|
Specification Classification English |
error code |
error rule |
Chinese translation |
|
Bad practice |
AM_CREATES_EMPTY_JAR_FILE_ENTRY |
AM: Creates an empty jar file entry |
call (programming)The closeEntry() method is called as soon as the putNextEntry() method writes a new jar file entry. This causes the JarFile entry to be empty. |
|
Bad practice |
AM_CREATES_EMPTY_ZIP_FILE_ENTRY |
AM: Creates an empty zip file entry |
call (programming)The closeEntry() method is called immediately when the putNextEntry() method writes a new zip file entry. This causes the ZipFile entry to be empty. |
|
Bad practice |
BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS |
BC: Equals method should not assume anything about the type of its argument |
The equals(Object o) method cannot make any assumptions about the type of the argument o. Compares this object with the specified object. The result is true if and only if the argument is not null and is an object representing the same type as this object. |
|
Bad practice |
BIT_SIGNED_CHECK |
BIT: Check for sign of bitwise operation |
Checking that the bitwise operators work reasonably well |
|
Bad practice |
CN_IDIOM |
CN: Class implements Cloneable but does not define or use clone method |
By convention, classes that implement this interface should use the public method override (which is protected) for more information about overriding this method. This interface does not contain a clone method. Therefore, it is not possible to clone an object just because it implements this interface, and classes that should implement this interface should use the public method to rewrite the |
|
Bad practice |
CN_IDIOM_NO_SUPER_CALL |
CN: clone method does not call () |
a nonClasses of type final define the clone() method without calling the () method. For example, B extends from A. If the clone method in B calls () and clone in A does not call (), it will result in an inaccurate result type. It is required to call the () method in the clone method of A. |
|
Bad practice |
CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE |
CN: Class defines clone() but doesn't implement Cloneable |
The class defines theclone method but it does not implement the Cloneable interface. |
|
Bad practice |
CNT_ROUGH_CONSTANT_VALUE |
CNT: Rough value of known constant found |
It is recommended to use predefined library constants to improve the clarity and precision of your code. |
|
Bad practice |
CO_ABSTRACT_SELF |
Co: Abstract class defines covariant compareTo() method |
The abstract class defines multipleThe compareTo() method, which correctly overrides the compareTo method in Comparable, has an argument of type Object, as in the following example: |
|
Bad practice |
CO_COMPARETO_INCORRECT_FLOATING |
Co: compareTo()/compare() incorrectly handles float or double value |
This method compares double or floating point values using the following pattern:val1>val2?1:val1<val2-1 : 0. This pattern does not apply to -0.0 and NaN values, which can lead to incorrect sorting results or collection corruption (if the comparison values are used as keys). Consider using or static methods, which handle all special cases correctly. |
|
Bad practice |
CO_COMPARETO_RESULTS_MIN_VALUE |
Co: compareTo()/compare() returns Integer.MIN_VALUE |
In some cases, thisThe compareTo or compare method returns the constant Integer. min_value, which is an exceptionally bad practice. the only thing that matters about the return value of compareTo is the sign of the result. But people sometimes negate the return value of compareTo, thinking that it will negate the sign of the result. It will, unless the returned value is an Integer. minimum value. So just return -1 instead of Integer. minimum. |
|
Bad practice |
CO_SELF_NO_OBJECT |
Co: Covariant compareTo() method defined |
The class defines multipleThe compareTo() method, which correctly overrides the compareTo method in Comparable, takes a method argument of type Object |
|
Bad practice |
DE_MIGHT_DROP |
DE: Method might drop exception |
method may throw an exception |
|
Bad practice |
DE_MIGHT_IGNORE |
DE: Method might ignore exception |
Methods may ignore exceptions |
|
Bad practice |
DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS |
DMI: Adding elements of an entry set may fail due to reuse of Entry objects |
The entrySet() method is allowed to return a view of the underlying Map where individual Entry objects are reused and returned during iteration. Since Java 1.6, IdentityHashMap and EnumMap do this. When iterating over such a Map, the Entry value is only valid until you move on to the next iteration. For example, if you try to pass such an entrySet to the addAll method, things can go seriously wrong. |
|
Bad practice |
DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION |
DMI: Don't use removeAll to clear a collection |
Don't useThe removeAll method clears a collection. |
|
Bad practice |
DM_EXIT |
Dm: Method invokes (...) |
Calling the(...) statement, consider using a RuntimeException instead of the |
|
Bad practice |
DM_RUN_FINALIZERS_ON_EXIT |
Dm: Method invokes dangerous method runFinalizersOnExit |
Called in the method Or methods, because it's dangerous to do so. |
|
Bad practice |
ES_COMPARING_PARAMETER_STRING_WITH_EQ |
ES: Comparison of String parameter using == or != |
expense or outlayThe == or ! = methods to compare parameters of type String |
|
Bad practice |
ES_COMPARING_STRINGS_WITH_EQ |
ES: Comparison of String objects using == or != |
expense or outlay== or! = to compare objects of type String |
|
Bad practice |
EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS |
Eq: Equals checks for incompatible operand |
The equals method checks for inconsistencies. The two classes are simply parent-child relationships and the equals method is called to determine whether the objects are equal. |
|
Bad practice |
EQ_COMPARETO_USE_OBJECT_EQUALS |
Eq: Class defines compareTo(...) and uses () |
The class defines theThe compareTo method but inherits the compareTo method from Object. |
|
Bad practice |
EQ_GETCLASS_AND_CLASS_CONSTANT |
Eq: equals method fails for subtypes |
classThe equals method may be broken by methods in subclasses, consider replacing it with () == () when using a judgment like == () |
|
Bad practice |
EQ_SELF_NO_OBJECT |
Eq: Covariant equals() method defined |
The class defines multipleequals method. The correct approach is to override the equals method in Object, which takes an object of type Object as its argument. |
|
Bad practice |
FI_EMPTY |
FI: Empty finalizer should be deleted |
emptyThe finalizer method should be removed. A bit about finalizer is omitted |
|
Bad practice |
HE_EQUALS_NO_HASHCODE |
HE: Class defines equals() but not hashCode() |
method defines theequals method without defining the hashCode method |
|
Bad practice |
HE_HASHCODE_NO_EQUALS |
HE: Class defines hashCode() but not equals() |
class defines theThe hashCode method goes without defining the equal method. |
|
Bad practice |
HE_EQUALS_USE_HASHCODE |
HE: Class defines hashCode() and uses () |
A class overrides theThe equals method, which does not override the hashCode method, uses the Object object's hashCode method. |
|
Bad practice |
HE_INHERITS_EQUALS_USE_HASHCODE |
HE: Class inherits equals() and uses () |
Subclasses inherit the parent class'sThe equals method, however, uses the Object's hashCode method. |
|
Bad practice |
IMSE_DONT_CATCH_IMSE |
IMSE: Dubious catching of IllegalMonitorStateException |
Catch illegal monitor state exceptions, such as when an object lock is not acquired using itsThe wait and notify methods |
|
Bad practice |
ISC_INSTANTIATE_STATIC_CLASS |
ISC: Needless instantiation of class that only supplies static methods |
An instance object is created for the use of a static method. To call a static method you only need to use the class name+ static method name will work. |
|
Bad practice |
IT_NO_SUCH_ELEMENT |
It: Iterator next() method can't throw NoSuchElementException |
The iterator'sThe next method cannot throw a NoSuchElementException. |
|
Bad practice |
J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION |
J2EE: Store of non serializable object into HttpSession |
existHolding non-contiguous objects in an HttpSession object |
|
Bad practice |
JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS |
JCIP: Fields of immutable classes should be final |
