SonarLInt - Yash-777/sonar-java GitHub Wiki

Java static code analysis

In-IDE : SonarLint - Code Quality and Security Self-Hosted with SonarQube

SonarLint SonarLint is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, SonarLint squiggles flaws so they can be fixed before committing code

Lines to cover on new lines - If facing this and you are unable to cover those lines then take new copy of this branch and test sonar quality it will work.

Service Unavailable - 503 The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

===================================

SonarJava https://stackoverflow.com/questions/38072713/sonarlint-eclipse-plugin-version-error

SonarJava - Fix Version: 4.12 - S2175 Partial semantic with type inference can trigger false positive « https://jira.sonarsource.com/browse/SONARJAVA-2393 https://stackoverflow.com/questions/55812657/how-to-check-if-a-listclass-contains-a-class-while-avoiding-sonar-rule-squids

Prerequisites and Overview - https://docs.sonarqube.org/latest/requirements/requirements/ https://docs.sonarqube.org/display/PLUG/Plugin+Version+Matrix

https://sbforge.org/sonar/coding_rules#rule_key=squid%3AS1201

sonar-plugin - http://downloads.sonarsource.com/eclipse/eclipse/

SonarJava: https://www.sonarsource.com/products/codeanalyzers/sonarjava.html Non-serializable objects should not be stored in "HttpSession" objects (squid:S2441) https://github.com/SonarSource/sonar-java/blob/master/java-checks/src/main/java/org/sonar/java/checks/serialization/SerializableObjectInSessionCheck.java

https://github.com/SonarSource/sonar-java/blob/master/java-checks/src/test/files/checks/serialization/SerializableObjectInSessionCheck.java

https://github.com/SonarSource/sonar-java https://github.com/SonarSource/sonar-java/tree/master/sonar-java-plugin

Coding Rule Guidelines : https://docs.sonarqube.org/display/DEV/Coding+Rule+Guidelines

Bug MAJOR :

Local variable and method parameter names should comply with a naming convention (squid:S00117)

 Noncompliant (^[a-z][a-zA-Z0-9]*$)     | Compliant Solution
----------------------------------------+----------------------------------------
public void doSomething(int my_param) { | public void doSomething(int myParam) {
  int LOCAL;                            |   int local;
  ...                                   |   ...
}                                       | }

The diamond operator ("<>") should be used (squid:S2293)

Java 7 introduced the diamond operator (<>) to reduce the verbosity of generics code. For instance, instead of having to declare a List's type in both its declaration and its constructor, you can now simplify the constructor declaration with <>, and the compiler will infer the type.

Note that this rule is automatically disabled when the project's sonar.java.source is lower than 7.

List<String> strings = new ArrayList<String>();  // Noncompliant
List<String> strings = new ArrayList<>(); // Compliant Solution

Jump statements should not occur in "finally" blocks (squid:S1143)

  • Remove this throw statement from this finally block. Using return, break, throw, and so on from a finally block suppresses the propagation of any unhandled Throwable which was thrown in the try or catch block.

Null pointers should not be dereferenced (squid:S2259)

"equals" method overrides should accept "Object" parameters (squid:S1201) https://sbforge.org/sonar/coding_rules#rule_key=squid%3AS1201

Correct this regular expression. Inappropriate regular expressions should not be used (squid:S2639)

"hashCode" and "toString" should not be called on array instances (squid:S2116) Use "Arrays.toString(array)" instead.

"InterruptedException" should not be ignored (squid:S2142) Either re-interrupt this method or rethrow the "InterruptedException". try { Thread.sleep(100); } catch (InterruptedException e) { Thread.currentThread().interrupt(); }

Generic exceptions should never be thrown (squid:S00112) public void foo(String bar) throws Throwable { // Noncompliant throw new RuntimeException("My Message"); // Noncompliant }

public void foo(String bar) { throw new MyOwnRuntimeException("My Message"); }

Remove this throw statement from this finally block. Exceptions should not be thrown in finally blocks (squid:S1163) try { /* some work which end up throwing an exception / throw new IllegalArgumentException(); } finally { / clean up */ }

Code smell MAJOR:

Throwable and Error should not be caught (squid:S1181)

Throwable is the superclass of all errors and exceptions in Java. Error is the superclass of all errors, which are not meant to be caught by applications.

Catching either Throwable or Error will also catch OutOfMemoryError and InternalError, from which an application should not attempt to recover.

Noncompliant Code Example                           | Compliant Solution
try { /* ... */ } catch (Throwable t) { /* ... */ } | try { /* ... */ } catch (RuntimeException e) { /* ... */ }
try { /* ... */ } catch (Error e) { /* ... */ }     | try { /* ... */ } catch (MyException e) { /* ... */ }

A conditionally executed single line should be denoted by indentation (squid:S3973)

if (condition)  // Noncompliant
doTheThing();
if (condition) // Compliant
  doTheThing();

Minor: Modifiers should be declared in the correct order (squid:ModifiersOrderCheck) The Java Language Specification recommends listing modifiers in the following order:

1. Annotations, 2. public, 3. protected, 4. private, 5. abstract, 6. static, 7. final,
8. transient, 9. volatile, 10. synchronized, 11. native, 12. strictfp

To Skip the Sonar Rules: stack

  • To Skip Specific rules to a method/class level use an annotation @SuppressWarnings("squid:S2175") with the rule id. @SuppressWarnings({"squid:S2078", "squid:S2076"}) Multiple rules can be separated using comma.
  • To Skip all the rules
    • For specific block use @SuppressWarnings("all").
    • For a specific Line use comment //NOSONAR that tells SonarQube to ignore all the errors.
⚠️ **GitHub.com Fallback** ⚠️