sonarQube扫描bug、漏洞处理汇总

目录

Bugs

Use an "instanceof" comparison instead.

Cast one of the operands of this integer division to a "double"

Remove this throw statement from this finally block.

Remove this return statement from this finally block

A "NullPointerException" could be thrown; "pkList" is nullable here.

Use try-with-resources or close this "ResultSet" in a "finally" clause.

Use "Arrays.toString(array)" instead.

Save and re-use this “Random”.

Either re-interrupt this method or rethrow the "InterruptedException".

Synchronize on a new "Object" instead. 

Replace the call to "Thread.sleep(...)" with a call to "wait(...)"

Use "BigDecimal.valueOf" instead 

Call "Optional#isPresent()" before accessing the value.

Use try-with-resources or close this "PreparedStatement" in a "finally" clause. 

漏洞 

 Make this "public static producer" field final

Use a logger to log this exception

Lower the visibility of this setter or remove it altogether.

Do something with the "boolean" value returned by "delete".

Make this "public static redisTemplate" field final

异味 

Reorder the modifiers to comply with the Java Language Specification.

Put single-quotes around '?' to use the faster "indexOf(char)" method.

Use a StringBuilder instead.

Replace "Collections.EMPTY_LIST" by "Collections.emptyList()"

Use isEmpty() to check whether the collection is empty or not.

Return an empty collection instead of null. 

Put single-quotes around '/' to use the faster "indexOf(char)" method. 

Combine this catch with the one at line 200,which has the same body 


Bugs

  • Use an "instanceof" comparison instead.

修改为:

 

  • Cast one of the operands of this integer division to a "double"

修改为:

 

  • Remove this throw statement from this finally block.

说明:finally块中使用returnbreakthrow等可以抑制trycatch块中抛出的任何未处理的Throwable的传播,修改为:

 

  • Remove this return statement from this finally block

说明:因为finally里面写了return语句的时候,就会覆盖掉try代码块里面的return。因为finally是肯定会执行的。例子如下:

上述代码修改为:

  • A "NullPointerException" could be thrown; "pkList" is nullable here.

增加空值判断,如下所示:

  • Use try-with-resources or close this "ResultSet" in a "finally" clause.

修改为:

或者参考如下:

  • Use "Arrays.toString(array)" instead.

修改为:

参考如下:

  • Save and re-use this Random.

说明:这种提示是随机数应该需要重用,然后他给出的参考是这样的

  • Either re-interrupt this method or rethrow the "InterruptedException".

修改为:

  • Synchronize on a new "Object" instead. 

修改为如下:

  

  • Replace the call to "Thread.sleep(...)" with a call to "wait(...)"

说明:如果在当前线程持有锁时调用Thread.sleep(…),则可能导致性能和可伸缩性问题,甚至更糟,因为持有锁的线程的执行被冻结。最好对monitor对象调用wait(…)来暂时释放锁并允许其他线程运行。修改为如下:

  • Use "BigDecimal.valueOf" instead 

说明:由于浮点不精确,您不太可能从BigDecimal(double)构造函数中获得预期的值。修改为如下:

  • Call "Optional#isPresent()" before accessing the value.

说明:Optional value可以保存值,也可以不保存。可选方法中的值可以使用get()方法访问,但它会抛出一个

如果不存在值,则NoSuchElementException。为了避免异常,应该总是在调用get()之前调用isPresent()方法。

另外,请注意其他方法,如orElse(…)orElseGet(…)orElseThrow(…),可用于指定如何处理空的可选对象。

修改为如下:

  • Use try-with-resources or close this "PreparedStatement" in a "finally" clause. 

修改为如下所示:使用try-with-resources语法

漏洞 

  •  Make this "public static producer" field final

修改为如下:

  • Use a logger to log this exception

修改为如下:

  • Lower the visibility of this setter or remove it altogether.

解决方法:去掉枚举中的set方法

  • Do something with the "boolean" value returned by "delete".

修改为如下:

  • Make this "public static redisTemplate" field final

修改为如下:

异味 

  • Reorder the modifiers to comply with the Java Language Specification.

说明:java语言规范建议按照以下顺序列出修饰符: 

1. Annotations

2. public

3. protected

4. private

5. abstract

6. static

7. final

8. transient

9. volatile

10. synchronized

11. native

12. strictfp

修改如下:

  • Put single-quotes around '?' to use the faster "indexOf(char)" method.

说明:带有单个字母字符串的indexOf或lastIndexOf调用可以通过切换到带有char参数的调用来提高性能。

修改如下:

  • Use a StringBuilder instead.

说明:字符串是不可变的对象,所以连接不是简单地将新字符串添加到现有字符串的末尾。相反,在每个循环迭代中,第一个字符串被转换为中间对象类型,第二个字符串被追加,然后中间对象被转换回字符串。而且,这些中间操作的性能会随着字符串变长而下降。因此,最好使用StringBuilder。

修改为如下:

  • Replace "Collections.EMPTY_LIST" by "Collections.emptyList()"

 

说明:由于在Java 5中引入了泛型,所以建议使用泛型类型(如List<String>),而不是使用原始类型(如List)。将原始类型分配给泛型类型是不安全的,并将生成警告。老EMPTY_……Collections类的字段返回原始类型,而较新的empty…()方法返回泛型类型。

修改如下:

  • Use isEmpty() to check whether the collection is empty or not.

修改如下:

  • Return an empty collection instead of null. 

说明:应该返回空数组和集合,而不是null

修改为:

  • Put single-quotes around '/' to use the faster "indexOf(char)" method. 

修改为:

  • Combine this catch with the one at line 200,which has the same body 

修改为:

©️2020 CSDN 皮肤主题: 大白 设计师: CSDN官方博客 返回首页
实付0元
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值