The class is annotated with , and the rules for that annotation require that all fields are final. . |
|
Bad practice |
NP_BOOLEAN_RETURN_NULL |
NP: Method with Boolean return type returns explicit null |
The return value isMethods of type boolean return null directly, which results in a null pointer exception |
|
Bad practice |
NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT |
NP: equals() method does not check for null argument |
variable callThe equals method does not make a null determination. |
|
Bad practice |
NP_TOSTRING_COULD_RETURN_NULL |
NP: toString method may return null |
The toString method may return null |
|
Bad practice |
NM_CLASS_NAMING_CONVENTION |
Nm: Class names should start with an upper case letter |
Class names begin with an uppercase letter name |
|
Bad practice |
NM_CLASS_NOT_EXCEPTION |
Nm: Class is not derived from an Exception, even though it is named as such |
The name of the class contains theException but is not a subclass of an exception class, a name which can cause confusion |
|
Bad practice |
NM_CONFUSING |
Nm: Confusing method names |
Confusing aspects of naming |
|
Bad practice |
NM_FIELD_NAMING_CONVENTION |
Nm: Field names should start with a lower case letter |
in-Fields of type final need to follow the camel naming principle |
|
Bad practice |
NM_FUTURE_KEYWORD_USED_AS_IDENTIFIER |
Nm: Use of identifier that is a keyword in later versions of Java |
Verify that it isjava reserved keywords |
|
Bad practice |
NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER |
Nm: Use of identifier that is a keyword in later versions of Java |
Verify that it isjava reserved keywords |
|
Bad practice |
NM_METHOD_NAMING_CONVENTION |
Nm: Method names should start with a lower case letter |
Method names begin with a lowercase letter |
|
Bad practice |
NM_SAME_SIMPLE_NAME_AS_INTERFACE |
Nm: Class names shouldn't shadow simple name of implemented interface |
Classes that implement the same interface implementation cannot have the same name, even if they are in different packages. |
|
Bad practice |
NM_SAME_SIMPLE_NAME_AS_SUPERCLASS |
Nm: Class names shouldn't shadow simple name of superclass |
Subclasses inheriting from the same parent class cannot use the same name, even if they are located in different packages |
|
Bad practice |
NM_VERY_CONFUSING_INTENTIONAL |
Nm: Very confusing method names (but perhaps intentional) |
It is easy to confuse method naming, for example method name names use use case to distinguish between two different methods. |
|
Bad practice |
NM_WRONG_PACKAGE_INTENTIONAL |
Nm: Method doesn't override method in superclass due to wrong package for parameter |
Failure to override parent class methods due to incorrect references to objects of the same class name in different packages. |
|
Bad practice |
OBL_UNSATISFIED_OBLIGATION |
ODR: Method may fail to close database resource |
This method may not be able to clear (close, dispose of) a stream, database object, or other resource that requires an explicit cleanup action. |
|
Bad practice |
ODR_OPEN_DATABASE_RESOURCE |
ODR: Method may fail to close database resource on exception |
There may be a failure to close the data connection in the method |
|
Bad practice |
OS_OPEN_STREAM |
OS: Method may fail to close stream |
There may be a failure to close the stream in the method |
|
Bad practice |
OS_OPEN_STREAM_EXCEPTION_PATH |
OS: Method may fail to close stream on exception |
There may be an exception in the method when closing the stream |
|
Bad practice |
RC_REF_COMPARISON_BAD_PRACTICE |
RC: Suspicious reference comparison to constant |
When the two are different types of objects use theequals method to compare whether their values are equal or not, instead of using the == method. For example comparing the two as, the |
|
Bad practice |
RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN |
RC: Suspicious reference comparison of Boolean values |
utilization== or ! = operator to compare two objects of type Boolean, the equals method is recommended. |
|
Bad practice |
RR_NOT_CHECKED |
RR: Method ignores results of () |
method ignores the return of multiple characters and cannot properly handle a user request to read a small number of characters without checking the result. |
|
Bad practice |
SR_NOT_CHECKED |
RR: Method ignores results of () |
() method ignores multiple characters returned, and if the result is not checked it will not correctly handle the case where the user skips a small number of characters in the request. |
|
Bad practice |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
RV: Method ignores exceptional return value |
method ignores the exception message of the return value |
|
Bad practice |
SI_INSTANCE_BEFORE_FINALS_ASSIGNED |
SI: Static initializer creates instance before all static final fields assigned |
In allBefore assigning a value to a static final field go ahead and create an instance of the class using the static initialization method. |
|
Bad practice |
SE_BAD_FIELD_STORE |
Se: Non-serializable value stored into instance field of a serializable class |
Non-serialized values are stored in non-serialized fields declared as serialized |
|
Bad practice |
SE_COMPARATOR_SHOULD_BE_SERIALIZABLE |
Se: Comparator doesn't implement Serializable |
The Comparator interface does not implement the Serializable interface. |
|
Bad practice |
SE_INNER_CLASS |
Se: Serializable inner class |
Serializing Internal Classes |
|
Bad practice |
SE_NONFINAL_SERIALVERSIONID |
Se: serialVersionUID isn't final |
with respect toUID class checks are omitted |
|
Bad practice |
SE_NO_SUITABLE_CONSTRUCTOR |
Se: Class is Serializable but its superclass doesn't define a void constructor |
Subclass serialization when the parent class does not provide aConstructor for void |
|
Bad practice |
SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION |
Se: Class is Externalizable but doesn't define a void constructor |
Externalizable instance class does not define a constructor of type void |
|
Bad practice |
SE_READ_RESOLVE_MUST_RETURN_OBJECT |
Se: The readResolve method must be declared with a return type of Object. |
readResolve reads an instance of the class from the stream. This method must be declared to return an object of type Object. |
|
Bad practice |
UI_INHERITANCE_UNSAFE_GETRESOURCE |
UI: Usage of GetResource may be unsafe if class is extended |
When a class is inherited by a subclass don't use the().getResource(...) to get the resource |
|
Correctness |
BC_IMPOSSIBLE_CAST |
BC: Impossible cast |
Impossible class conversions, execution throws theClassCastException |
|
Correctness |
BC_IMPOSSIBLE_DOWNCAST |
BC: Impossible downcast |
Parent class throws on downward type castingClassCastException |
|
Correctness |
BC_IMPOSSIBLE_INSTANCEOF |
BC: instanceof will always return false |
adoptionThe instaneof method always returns false when making comparisons. provided it is not due to some logical error. |
|
Correctness |
BIT_AND |
BIT: Incompatible bit masks |
misuse& bitwise operators, e.g. (e & C) |
|
Correctness |
BIT_AND_ZZ |
BIT: Check to see if ((...) & 0) == 0 |
Checking for Constant Logic Errors |
|
Correctness |
BIT_IOR |
BIT: Incompatible bit masks |
misuse| bitwise operator, e.g. (e | C) |
|
Correctness |
BIT_SIGNED_CHECK_HIGH_BIT |
BIT: Check for sign of bitwise operation |
Checks the identity returned by a logical operator operation. For example(( & ) > 0), it is recommended that ! = 0 instead of > 0 |
|
Correctness |
BOA_BADLY_OVERRIDDEN_ADAPTER |
BOA: Class overrides a method implemented in super class Adapter wrongly |
Subclasses incorrectly override methods in the parent class that are used to adapt to listen for other events, which results in them not being called by the listener when the trigger condition occurs |
|
Correctness |
DLS_DEAD_STORE_OF_CLASS_LITERAL |
DLS: Dead store of class literal |
After assigning a value to a field by way of the class's literal name and then never bothering to use it again in theIn 1.4 jdk it automatically calls the static initialization method, whereas in jdk1.5 it doesn't bother to perform it. |
|
Correctness |
DLS_OVERWRITTEN_INCREMENT |
DLS: Overwritten increment |
Overwrite incremental increase errori = i++ |
|
Correctness |
DMI_BAD_MONTH |
DMI: Bad constant value for month |
The value of the error constant for the month |
|
Correctness |
DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES |
