sonarQube扫描bug、漏洞处理汇总

目录

Bugs

Use an "instanceof" comparison instead.

Cast one of the operands of this integer division to a "double"

Remove this throw statement from this finally block.

Remove this return statement from this finally block

A "NullPointerException" could be thrown; "pkList" is nullable here.

Use try-with-resources or close this "ResultSet" in a "finally" clause.

Use "Arrays.toString(array)" instead.

Save and re-use this “Random”.

Either re-interrupt this method or rethrow the "InterruptedException".

Synchronize on a new "Object" instead. 

Replace the call to "Thread.sleep(...)" with a call to "wait(...)"

Use "BigDecimal.valueOf" instead 

Call "Optional#isPresent()" before accessing the value.

Use try-with-resources or close this "PreparedStatement" in a "finally" clause. 

漏洞 

 Make this "public static producer" field final

Use a logger to log this exception

Lower the visibility of this setter or remove it altogether.

Do something with the "boolean" value returned by "delete".

Make this "public static redisTemplate" field final

Implement Iterator rather than Enumeration.

Reduce the total number of break and continue statements in this loop to use at most one. 

Use classes from the Java API instead of Sun classes. 

Remove this use of "encode"; it is deprecated.

异味 

Reorder the modifiers to comply with the Java Language Specification.

Put single-quotes around '?' to use the faster "indexOf(char)" method.

Use a StringBuilder instead.

Replace "Collections.EMPTY_LIST" by "Collections.emptyList()"

Use isEmpty() to check whether the collection is empty or not.

Return an empty collection instead of null. 

Put single-quotes around '/' to use the faster "indexOf(char)" method. 

Combine this catch with the one at line 200,which has the same body 

Add a nested comment explaining why this method is empty, throw an UnsupportedOperationException or complete the implementation. 

Make this "code" field final.

Replace this lambda with a method reference. 

---

Bugs

• Use an "instanceof" comparison instead.

修改为：

• Cast one of the operands of this integer division to a "double"

修改为：

 

• Remove this throw statement from this finally block.

说明：在finally块中使用return、break、throw等可以抑制try或catch块中抛出的任何未处理的Throwable的传播，修改为：

 

• Remove this return statement from this finally block

说明：因为finally里面写了return语句的时候，就会覆盖掉try代码块里面的return。因为finally是肯定会执行的。例子如下：

上述代码修改为：

• A "NullPointerException" could be thrown; "pkList" is nullable here.

增加空值判断，如下所示：

• Use try-with-resources or close this "ResultSet" in a "finally" clause.

修改为：

或者参考如下：

• Use "Arrays.toString(array)" instead.

修改为：

参考如下：

• Save and re-use this “Random”.

说明：这种提示是随机数应该需要重用，然后他给出的参考是这样的

• Either re-interrupt this method or rethrow the "InterruptedException".

修改为：

• Synchronize on a new "Object" instead. 

修改为如下：

  

• Replace the call to "Thread.sleep(...)" with a call to "wait(...)"

说明：如果在当前线程持有锁时调用Thread.sleep（…），则可能导致性能和可伸缩性问题，甚至更糟，因为持有锁的线程的执行被冻结。最好对monitor对象调用wait（…）来暂时释放锁并允许其他线程运行。修改为如下：

• Use "BigDecimal.valueOf" instead 

说明：由于浮点不精确，您不太可能从BigDecimal(double)构造函数中获得预期的值。修改为如下：

• Call "Optional#isPresent()" before accessing the value.

说明：Optional value可以保存值，也可以不保存。可选方法中的值可以使用get()方法访问，但它会抛出一个

如果不存在值，则NoSuchElementException。为了避免异常，应该总是在调用get()之前调用isPresent()方法。

另外，请注意其他方法，如orElse(…)、orElseGet(…)或orElseThrow(…)，可用于指定如何处理空的可选对象。

修改为如下：

• Use try-with-resources or close this "PreparedStatement" in a "finally" clause. 

修改为如下所示：使用try-with-resources语法

漏洞 

•  Make this "public static producer" field final

修改为如下：

• Use a logger to log this exception

修改为如下：

• Lower the visibility of this setter or remove it altogether.

解决方法：去掉枚举中的set方法

• Do something with the "boolean" value returned by "delete".

修改为如下：

• Make this "public static redisTemplate" field final

修改为如下：

• Implement Iterator rather than Enumeration.

修改为如下：

• Reduce the total number of break and continue statements in this loop to use at most one. 

修改为如下：

• Use classes from the Java API instead of Sun classes. 

修改为如下：

原方法

BASE64Encoder encoder = new BASE64Encoder();

String imagestr =  encoder.encode(captcha);

BASE64Decoder decoder = new BASE64Decoder();

byte[] bytes = decoder.decodeBuffer(imagestr);

现方法

import java.util.Base64.Encoder
import java.util.Base64.Decoder
 
Encoder encoder = Base64.getEncoder();
String result = encoder.encodeToString(byteArray);
 
Decoder decoder = Base64.getDecoder();
byte[] result = decoder.decode(str);

• Remove this use of "encode"; it is deprecated.

修改为如下：

异味 

• Reorder the modifiers to comply with the Java Language Specification.

说明：java语言规范建议按照以下顺序列出修饰符: 

1. Annotations

2. public

3. protected

4. private

5. abstract

6. static

7. final

8. transient

9. volatile

10. synchronized

11. native

12. strictfp

修改如下：

• Put single-quotes around '?' to use the faster "indexOf(char)" method.

说明：带有单个字母字符串的indexOf或lastIndexOf调用可以通过切换到带有char参数的调用来提高性能。

修改如下：

• Use a StringBuilder instead.

说明：字符串是不可变的对象，所以连接不是简单地将新字符串添加到现有字符串的末尾。相反，在每个循环迭代中，第一个字符串被转换为中间对象类型，第二个字符串被追加，然后中间对象被转换回字符串。而且，这些中间操作的性能会随着字符串变长而下降。因此，最好使用StringBuilder。

修改为如下：

• Replace "Collections.EMPTY_LIST" by "Collections.emptyList()"

 

说明：由于在Java 5中引入了泛型，所以建议使用泛型类型(如List<String>)，而不是使用原始类型(如List)。将原始类型分配给泛型类型是不安全的，并将生成警告。老EMPTY_……Collections类的字段返回原始类型，而较新的empty…()方法返回泛型类型。

修改如下：

• Use isEmpty() to check whether the collection is empty or not.

修改如下：

• Return an empty collection instead of null. 

说明：应该返回空数组和集合，而不是null

修改为：

• Put single-quotes around '/' to use the faster "indexOf(char)" method. 

修改为：

• Combine this catch with the one at line 200,which has the same body 

修改为：

• Add a nested comment explaining why this method is empty, throw an UnsupportedOperationException or complete the implementation. 

修改为：

• Make this "code" field final. 

修改为：

• Replace this lambda with a method reference. 

修改为：