You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by "Mike Beckerle (Jira)" <ji...@apache.org> on 2020/01/28 18:41:00 UTC

[jira] [Commented] (DAFFODIL-2272) Address Findings from Trial Sonarqube Run

    [ https://issues.apache.org/jira/browse/DAFFODIL-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17025368#comment-17025368 ] 

Mike Beckerle commented on DAFFODIL-2272:
-----------------------------------------

So how would we get a file and line number and any other details about each of these detections?

> Address Findings from Trial Sonarqube Run
> -----------------------------------------
>
>                 Key: DAFFODIL-2272
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2272
>             Project: Daffodil
>          Issue Type: Improvement
>            Reporter: Olabusayo Kilo
>            Priority: Major
>
> h4. Bugs (10)
>  * Branches in conditional structure with same implementation (4)
>  ** 1 is false positive
>  ** 2 are code smells
>  ** 1 is bug
>  * DBI: Double Brace Initialization (1)
>  * Attempt to write class that isn’t serializable
>  * Arrays.toString bug (3) in test udfs
>  * Unused return val (1) in test udfs
> h4. Vulnerabilities (4)
>  * Class variable field with public accessibility
>  * Publicly mutable enum fields
> h4. Code Smells (5.6k)
>  * Critical (469)
>  ** Duplicated string literals (316: Scala + 9: Java)
>  ** Empty methods with no comments explaining why (73: Scala + 1: Java)
>  ** Code with high cognitive complexity (58)
>  ** Non-compliant constant and enum names (11)
>  ** Switch statement with no default (1)
>  * Major (625)
>  ** Commented out code (478: Scala + 32: XML + 3: Java)
>  ** Collapsible if statements (22: Scala)
>  ** Address FIXMEs (22: Scala)
>  ** Unused function parameter (14)
>  ** Function with too many parameters (13)
>  ** Conditional branches of code with same implementation (13)
>  ** Match statement with too many cases (6)
>  ** Missing override annotation over function (5)
>  ** Methods with duplicate code (5: Scala + 3: Java)
>  ** Generic exception thrown (3)
>  ** Unused Private Methods (2)
>  ** Useless assignment to local variable (1)
>  ** Returning null instead of empty collection (1)
>  ** Not using static class initializers/constructor (1)
>  ** Empty conditional blocks of code (1)
>  * Minor (4.3k)
>  ** Non-compliant method names (4.1k: Scala + 3: Java)
>  ** Non-compliant local variables and function parameters (64)
>  ** Non-compliant package names (23)
>  ** Non-compliant class names (7)
>  ** Redundant Boolean literals (45)
>  ** Unused local variables (22)
>  ** Not using diamond operator (9)
>  ** Empty comments (5)
>  ** Declaring and immediately returning local variable (3)
>  ** Using inverted Boolean checks (3)
>  ** Throws declaration of runtime exceptions (2)
>  ** Packages with only “package-info.java” (2)
>  ** Switch statement instead of if resulting in decreased readability
>  ** Abstract class instead of interface (1)
>  ** size instead of .isEmpty (1)
>  ** Improper modifier order (1)
>  ** Check cross-platform compatibility of hardcoded URIs (1)
>  * Info (195)
>  ** Track TODO tags (193: Scala + 2: Java)
> h4. Security Hotspots (3)
>  * Verify command line args are safe and sanitized
>  * Verify hashing is secure
>  * Verify deserialization of object is secure



--
This message was sent by Atlassian Jira
(v8.3.4#803005)