DMI: Collections should not contain themselves |
Collections do not contain themselves. |
|
Correctness |
DMI_INVOKING_HASHCODE_ON_ARRAY |
DMI: Invocation of hashCode on an array |
Arrays are used directlyhashCode method to return the hash code. |
|
Correctness |
DMI_VACUOUS_SELF_COLLECTION_CALL |
DMI: Vacuous call to collections |
A call to a collection cannot be perceived. For example(c) always returns true, and the return value of (c) cannot be sensed. |
|
Correctness |
DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION |
Dm: Can't use reflection to check for presence of annotation without runtime retention |
Unless an annotation has itself been annotated with @Retention(), the annotation can't be observed using reflection (., by using the isAnnotationPresent method). . |
|
Correctness |
EC_ARRAY_AND_NONARRAY |
EC: equals() used to compare array and nonarray |
Array objects useThe equals method compares with non-array objects. The equals method should not be used even if both sides of the comparison are array objects, but rather to compare whether their contents are equal use (Object[], Object[]);. |
|
Correctness |
EC_INCOMPATIBLE_ARRAY_COMPARE |
EC: equals(...) used to compare incompatible arrays |
utilizationThe equls method goes to compare arrays of different types. For example, String[] and StringBuffer[], or String[] and int[] |
|
Correctness |
EC_UNRELATED_CLASS_AND_INTERFACE |
EC: Call to equals() comparing unrelated class and interface |
utilizationThe equals method compares unrelated classes and interfaces. |
|
Correctness |
EC_UNRELATED_INTERFACES |
EC: Call to equals() comparing different interface types |
call (programming)The equals method compares different types of interfaces |
|
Correctness |
EC_UNRELATED_TYPES |
EC: Call to equals() comparing different types |
call (programming)The equals method compares classes of different types |
|
Correctness |
EC_UNRELATED_TYPES_USING_POINTER_EQUALITY |
EC: Using pointer equality to compare different types |
This method uses using pointer equality to compare two references that seem to be of different types. The result of this comparison will always be false at runtime. |
|
Correctness |
EQ_ALWAYS_FALSE |
Eq: equals method always returns false |
utilizationThe equals method always returns false. |
|
Correctness |
EQ_ALWAYS_TRUE |
Eq: equals method always returns true |
The equals method always returns true. |
|
Correctness |
EQ_COMPARING_CLASS_NAMES |
Eq: equals method compares class names rather than class objects |
utilizationThe equals method compares an instance of a class with the type of the class. |
|
Correctness |
EQ_OTHER_NO_OBJECT |
Eq: equals() method defined that doesn't override equals(Object) |
class defined in theDon't override the equals (Object) method with the equals method. |
|
Correctness |
EQ_OTHER_USE_OBJECT |
Eq: equals() method defined that doesn't override (Object) |
class defined in theDon't override the equals (Object) method in Object for the equals method. |
|
Correctness |
EQ_SELF_USE_OBJECT |
Eq: Covariant equals() method defined, (Object) inherited |
The class defines a set ofequals method, but both are inherited from equals(Object) in class |
|
Correctness |
VA_FORMAT_STRING_BAD_ARGUMENT |
FS: Format string placeholder incompatible with passed argument |
Incorrect use of parameter types to format strings |
|
Correctness |
VA_FORMAT_STRING_BAD_CONVERSION |
FS: The type of a supplied argument doesn't match format specifier |
The specified format string and parameter type do not match, for example:("%d", "1") |
|
Correctness |
VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED |
FS: MessageFormat supplied where printf style format expected |
don't hesitate to useThe format method of String actually calls the dry formatting method of MessageFormat and causes the formatting result to be wrong. |
|
Correctness |
VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED |
FS: More arguments are passed than are actually used in the format string |
utilizationString's format method with illegal arguments is also formatted. |
|
Correctness |
VA_FORMAT_STRING_ILLEGAL |
FS: Illegal format string |
formattingString object statement error |
|
Correctness |
VA_FORMAT_STRING_MISSING_ARGUMENT |
FS: Format string references missing argument |
The format operation of String lacks the necessary parameters. |
|
Correctness |
VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT |
FS: No previous argument for format string |
Format string definition error, e.g:("%<s %s", "a", "b"); throws MissingFormatArgumentException |
|
Correctness |
ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL |
ICAST: Integral value cast to double and then passed to |
The value of integral is converted to double using the method |
|
Correctness |
ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND |
ICAST: int value cast to float and then passed to |
The method is called after the value of type int is converted to type float. |
|
Correctness |
IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD |
IJU: JUnit assertion in run method will not be noticed by JUnit |
existAssertions in JUnit are not told in the run method |
|
Correctness |
IJU_BAD_SUITE_METHOD |
IJU: TestCase declares a bad suite method |
in anA suite() method declared in a JUnit class must be declared as |
|
Correctness |
IL_CONTAINER_ADDED_TO_ITSELF |
IL: A collection is added to itself |
The set itself acts as theargument to the add method, which would cause content overflow. |
|
Correctness |
IL_INFINITE_LOOP |
IL: An apparent infinite loop |
Dead loop caused by method self-calls |
|
Correctness |
IM_MULTIPLYING_RESULT_OF_IREM |
IM: Integer multiply of result of integer remainder |
and integer remainders for multiplication. Example:i % 60 * 1000 is the operation (i % 60) * 1000 instead of i % (60 * 1000). |
|
Correctness |
INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE |
INT: Bad comparison of nonnegative value with negative constant or zero |
Ensure that non-negative and negative numbers are compared |
|
Correctness |
INT_BAD_COMPARISON_WITH_SIGNED_BYTE |
INT: Bad comparison of signed byte |
To compare conforming numbers, you have to convert signed numbers to non-conforming numbers before comparing them |
|
Correctness |
IO_APPENDING_TO_OBJECT_OUTPUT_STREAM |
IO: Doomed attempt to append to an object output stream |
Declare that you are attempting to add elements to an object's output stream, and if you wish to be able to add to an object's output stream you must ensure that the object's output stream is open. |
|
Correctness |
IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN |
IP: A parameter is dead upon entry to a method but overwritten |
The values of the incoming parameters are ignored, but the incoming values are modified and returned to the caller |
|
Correctness |
MF_CLASS_MASKS_FIELD |
MF: Class defines field that masks a superclass field |
A field with the same name as in the parent class is defined in the subclass. An error occurs when calling |
|
Correctness |
MF_METHOD_MASKS_FIELD |
MF: Method defines a variable that obscures a field |
A local variable defined in a method has the same name as a class variable or a parent variable, thus causing field confusion. |
|
Correctness |
NP_ALWAYS_NULL |
NP: Null pointer dereference |
object is assigned toNo reassignment after a null value |
|
Correctness |
NP_ALWAYS_NULL_EXCEPTION |
NP: Null pointer dereference in method on exception path |
Calling a dereference method on a null pointer reference will throw a null pointer exception |
|
Correctness |
NP_ARGUMENT_MIGHT_BE_NULL |
NP: Method does not check for null argument |
method does not determine if the argument is null |
|
Correctness |
NP_CLOSING_NULL |
NP: close() invoked on a value that is always null |
A null object callsclose method |
|
Correctness |
NP_GUARANTEED_DEREF |
NP: Null value is guaranteed to be dereferenced |
normalnull judgment branch, object dereferencing operations are protected disallowed |
|
Correctness |
NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH |
NP: Value is null and guaranteed to be dereferenced on exception path |
There is a statement or branch on an exception path that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions). |
|
Correctness |
NP_NONNULL_PARAM_VIOLATION |
NP: Method call passes null to a non-null parameter |
