sonarqube基础:扫描规则:1: Sonar way之Java版

本文介绍了SonarQube 5.6.5版本中针对Java的Sonar way规则,包括规则导出、状况分析,以及缺陷、安全和改善三个方面。总共有254条规则,涉及Bug、Vulnerability、Code Smell等多个维度,后续会讲解如何自定义Sonar的profile。
摘要由CSDN通过智能技术生成

SonarQube内嵌了Sonar way的扫描规则,不同语言具有不同版本,比如C#/Java/Javascript等,缺省从三个维度对规则进行划分,这篇文章以Sonarqube 5.6.5版本为例,将Java部分的相关的规则进行简单整理。

规则导出

使用下图的back up功能可将相关的规则导出成xml文件格式
在这里插入图片描述

规则状况

此版本的Java的Sonar way共有规则254条,相关的数量如下:

总类 规则数量
缺陷(Bug) 75
安全(Vulnerability) 20
改善(Code Smell) 159

缺陷

缺陷相关的规则
“.equals()” should not be used to test the values of “Atomic” classes
“@NonNull” values should not be set to null
“BigDecimal(double)” should not be used
“Calendars” and “DateFormats” should not be static
“Cloneables” should implement “clone”
“compareTo” should not return “Integer.MIN_VALUE”
“Double.longBitsToDouble” should not be used for “int”
“equals(Object obj)” and “hashCode()” should be overridden in pairs
“equals(Object obj)” should be overridden along with the “compareTo(T obj)” method
“equals(Object obj)” should test argument type
“Externalizable” classes should have a no-arguments constructor
“hashCode” and “toString” should not be called on array instances
“instanceof” operators that always return “true” or “false” should be removed
“InterruptedException” should not be ignored
“Iterator.hasNext()” should not call “Iterator.next()”
“Object.wait(…)” and “Condition.await(…)” should be called inside a “while” loop
“Object.wait(…)” should never be called on objects that implement “java.util.concurrent.locks.Condition”
“PreparedStatement” and “ResultSet” methods should be called with valid indices
“read” and “readLine” return values should be used
“return” statements should not occur in “finally” blocks
“runFinalizersOnExit” should not be called
“ScheduledThreadPoolExecutor” should not have 0 core threads
“Serializable” inner classes of non-serializable classes should be “static”
“SingleConnectionFactory” instances should be set to “reconnectOnException”
“toString()” and “clone()” methods should not return null
“wait(…)”, “notify()” and “notifyAll()” methods should only be called when a lock is obviously held on an object
A “for” loop update clause should move the counter in the right direction
Assertions should be complete
Assignments should not be made from within sub-expressions
Classes should not be compared by name
Collections should not be passed as arguments to their own methods
Conditions should not unconditionally evaluate to “TRUE” or to “FALSE”
Custom serialization method signatures should meet requirements
Default EJB interceptors should be declared in “ejb-jar.xml”
Dissimilar primitive wrappers should not be used with the ternary operator without explicit casting
Fields in a “Serializable” class should either be transient or serializable
Floating point numbers should not be tested for equality
Identical expressions should not be used on both sides of a binary operator
IllegalMonitorStateException should not be caught
Inappropriate “Collection” calls should not be made
Inappropriate regular expressions should not be used
Instance methods should not write to “static” fields
Ints and long
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值