You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by "Olabusayo Kilo (Jira)" <ji...@apache.org> on 2020/01/28 15:25:00 UTC

[jira] [Created] (DAFFODIL-2272) Address Findings from Trial Sonarqube Run

Olabusayo Kilo created DAFFODIL-2272:
----------------------------------------

             Summary: Address Findings from Trial Sonarqube Run
                 Key: DAFFODIL-2272
                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2272
             Project: Daffodil
          Issue Type: Improvement
            Reporter: Olabusayo Kilo


h4. Bugs (10)
 * Branches in conditional structure with same implementation (4)
 ** 1 is false positive
 ** 2 are code smells
 ** 1 is bug
 * DBI: Double Brace Initialization (1)
 * Attempt to write class that isn’t serializable
 * toString bug (3) in test udfs
 * Unused return val (1) in test udfs

h4. Vulnerabilities (4)
 * Class variable field with public accessibility
 * Publicly mutable enum fields

h4. Code Smells (5.6k)
 * Critical (469)
 ** Duplicated string literals (316: Scala + 9: Java)
 ** Empty methods with no comments explaining why (73: Scala + 1: Java)
 ** Code with high cognitive complexity (58)
 ** Non-compliant constant and enum names (11)
 ** Switch statement with no default (1)
 * Major (625)
 ** Commented out code (478: Scala + 32: XML + 3: Java)
 ** Collapsible if statements (22: Scala)
 ** Address FIXMEs (22: Scala)
 ** Unused function parameter (14)
 ** Function with too many parameters (13)
 ** Conditional branches of code with same implementation (13)
 ** Match statement with too many cases (6)
 ** Missing override annotation over function (5)
 ** Methods with duplicate code (5: Scala + 3: Java)
 ** Generic exception thrown (3)
 ** Unused Private Methods (2)
 ** Useless assignment to local variable (1)
 ** Returning null instead of empty collection (1)
 ** Not using static class initializers/constructor (1)
 ** Empty conditional blocks of code (1)
 * Minor (4.3k)
 ** Non-compliant method names (4.1k: Scala + 3: Java)
 ** Non-compliant local variables and function parameters (64)
 ** Non-compliant package names (23)
 ** Non-compliant class names (7)
 ** Redundant Boolean literals (45)
 ** Unused local variables (22)
 ** Not using diamond operator (9)
 ** Empty comments (5)
 ** Declaring and immediately returning local variable (3)
 ** Using inverted Boolean checks (3)
 ** Throws declaration of runtime exceptions (2)
 ** Packages with only “package-info.java” (2)
 ** Switch statement instead of if resulting in decreased readability
 ** Abstract class instead of interface (1)
 ** size instead of .isEmpty (1)
 ** Improper modifier order (1)
 ** Check cross-platform compatibility of hardcoded URIs (1)
 * Info (195)
 ** Track TODO tags (193: Scala + 2: Java)

h4. Security Hotspots (3)
 * Verify command line args are safe and sanitized
 * Verify hashing is secure
 * Verify deserialization of object is secure



--
This message was sent by Atlassian Jira
(v8.3.4#803005)