method for theThe parameter null is not reassigned |
|
Correctness |
NP_NONNULL_RETURN_VIOLATION |
NP: Method may return null, but is declared @Nonnull |
method declares that the return value cannot be null, but it is possible for a method to returnnull |
|
Correctness |
NP_NULL_INSTANCEOF |
NP: A known null value is checked to see if it is an instance of a type |
Checking a value forWhether the value of null is an object of the desired type, not due to carelessness or a logical error |
|
Correctness |
NP_NULL_ON_SOME_PATH |
NP: Possible null pointer dereference |
The object may not have been reassigned |
|
Correctness |
NP_NULL_ON_SOME_PATH_EXCEPTION |
NP: Possible null pointer dereference in method on exception path |
abnormalitiesThere may be object dereferencing operations on the methods called by the null value handling branch |
|
Correctness |
NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS |
NP: Method call passes null for non-null parameter |
Method parameters declared asParameters of type nonnull are null |
|
Correctness |
NP_STORE_INTO_NONNULL_FIELD |
NP: Store of null value into field annotated @Nonnull |
for an object that has been declared as not being able to beThe null-valued attribute is assigned to null. |
|
Correctness |
NM_BAD_EQUAL |
Nm: Class defines equal(Object); should it be equals(Object)? |
The class defines aequal method but not the equals method of the overridden Object object. |
|
Correctness |
NM_LCASE_HASHCODE |
Nm: Class defines hashcode(); should it be hashCode()? |
The class defines aThe hashCode method is not an override of the Object hashCode method. |
|
Correctness |
NM_LCASE_TOSTRING |
Nm: Class defines tostring(); should it be toString()? |
The class defines aThe toString method is not an override of the toString method in Object. |
|
Correctness |
NM_METHOD_CONSTRUCTOR_CONFUSION |
Nm: Apparent method/constructor confusion |
The constructor definition is confusing and guarantees a standard constructor. Example: |
|
Correctness |
NM_VERY_CONFUSING |
Nm: Very confusing method names |
Confusing method naming, such asWhen the getName and getname methods occur together |
|
Correctness |
NM_WRONG_PACKAGE |
Nm: Method doesn't override method in superclass due to wrong package for parameter |
method does not properly override a method of the same name in the parent class because it takes an object of the same name from a different package. |
|
Correctness |
QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT |
QBA: Method assigns boolean literal in boolean expression |
then (after sth, and not until then)When using a boolean in an if or while expression, you should use == to determine the value, not the = operation. |
|
Correctness |
RC_REF_COMPARISON |
RC: Suspicious reference comparison |
Comparing two objects for equality should be done using theThe equals method, not the == method |
|
Correctness |
RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION |
RE: Invalid syntax for regular expression |
Using the wrong syntax for a regular expression throws an unchecked exception indicating a syntax error in the regular expression pattern. |
|
Correctness |
RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION |
RE: used for regular expression |
Using a regular expression uses the wrong file separator in theRegular expression in windows system will not match '\' but should use '\\\' |
|
Correctness |
RV_01_TO_INT |
RV: Random value from 0 to 1 is coerced to the integer 0 |
through (a gap)The 0 to 1 random value is forced to the integer value 0. You may want to get multiple random values before forcing an integer. Or use the (n) method. |
|
Correctness |
RV_ABSOLUTE_VALUE_OF_HASHCODE |
RV: Bad attempt to compute absolute value of signed 32-bit hashcode |
This code generates a hash code and then calculates the absolute value of that hash code. If the hash code isInteger.MIN_VALUE's, then the result will be negative (because (Integer.MIN_VALUE's) == Integer.) |
|
Correctness |
RV_ABSOLUTE_VALUE_OF_RANDOM_INT |
RV: Bad attempt to compute absolute value of signed random integer |
This code generates a random signed integer and then calculates the absolute value of the random integer. If the absolute value of the random number generated isInteger.MIN_VALUE's, then the result will be negative (because (Integer.MIN_VALUE's) == Integer.) |
|
Correctness |
RV_EXCEPTION_NOT_THROWN |
RV: Exception created and dropped rather than thrown |
This code creates an object with an exception (or error), but doesn't do anything with it. Example:if (x < 0) |
|
Correctness |
RpC_REPEATED_CONDITIONAL_TEST |
RpC: Repeated conditional tests |
The code contains two trials of the same condition, with both sides exactly the same e.g. (e.g.X == 0 | | x == 0). Possibly the second occurrence is intended to determine a different condition (e.g., X == 0 | | y== 0). |
|
Correctness |
SA_FIELD_SELF_ASSIGNMENT |
SA: Self assignment of field |
Methods contain fields that assign values to themselves. Example: |
|
Correctness |
SA_FIELD_SELF_COMPARISON |
SA: Self comparison of field with itself |
Fields performing self-comparisons on their own may indicate errors or logical mistakes. |
|
Correctness |
SA_LOCAL_SELF_COMPUTATION |
SA: Nonsensical self computation involving a field (., x & x) |
This method performs an absurd calculation on the same variable (e.g.x&x or x-x) operation. Due to the nature of the computation, this action seems meaningless and may indicate an error or logical mistake. |
|
Correctness |
SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH |
SF: Dead store due to switch statement fall through |
existThe previous case value in swtich is overwritten because the execution of swtich fails, which is like forgetting to use break to launch or failing to use a return statement to put back the previous value. |
|
Correctness |
SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW |
SF: Dead store due to switch statement fall through to throw |
existThe saving of case values is ignored in swtich because of an exception. |
|
Correctness |
SIC_THREADLOCAL_DEADLY_EMBRACE |
SIC: Deadly embrace of non-static inner class and thread local |
If it is a static inner class. In fact. there is a possibility of deadlock between the inner class and the current thread. Since the inner class is not static. it retains a reference to the outer class. If the thread contains a reference to an instance of the inner class. both the inner and outer instances can be fetched so that they are not eligible for garbage collection. |
|
Correctness |
SIO_SUPERFLUOUS_INSTANCEOF |
SIO: Unnecessary type check done using instanceof operator |
underwayUnnecessary type checking during instanceof operations |
|
Correctness |
STI_INTERRUPTED_ON_CURRENTTHREAD |
STI: Unneeded use of currentThread() call, to call interrupted() |
This method calls the(The () call is simply a call to the interrupted() method. Since interrupted() is a static method, () is simpler to use. |
|
Correctness |
STI_INTERRUPTED_ON_UNKNOWNTHREAD |
STI: Static () method invoked on thread instance |
Calls to objects that are not part of the current thread's() method, since the interrupted() method is static, the interrupted method will call a different object than the author originally planned. |
|
Correctness |
SE_METHOD_MUST_BE_PRIVATE |
Se: Method must be private in order for serialization to work |
This class implements theSerializable interface and define methods for custom serialization/deserialization. However, since such methods cannot be declared as private, they will be ignored by the serialization/deserialization API. |
|
Correctness |
SE_READ_RESOLVE_IS_STATIC |
Se: The readResolve method must not be declared as a static method. |
in order toThe readResolve method is recognized by the serialization mechanism and cannot be declared as a static method. |
|
Correctness |
UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS |
UMAC: Uncallable method defined in anonymous class |
A method is defined in an anonymous class that neither overrides a method in the superclass nor can be called directly. Since methods in other classes cannot directly reference methods declared in the anonymous class, it seems that such a method cannot be called, and that such a method may simply be code that serves no purpose, but may also override the declaration in the superclass. |
