()</code></li><br/></ul><br/><br/><p><br/>Instead, it is much better to rewrite the grammar as:<br/></p><br/><br/><pre><br/>b.rule(COMPILATION_UNIT).is(<br/> firstOf( /* Compliant */<br/> FOO,<br/> BAR));<br/>b.rule(FOO).is("FOO");<br/>b.rule(BAR).is("BAR");<br/></pre><br/><br/><p><br/>The same check which forbids "BAR" would be written as: <code>compilationUnitNode.hasDirectChildren(BAR)</code>.<br/>This allows both of the previous grammar evolutions to be made without impacting the check at all.<br/></p>",
- "noteLogin": "eric.hartmann",
- "lang": "java",
- "langName": "Java",
- "scope": "MAIN",
- "isExternal": false,
- "type": "CODE_SMELL",
- "params": [
- {
- "key": "xpathQuery",
- "desc": "The XPath query",
- "defaultValue": ""
- },
- {
- "key": "message",
- "desc": "The violation message",
- "defaultValue": "The XPath expression matches this piece of code"
- }
- ]
- },
- {
- "key": "squid:XPath_1369910135",
- "repo": "squid",
- "name": "firstOf() alternatives should be rules or token types",
- "createdAt": "2013-05-30T10:35:35+0200",
- "updatedAt": "2013-03-27T08:52:40+0100",
- "htmlDesc": "<p>\r\nThe tree produced by the <code>firstOf()</code> matcher is hard to work with from checks when alternatives are not named.\r\n</p>\r\n\r\n<p>\r\nConsider the following rule:\r\n</p>\r\n\r\n<pre>\r\nb.rule(COMPILATION_UNIT).is(\r\n b.firstOf( /* Non-Compliant */\r\n \"FOO\",\r\n \"BAR\"));\r\n</pre>\r\n\r\n<p>\r\nIf, from a check, one wants to forbid the usage of the \"BAR\" alternative,\r\nthe easiest option will be to verify that the value of the first token is \"BAR\",\r\ni.e. <code>\"BAR\".equals(compilationUnitNode.getTokenValue())</code>.\r\n</p>\r\n\r\n<p>\r\nThis is not maintainable, for at least two reasons:\r\n</p>\r\n\r\n<ul>\r\n <li>The grammar might evolve to also accept \"bar\" in lowercase, which will break <code>\"BAR\".equals(...)</code></li>\r\n <li>The grammar might evolve to optionally accept \"hello\" before the <code>firstOf()</code>, which will break <code>compilationUnitNode.getTokenValue()</code></li>\r\n</ul>\r\n\r\n<p>\r\nInstead, it is much better to rewrite the grammar as:\r\n</p>\r\n\r\n<pre>\r\nb.rule(COMPILATION_UNIT).is(\r\n firstOf( /* Compliant */\r\n FOO,\r\n BAR));\r\nb.rule(FOO).is(\"FOO\");\r\nb.rule(BAR).is(\"BAR\");\r\n</pre>\r\n\r\n<p>\r\nThe same check which forbids \"BAR\" would be written as: <code>compilationUnitNode.hasDirectChildren(BAR)</code>.\r\nThis allows both of the previous grammar evolutions to be made without impacting the check at all.\r\n</p>",
- "severity": "MAJOR",
- "status": "READY",
- "internalKey": "XPath",
- "isTemplate": false,
- "templateKey": "squid:XPath",
- "tags": [],
- "sysTags": [],
- "lang": "java",
- "langName": "Java",
- "scope": "MAIN",
- "isExternal": false,
- "type": "CODE_SMELL",
- "cleanCodeAttributeCategory": "INTENTIONAL",
- "cleanCodeAttribute": "CLEAR",
- "impacts": [
- {
- "softwareQuality": "MAINTAINABILITY",
- "severity": "HIGH"
- }
- ],
- "params": [
- {
- "key": "xpathQuery",
- "desc": "The XPath query",
- "defaultValue": "//expression[primary/qualifiedIdentifier[count(IDENTIFIER) = 2]/IDENTIFIER[2]/@tokenValue = 'firstOf' and primary/identifierSuffix/arguments/expression[not(primary) or primary[not(qualifiedIdentifier) or identifierSuffix]]]"
- },
- {
- "key": "message",
- "desc": "The violation message",
- "defaultValue": "Refactor this firstOf() to only use a rule or token type for each alternative."
- }
- ]
- }
- ],
- "actives": {
- "squid:MethodCyclomaticComplexity": [
- {
- "qProfile": "Sonar way with Findbugs:java",
- "inherit": "NONE",
- "severity": "MAJOR",
- "params": [
- {
- "key": "max",
- "value": "10"
- }
- ]
- },
- {
- "qProfile": "Sonar way:java",
- "inherit": "NONE",
- "severity": "MAJOR",
- "params": [
- {
- "key": "max",
- "value": "10"
- }
- ]
- }
- ],
- "squid:S1067": [
- {
- "qProfile": "Sonar way with Findbugs:java",
- "inherit": "NONE",
- "severity": "MAJOR",
- "params": [
- {
- "key": "max",
- "value": "3"
- }
- ]
- },
- {
- "qProfile": "Sonar way:java",
- "inherit": "NONE",
- "severity": "MAJOR",
- "params": [
- {
- "key": "max",
- "value": "3"
- }
- ]
- }
- ],
- "squid:ClassCyclomaticComplexity": [
- {
- "qProfile": "Sonar way with Findbugs:java",
- "inherit": "NONE",
- "severity": "MAJOR",
- "params": [
- {
- "key": "max",
- "value": "200"
- }
- ]
- },
- {
- "qProfile": "Sonar way:java",
- "inherit": "NONE",
- "severity": "MAJOR",
- "params": [
- {
- "key": "max",
- "value": "200"
- }
- ]
- }
- ]
- },
- "facets": [
- {
- "name": "tags",
- "values": [
- {
- "val": "complexity",
- "count": 141
- },
- {
- "val": "java8",
- "count": 42
- },
- {
- "val": "javadoc",
- "count": 13
- }
- ]
- },
- {
- "name": "languages",
- "values": [
- {
- "val": "java",
- "count": 563
- }
- ]
- },
- {
- "name": "repositories",
- "values": [
- {
- "val": "findbugs",
- "count": 419
- },
- {
- "val": "squid",
- "count": 138
- },
- {
- "val": "common-java",
- "count": 6
- }
- ]
- }
- ]
- }
|