You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by "Olabusayo Kilo (Jira)" <ji...@apache.org> on 2020/01/28 15:25:00 UTC
[jira] [Created] (DAFFODIL-2272) Address Findings from Trial
Sonarqube Run
Olabusayo Kilo created DAFFODIL-2272:
----------------------------------------
Summary: Address Findings from Trial Sonarqube Run
Key: DAFFODIL-2272
URL: https://issues.apache.org/jira/browse/DAFFODIL-2272
Project: Daffodil
Issue Type: Improvement
Reporter: Olabusayo Kilo
h4. Bugs (10)
* Branches in conditional structure with same implementation (4)
** 1 is false positive
** 2 are code smells
** 1 is bug
* DBI: Double Brace Initialization (1)
* Attempt to write class that isn’t serializable
* toString bug (3) in test udfs
* Unused return val (1) in test udfs
h4. Vulnerabilities (4)
* Class variable field with public accessibility
* Publicly mutable enum fields
h4. Code Smells (5.6k)
* Critical (469)
** Duplicated string literals (316: Scala + 9: Java)
** Empty methods with no comments explaining why (73: Scala + 1: Java)
** Code with high cognitive complexity (58)
** Non-compliant constant and enum names (11)
** Switch statement with no default (1)
* Major (625)
** Commented out code (478: Scala + 32: XML + 3: Java)
** Collapsible if statements (22: Scala)
** Address FIXMEs (22: Scala)
** Unused function parameter (14)
** Function with too many parameters (13)
** Conditional branches of code with same implementation (13)
** Match statement with too many cases (6)
** Missing override annotation over function (5)
** Methods with duplicate code (5: Scala + 3: Java)
** Generic exception thrown (3)
** Unused Private Methods (2)
** Useless assignment to local variable (1)
** Returning null instead of empty collection (1)
** Not using static class initializers/constructor (1)
** Empty conditional blocks of code (1)
* Minor (4.3k)
** Non-compliant method names (4.1k: Scala + 3: Java)
** Non-compliant local variables and function parameters (64)
** Non-compliant package names (23)
** Non-compliant class names (7)
** Redundant Boolean literals (45)
** Unused local variables (22)
** Not using diamond operator (9)
** Empty comments (5)
** Declaring and immediately returning local variable (3)
** Using inverted Boolean checks (3)
** Throws declaration of runtime exceptions (2)
** Packages with only “package-info.java” (2)
** Switch statement instead of if resulting in decreased readability
** Abstract class instead of interface (1)
** size instead of .isEmpty (1)
** Improper modifier order (1)
** Check cross-platform compatibility of hardcoded URIs (1)
* Info (195)
** Track TODO tags (193: Scala + 2: Java)
h4. Security Hotspots (3)
* Verify command line args are safe and sanitized
* Verify hashing is secure
* Verify deserialization of object is secure
--
This message was sent by Atlassian Jira
(v8.3.4#803005)