|
Correctness |
UR_UNINIT_READ |
UR: Uninitialized read of field in constructor |
A field or property is used in this constructor that has not yet been assigned a value. |
|
Correctness |
DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY |
USELESS_STRING: Invocation of toString on an array |
This code calls the upper anonymous array'sThe toString() method, which produces a result shaped like [@ 16f0472 doesn't really make sense. Consider using a method to convert to a readable string that provides an array of the contents of that array. Example: |
|
Correctness |
UWF_NULL_FIELD |
UwF: Field only ever set to null |
The value of the field is alwaysnull value. all reads of the field are null. check for errors and delete it if it is truly useless. |
|
Correctness |
UWF_UNWRITTEN_FIELD |
UwF: Unwritten field |
This field is never written to a value. All reads will return the default value. Check for errors (if it is initialized?) , and delete it if it is indeed useless. |
|
Internationalization |
DM_CONVERT_CASE |
Dm: Consider using Locale parameterized version of invoked method |
Use the platform's default encoding format for case conversion of strings, which may result in improper conversion of international characters. Use the following to convert characters |
|
Malicious code vulnerability |
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED |
DP: Classloaders should only be created inside doPrivileged block |
Class loaders can only be built into special method bodies |
|
Malicious code vulnerability |
EI_EXPOSE_REP |
EI: May expose internal representation by returning reference to mutable object |
Returning a mutable object reference and saving it in an object field exposes the internal field descriptions of the object, and accepting access from untrusted code or changing the mutable object without checking it involves the security of the object and other important properties. Returning a new copy of the object is a better approach in many cases. |
|
Malicious code vulnerability |
EI_EXPOSE_REP2 |
EI2: May expose internal representation by incorporating reference to mutable object |
This code stores external mutable object references into the internal representation of the object. If the instance is accessed by untrusted code and unchecked changes jeopardize the security of the object and important properties. Storing a copy of the object is a better approach in many cases. |
|
Malicious code vulnerability |
FI_PUBLIC_SHOULD_BE_PROTECTED |
FI: Finalizer should be protected, not public |
A class in which theThe finalize() method must be declared as protected and cannot be of type public |
|
Malicious code vulnerability |
MS_EXPOSE_REP |
MS: Public static method may expose internal representation by returning array |
anA static method of type public returns an array that may reference the exposure of internal properties. Any code calling this method is free to modify the underlying array. One solution is to return a copy of the array. |
|
Malicious code vulnerability |
MS_FINAL_PKGPROTECT |
MS: Field should be both final and package protected |
A static field that may have been altered by malicious code or another package. Fields can be placed in theThe protected package can also be defined as final to avoid this problem. |
|
Malicious code vulnerability |
MS_MUTABLE_ARRAY |
MS: Field is a mutable array |
A definition ofWhen a static field of type final references an array it can be used by malicious code or in another package. This code is free to modify the contents of the array. |
|
Malicious code vulnerability |
MS_MUTABLE_HASHTABLE |
MS: Field is a mutable Hashtable |
A definition ofA static field of type final referencing a Hashtable can be called by malicious code or in other packages with methods that modify the value of the Hashtable. |
|
Malicious code vulnerability |
MS_OOI_PKGPROTECT |
MS: Field should be moved out of an interface and made package protected |
Keep the domain as far as possible from being defined in the interface, and declare it as a package protection in the interface defines aStatic fields of type final, such as arrays or hash tables, are volatile objects. These objects can be called by malicious code or in other packages. To solve this problem, they need to be defined in a concrete entity class and declared as a protected type to avoid this error. |
|
Malicious code vulnerability |
MS_PKGPROTECT |
MS: Field should be package protected |
A static field is changeable by malicious code or other package access modifications. A field of this type can be declared asfinal type to prevent this error. |
|
Multithreaded correctness |
DM_MONITOR_WAIT_ON_CONDITION |
Dm: Monitor wait() called on Condition |
method withThe object calls wait(). Waiting for a condition to occur should be done using the await() method defined in the Condition interface. |
|
Multithreaded correctness |
DM_USELESS_THREAD |
Dm: A thread was created using the default empty run method |
This method does not pass therun method or declaring the Thread class specifically, nor defining a thread through a Runnable object that comes out and wastes resources without doing anything. |
|
Multithreaded correctness |
ESync_EMPTY_SYNC |
ESync: Empty synchronized block |
The code contains an empty synchronization block:synchronized() {} |
|
Multithreaded correctness |
IS2_INCONSISTENT_SYNC |
IS: Inconsistent synchronization |
Unreasonable synchronization |
|
Multithreaded correctness |
IS_FIELD_NOT_GUARDED |
IS: Field not guarded against concurrent access |
Domains are not good for synchronized access--This field is labeled as such, but can be accessed to some extent in violation of the annotation |
|
Multithreaded correctness |
JLM_JSR166_LOCK_MONITORENTER |
JLM: Synchronization performed on Lock |
realizationof the object calls the synchronized method. It should be handled in such a way that objects are locked/unlocked using the acquire()/ release() methods instead of using the synchronized methods. |
|
Multithreaded correctness |
LI_LAZY_INIT_STATIC |
LI: Incorrect lazy initialization of static field |
Incorrect delayed initialization of static fields-- |
|
Multithreaded correctness |
LI_LAZY_INIT_UPDATE_STATIC |
LI: Incorrect lazy initialization and update of static field |
This method contains a static field with asynchronous delayed initialization. Afterwards a value is assigned to the field and the object is stored to that location for further updates or access. The field is made accessible to other threads as soon as possible afterward. If the method of further access to the field serves to initialize the object, then you have a very serious multi-threadedbug unless something else prevents any other thread from accessing the stored object until it is fully initialized. Even if you are confident that the method is never going to be called by more than one thread when it's value hasn't been fully initialized or moved, it might be better to not set it to a static field. |
|
Multithreaded correctness |
ML_SYNC_ON_UPDATED_FIELD |
ML: Method synchronizes on an updated field |
Objects are synchronized when they fetch a variable field. This doesn't make sense because different threads can be synchronized at different objects. |
|
Multithreaded correctness |
MSF_MUTABLE_SERVLET_FIELD |
MSF: Mutable servlet field |
anA web service can generally only create one instance of a servlet or jsp (e.g., treates is a unary class), and it will be called by multiple threads to serve multiple simultaneous requests. Thus the use of mutable field attributes creates a competitive situation. |
|
Multithreaded correctness |
MWN_MISMATCHED_NOTIFY |
MWN: Mismatched notify() |
This method calls the() or () without acquiring an object lock on that object. Calling notify() or notifyAll() without holding an object lock on that object will result in an IllegalMonitorStateException. |
|
Multithreaded correctness |
MWN_MISMATCHED_WAIT |
MWN: Mismatched wait() |
This method calls the() without acquiring an object lock on that object. Calling wait() without holding an object lock on that object will result in an IllegalMonitorStateException. |
|
Multithreaded correctness |
NP_SYNC_AND_NULL_CHECK_FIELD |
NP: Synchronize and null check on the same field. |
If the code block is synchronized, then long cannot be empty. If it is null, synchronization throws theNullPointerException exception. It is better to synchronize in another code block. |
|
Multithreaded correctness |
NO_NOTIFY_NOT_NOTIFYALL |
No: Using notify() rather than notifyAll() |
invocationsnotify() instead of the notifyAll() method. Java's monitors are typically used for multiple conditions. Calling notify() wakes up only one thread, which means that the thread is woken up only if the current condition is satisfied. |
|
Multithreaded correctness |
RS_READOBJECT_SYNC |
RS: Class's readObject() method is synchronized |
The serialization class defines the synchronizedreadObject(). By definition, the object created by deserialization is accessible to only one thread, so there is no need for readObject() to synchronize. If the readObject() method itself causes the object to be visible to another thread, then that in itself is bad coding. |
|
Multithreaded correctness |
RU_INVOKE_RUN |
Ru: Invokes run on a thread (did you mean to start it instead?) |
This method explicitly calls an object'srun(). Generally, classes are implementing the Runnable interface because in a new thread they will have their own run() method, in this case the () method call is correct. |
|
Multithreaded correctness |
SC_START_IN_CTOR |
SC: Constructor invokes () |
Start a thread in the constructor. If the class has ever been extended by a subclass, then this is probably wrong, because the thread will start before the subclass is constructed. |
|
Multithreaded correctness |
SP_SPIN_ON_FIELD |
SP: Method spins on field |
The method loops indefinitely to read a field. The compiler can legally suspend the read loop into an infinite loop of code. This class should change so use proper synchronization (including wait and notification requirements) |
|
Multithreaded correctness |
STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE |
STCAL: Call to static Calendar |
even ifJavaDoc contains no hints about this, and Calendars are inherently unsafe for use in multiple threads. The probe found that a static object will be obtained when calling an instance of Calendars. calendar rightNow = (); |
|
Multithreaded correctness |
STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE |
STCAL: Call to static DateFormat |
In the officialJavaDoc, DateFormats multi-threaded use of this skill is unsafe. The detector finds that calling an instance of DateFormat will get a static object. |
|
Multithreaded correctness |
STCAL_STATIC_CALENDAR_INSTANCE |
STCAL: Static Calendar field |
Calendar is inherently unsafe in multithreading, and if a Calendarde instance is shared across a range of threads without using a synchronized method some strange behavior occurs in the application. ArrayIndexOutOfBoundsExceptions or IndexOutOfBoundsExceptions are thrown in (). |
|
Multithreaded correctness |
STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE |
STCAL: Static DateFormat |
DateFormat is inherently unsafe in multithreading, and sharing a thread-scoped instance of DateFormat without using a synchronized method can lead to some strange behavior in applications. |
|
Multithreaded correctness |
SWL_SLEEP_WITH_LOCK_HELD |
SWL: Method calls () with a lock held |
Called when holding an object(). This can lead to very poor performance and scalability, or to deadlocks because other threads may be waiting to acquire the lock. Calling wait() is a better idea, releasing the hold on the object to allow other threads to run. |
|
Multithreaded correctness |
UG_SYNC_SET_UNSYNC_GET |
UG: Unsynchronized get method, synchronized set method |
This class contains similarly namedThe get and set methods. The set method is a synchronous method and the get method is an asynchronous method. This can lead to incorrect behavior at runtime because the get method called does not necessarily return a consistent state of the object. GET methods should be synchronized. |
|
Multithreaded correctness |
UL_UNRELEASED_LOCK |
UL: Method does not release lock on all paths |
method gets the current object owned, but never releases it in the method. A correct example is as follows: |
|
Multithreaded correctness |
UL_UNRELEASED_LOCK_EXCEPTION_PATH |
UL: Method does not release lock on all exception paths |
method gets the current object owned, but never releases it during all the exception handling. A correct example is as follows: |
|
Multithreaded correctness |
UW_UNCOND_WAIT |
UW: Unconditional wait |
method contains a call to the() without putting it in the conditional flow control. The code should confirm that the condition has not been met before waiting; any previous notifications will be ignored. |
|
Multithreaded correctness |
VO_VOLATILE_REFERENCE_TO_ARRAY |
VO: A volatile reference to an array doesn't treat the array elements as volatile |
Declaring a variable referencing an array is probably not what you want. If a variable references an array, it is not safe to read or write to the referenced array, but array elements are not variables. To get the value of a variable in an array you can use theAtomicity properties of arrays in packages |
|
Multithreaded correctness |
WS_WRITEOBJECT_SYNC |
WS: Class's writeObject() method is synchronized but nothing else is |
This class has aThe writeObject() method is synchronized, but there are no other synchronized methods in this class. |
|
Multithreaded correctness |
WA_AWAIT_NOT_IN_LOOP |
Wa: () not in loop |
method is not called in a loop(). If the object is used for multiple conditions, the condition for which the wait() method is intended to be called may not actually occur. |
|
Multithreaded correctness |
WA_NOT_IN_LOOP |
Wa: Wait not in loop |
This method consists of calling the(), which is not a loop. If the monitor is used for more than one condition, the condition for which the wait() method is intended to be called may not be the one that actually occurs. |
|
Performance |
BX_BOXING_IMMEDIATELY_UNBOXED |
Bx: Primitive value is boxed and then immediately unboxed |
Boxing the original value and then immediately unboxing it. It is possible that manual boxing was performed in a place where boxing was not required, thus forcing the compiler to perform immediate unboxing |
|
Performance |
BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION |
Bx: Primitive value is boxed then unboxed to perform primitive coercion |
Boxes the original value and then immediately forces it to be converted to another original type. Example: |
|
Performance |
BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR |
Bx: Primitive value is unboxed and coerced for ternary operator |
If the value is not wrapped or type converted during ternary operator operations. Example:b ? e1 : e2 |
|
Performance |
DM_FP_NUMBER_CTOR |
Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead |
utilizationThe new Double(double) method always creates a new object, however, using the (double) method you can store the value in the editor or class library, or in the JVM. Avoiding object allocation by storing values can result in better code performance. Unless the class must conform to the Java 1.5 JVM, use autoboxing or the valueOf() method to create instances of Double and Float. |
|
Performance |
DM_NUMBER_CTOR |
Bx: Method invokes inefficient Number constructor; use static valueOf instead |
utilizationThe new Integer(int) method always creates a new object, however, you can use the (int) method to store the value in the editor or class library, or in the JVM. Avoiding object allocation by storing values can result in better code performance. Unless the class must conform to the Java 1.5 JVM, use autoboxing or the valueOf() method to create Long, Integer, Short, Character, and Byte instances. |
|
Performance |
DMI_BLOCKING_METHODS_ON_URL |
Dm: The equals and hashCode methods of URL are blocking |
utilizationThe equals and hashCode methods cause blocking when parsing the url for resource identifiers. Consider using them instead. |
|
Performance |
DMI_COLLECTION_OF_URLS |
Dm: Maps and sets of URLs can be performance hogs |
Methods or fields use theA map/set collection of url's. This is because either the equals method or the hashCode method for resource identifier parsing can cause blocking. Consider using that instead. |
|
Performance |
DM_BOOLEAN_CTOR |
Dm: Method invokes inefficient Boolean constructor; use (...) instead |
utilizationThe new method is a waste of space to create an instance object of type able, because Boolean objects are immutable and have only two useful values. Use () or the autoboxing feature in Java 1.5 to create a Boolean instance. |
|
Performance |
DM_GC |
Dm: Explicit garbage collection; extremely dubious except in benchmarking code |
Explicitly calling garbage collection naming in code does not work. In the past, people have called garbage collection on shutdown operations orCalling the garbage collection method in the finalize method results in a lot of wasted performance. This causes the processor to run slowly when recycling objects on a large scale. |
|
Performance |
DM_NEXTINT_VIA_NEXTDOUBLE |
Dm: Use the nextInt method of Random rather than nextDouble to generate a random integer |
in the event thatr is an object, you can make (n) generate a random number from 0 to before n-1 instead of using (int)(() * n) |
|
Performance |
DM_STRING_CTOR |
Dm: Method invokes inefficient new String(String) constructor |
utilizationThe (String) constructor wastes memory because it's easy to get confused functionally between this type of construction and String as a parameter. Just use String directly as a parameter in the form |
|
Performance |
DM_STRING_TOSTRING |
Dm: Method invokes toString() method on a String |
invocations() is a redundant operation, just use String. |
|
Performance |
DM_STRING_VOID_CTOR |
Dm: Method invokes inefficient new String() constructor |
Use the constructor method with no parameters to create a newString objects are a waste of memory space because creating them this way can be confused with the empty string "" in Java it is guaranteed that completing the same constructor method will produce String objects that portray the same thing. So you can just use the empty string to create it. |
|
Performance |
ITA_INEFFICIENT_TO_ARRAY |
ITA: Method uses toArray() with zero-length array argument |
When using the collection'sThe toArray() method takes an array of length 0 as its argument. A more efficient method is (new Foo[()]), which, if the length of the array is large enough, wraps the contents of the collection into an array and returns it, thus avoiding the need to create a new array a second time to hold the values in the collection. |
|
Performance |
SS_SHOULD_BE_STATIC |
SS: Unread field: should this field be static? |
Classes contained in theThe final attribute field is initialized to a static value in the compiler. Consider defining it as static at definition time. |
|
Performance |
UPM_UNCALLED_PRIVATE_METHOD |
UPM: Private method is never called |
define asThe Private type method was never called and should be removed. |
|
Performance |
URF_UNREAD_FIELD |
UrF: Unread field |
Properties defined in the class are never called and are recommended to be removed. |
|
Performance |
UUF_UNUSED_FIELD |
UuF: Unused field |
Properties defined in the class are never used and are recommended to be deleted. |
|
Performance |
WMI_WRONG_MAP_ITERATOR |
WMI: Inefficient use of keySet iterator instead of entrySet iterator |
When a method accepts aIterators using keySet are more efficient than iterators using entrySet when the parameters are of type Map. |
|
Security |
DMI_CONSTANT_DB_PASSWORD |
Dm: Hardcoded constant database password |
Code to createThe DB uses a write dead password for its password. |
|
Security |
DMI_EMPTY_DB_PASSWORD |
Dm: Empty database password |
Creating a database connection without setting a password for the database can leave the database without the necessary protection. |
|
Security |
HRS_REQUEST_PARAMETER_TO_COOKIE |
HRS: HTTP cookie formed from untrusted input |
This code uses the untrustedHTTP parameters to construct an HTTP cookie. |
|
Security |
HRS_REQUEST_PARAMETER_TO_HTTP_HEADER |
HRS: HTTP Response splitting vulnerability |
In the code it is straightforward to put aHTTP parameters are written in an HTTP header file, which exposes vulnerabilities for HTTP responses. |
|
Security |
SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE |
SQL: Nonconstant string passed to execute or addBatch method on an SQL statement |
The method is called in the form of a stringSQLstatement's execute method, which appears to dynamically generate SQL statements. This would be more vulnerable to SQL injection attacks. |
|
Security |
XSS_REQUEST_PARAMETER_TO_JSP_WRITER |
XSS: JSP reflected cross site scripting vulnerability |
In the code in theAn HTTP parameter is written directly to the JSP output, which can cause a cross-site scripting vulnerability. |
|
Security |
XSS_REQUEST_PARAMETER_TO_SEND_ERROR |
XSS: Servlet reflected cross site scripting vulnerability in error page |
In the code in theAn HTTP parameter is written directly to the Servlet output, which can cause a cross-site scripting vulnerability. |
|
Security |
XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER |
XSS: Servlet reflected cross site scripting vulnerability |
The code is written directly to the parameter of theHTTP Server Error Page (Usage). Expressing similar untrusted input can cause a cross-site scripting vulnerability. |
|
Dodgy code |
BC_BAD_CAST_TO_ABSTRACT_COLLECTION |
BC: Questionable cast to abstract collection |
Forcing a type conversion from a collection to an abstract collection in a code cast (e.g.(list, set or map). Make sure that the type of the object is the same as the type it will be converted to. If you just want to facilitate a collection, then you don't have to convert it to a Set or List. |
|
Dodgy code |
BC_BAD_CAST_TO_CONCRETE_COLLECTION |
BC: Questionable cast to concrete collection |
The code takes an abstract collection (e.g.List, Set, or Collection) to a concrete implementation type (such as an ArrayList or HashSet). This may not be correct, and may make your code vulnerable because it makes it difficult to point future switches to other concrete implementations. Unless you have a specific reason to do so, only use abstract collection classes. |
|
Dodgy code |
BC_UNCONFIRMED_CAST |
BC: Unchecked/unconfirmed cast |
Forced type conversion operations are not validated, and not all such type-fitted classes can be forcibly converted back to their original type. Logical judgment is required in the code to ensure that this is possible. |
|
Dodgy code |
BC_VACUOUS_INSTANCEOF |
BC: instanceof will always return true |
The instanceof test will always return true (unless the value being tested is null). While this is safe, make sure it isn't indicative of some misunderstanding or some other logical error. If you really want to test for values that are null, it might be clearer to do so with a better null test rather than an instanceof test. |
|
Dodgy code |
ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT |
BSHIFT: Unsigned right shift cast to short/byte |
Unsigned numbers are right-shifted and converted toshort or byte types may discard the higher value, which results in an indistinguishable number between conforming and unsigned numbers (depending on the shift size). |
|
Dodgy code |
CI_CONFUSED_INHERITANCE |
CI: Class is final but declares protected field |
This class is declared asfinal, but the field attribute is declared as a protected type. Since it is a final class, it can no longer be inherited, and declaring it as a protected type is confusing. In order to use it correctly from the outside it should be declared as private or public. |
|
Dodgy code |
DB_DUPLICATE_BRANCHES |
DB: Method uses the same code for two branches |
This method uses the same code for both conditional branches. Check to make sure this is not a coding error. |
|
Dodgy code |
DB_DUPLICATE_SWITCH_CLAUSES |
DB: Method uses the same code for two switch clauses |
His method uses the same code to implement twoSwitch's declaration clause. This could be a case of duplicate code, but may also show a coding error. |
|
Dodgy code |
DLS_DEAD_LOCAL_STORE |
DLS: Dead store to local variable |
The instruction assigns a value to the local variable, but does not make any use of her in the subsequent ones. Usually, this indicates an error, because the value is never used. |
|
Dodgy code |
DLS_DEAD_LOCAL_STORE_IN_RETURN |
DLS: Useless assignment in return statement |
This statement puts a local variable into the return statement of a method. This is not meaningful for local variables in methods. |
|
Dodgy code |
DLS_DEAD_LOCAL_STORE_OF_NULL |
DLS: Dead store of null to local variable |
Assign a local variable tonull value and never do anything with the variable again. This is probably for garbage collection, but with Java SE 6.0, this is no longer necessary. |
|
Dodgy code |
DMI_HARDCODED_ABSOLUTE_FILENAME |
DMI: Code contains a hard coded reference to an absolute pathname |
This code contains the file object as an absolute path name |
|
Dodgy code |
DMI_NONSERIALIZABLE_OBJECT_WRITTEN |
DMI: Non serializable object written to ObjectOutput |
The code makes a non-serialized object appear in the() method, which would cause an error. |
|
Dodgy code |
DMI_USELESS_SUBSTRING |
DMI: Invocation of substring(0), which returns the original value |
This code calls thesubString(0) method, which returns the original value. |
|
Dodgy code |
EQ_DOESNT_OVERRIDE_EQUALS |
Eq: Class doesn't override equals in superclass |
The subclass defines a newThe equals method however is not an override of the parent class's native equals() method. |
|
Dodgy code |
FE_FLOATING_POINT_EQUALITY |
FE: Test for floating point equality |
This operation compares two floating-point values for equality. Since floating-point operations may involve rounding, the calculation of theFloat and double values may not be accurate. If the value is required to be accurate, such as a currency value, consider using a fixed-precision type, such as BigDecimal, for the comparison |
|
Dodgy code |
VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN |
FS: Non-Boolean argument formatted using %b format specifier |
utilization%b deformats Boolean values incorrectly but it doesn't throw exceptions, it outputs true for any non-null value and false for any null value. |
|
Dodgy code |
IC_INIT_CIRCULARITY |
IC: Initialization circularity |
In the case of a reference to two inter-calls as a ringThe static method is wrong when it goes to initialize an instance. |
|
Dodgy code |
ICAST_IDIV_CAST_TO_DOUBLE |
ICAST: Integral division result cast to double or float |
Plastic number division forces a conversion toDouble or float type. |
|
Dodgy code |
IM_AVERAGE_COMPUTATION_COULD_OVERFLOW |
IM: Computation of average could overflow |
The code uses theThe x % 2 == 1 method verifies that there is a remainder in the operation, but it doesn't work if there is a negative number. Use x & 1 == 1, or x % 2 ! = 0 instead |
|
Dodgy code |
INT_VACUOUS_COMPARISON |
INT: Vacuous comparison of integer value |
Plastic numbers are compared the result is always the same. Example:x <= Integer.MAX_VALUE |
|
Dodgy code |
MTIA_SUSPECT_SERVLET_INSTANCE_FIELD |
MTIA: Class extends Servlet class and uses instance variables |
This class extends from theServlet class and use the member variables of the instance. Since there is only one instance of the Servlet class and it is used in a multi-threaded fashion, this pattern is potentially problematic. Consider using only local variables of methods. |
|
Dodgy code |
MTIA_SUSPECT_STRUTS_INSTANCE_FIELD |
MTIA: Class extends Struts Action class and uses instance variables |
class extends theStruts Action class and use the member variables of this instance, since there is only one Action instance object in the Struts framework and using it in a multi-threaded situation is likely to be problematic. |
|
Dodgy code |
NP_DEREFERENCE_OF_READLINE_VALUE |
NP: Dereference of the result of readLine() without nullcheck |
treat (sb a certain way)The result of readLine() is reassigned without a null operation, which can throw a null pointer exception. |
|
Dodgy code |
NP_IMMEDIATE_DEREFERENCE_OF_READLINE |
NP: Immediate dereference of the result of readLine() |
treat (sb a certain way)The result of readLine() is immediately assigned, and such an operation can throw a null pointer exception. |
|
Dodgy code |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
NP: Possible null pointer dereference due to return value of called method |
The return value of a method is reassigned without being checked for null, which may result in a null pointer exception. |
|
Dodgy code |
NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE |
NP: Parameter must be non-null but is marked as nullable |
The parameter value cannot be null in any case, but there is an explicit comment that it can be null. |
|
Dodgy code |
NS_DANGEROUS_NON_SHORT_CIRCUIT |
NS: Potentially dangerous use of non-short-circuit logic |
The code uses (& or |) instead of (& & or ||) operation, which can be potentially dangerous. |
|
Dodgy code |
NS_NON_SHORT_CIRCUIT |
NS: Questionable use of non-short-circuit logic |
The code uses (& or |) instead of (& & or ||) operations can cause unsafe operations |
|
Dodgy code |
PZLA_PREFER_ZERO_LENGTH_ARRAYS |
PZLA: Consider returning a zero length array rather than null |
Consider returning a zero-length array instead of thenull value |
|
Dodgy code |
QF_QUESTIONABLE_FOR_LOOP |
QF: Complicated, subtle or wrong increment in for-loop |
To make sure that this loop is correctly incrementing a variable, it appears that another variable is being initialized, check the loop. This is due toThe for loop is caused by too complex a definition in the for loop. |
|
Dodgy code |
RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE |
RCN: Redundant comparison of non-null value to null |
Methods that contain an assignment that cannot be null also contain an assignment that can be null. Redundantly comparing non-null values to null. |
|
Dodgy code |
RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES |
RCN: Redundant comparison of two null values |
method on the twonull values for comparison |
|
Dodgy code |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
RCN: Redundant nullcheck of value known to be non-null |
method for a value that is not null to be null. |
|
Dodgy code |
REC_CATCH_EXCEPTION |
REC: Exception is caught when Exception is not thrown |
existThe exception is caught in a try/catch block, but the exception is not thrown in the try statement and the RuntimeException is not explicitly caught. |
|
Dodgy code |
RI_REDUNDANT_INTERFACES |
RI: Class implements same interface as superclass |
Subclasses and parent classes both implement the same interface, and this definition is redundant. |
|
Dodgy code |
RV_DONT_JUST_NULL_CHECK_READLINE |
RV: Method discards result of readLine after checking if it is non-null |
The readLine method is discarded if the result is not null. |
|
Dodgy code |
RV_REM_OF_RANDOM_INT |
RV: Remainder of 32-bit signed random integer |
This code generates a random signed integer and then calculates another value of. Since random numbers can be negative, the result of the rest of the operation can also be negative. Consider using(int) method instead. |
|
Dodgy code |
SA_FIELD_DOUBLE_ASSIGNMENT |
SA: Double assignment of field |
The fields in the method contain dual tasks, for example: |
|
Dodgy code |
SA_LOCAL_DOUBLE_ASSIGNMENT |
SA: Double assignment of local variable |
Assigning a value to a local variable twice makes no sense. Example: |
|
Dodgy code |
SA_LOCAL_SELF_ASSIGNMENT |
SA: Self assignment of local variable |
Local variables use themselves to assign values to themselves |
|
Dodgy code |
SF_SWITCH_FALLTHROUGH |
SF: Switch statement found where one case falls through to the next case |
A switch statement executes one branch and then executes the next. Usually a case is followed by a break or return statement. |
|
Dodgy code |
SF_SWITCH_NO_DEFAULT |
SF: Switch statement found where default case is missing |
Switch does not have a case statement that is executed by default. |
|
Dodgy code |
SE_PRIVATE_READ_RESOLVE_NOT_INHERITED |
Se: Private readResolve method not inherited by subclasses |
declare to beSerialization methods of private are inherited by subclasses |
|
Dodgy code |
UCF_USELESS_CONTROL_FLOW |
UCF: Useless control flow |
Conditional statements that serve no purpose. |
|
Dodgy code |
UCF_USELESS_CONTROL_FLOW_NEXT_LINE |
UCF: Useless control flow to next line |
Invalid conditional control statements, noteif ( == 1); ends with ";" and the following statement runs whether it is satisfied or not. |
|
Dodgy code |
XFB_XML_FACTORY_BYPASS |
XFB: Method directly allocates a specific implementation of xml interfaces |
method customizes aImplementation classes for XML interfaces. It is best to use the officially provided factory classes to create these objects so that they can be changed in the runtime. Example: |
Location>code7788
>text
FindBugs Quality Management
Popularity:168 ℃/2024-07-29 15:29:28