SonarQube内嵌了Sonar way的扫描规则,不同语言具有不同版本,比如C#/Java/Javascript等,缺省从三个维度对规则进行划分,这篇文章以Sonarqube 5.6.5版本为例,将Java部分的相关的规则进行简单整理。
规则导出
使用下图的back up功能可将相关的规则导出成xml文件格式
规则状况
此版本的Java的Sonar way共有规则254条,相关的数量如下:
总类 | 规则数量 |
---|---|
缺陷(Bug) | 75 |
安全(Vulnerability) | 20 |
改善(Code Smell) | 159 |
缺陷
缺陷相关的规则 |
---|
“.equals()” should not be used to test the values of “Atomic” classes |
“@NonNull” values should not be set to null |
“BigDecimal(double)” should not be used |
“Calendars” and “DateFormats” should not be static |
“Cloneables” should implement “clone” |
“compareTo” should not return “Integer.MIN_VALUE” |
“Double.longBitsToDouble” should not be used for “int” |
“equals(Object obj)” and “hashCode()” should be overridden in pairs |
“equals(Object obj)” should be overridden along with the “compareTo(T obj)” method |
“equals(Object obj)” should test argument type |
“Externalizable” classes should have a no-arguments constructor |
“hashCode” and “toString” should not be called on array instances |
“instanceof” operators that always return “true” or “false” should be removed |
“InterruptedException” should not be ignored |
“Iterator.hasNext()” should not call “Iterator.next()” |
“Object.wait(…)” and “Condition.await(…)” should be called inside a “while” loop |
“Object.wait(…)” should never be called on objects that implement “java.util.concurrent.locks.Condition” |
“PreparedStatement” and “ResultSet” methods should be called with valid indices |
“read” and “readLine” return values should be used |
“return” statements should not occur in “finally” blocks |
“runFinalizersOnExit” should not be called |
“ScheduledThreadPoolExecutor” should not have 0 core threads |
“Serializable” inner classes of non-serializable classes should be “static” |
“SingleConnectionFactory” instances should be set to “reconnectOnException” |
“toString()” and “clone()” methods should not return null |
“wait(…)”, “notify()” and “notifyAll()” methods should only be called when a lock is obviously held on an object |
A “for” loop update clause should move the counter in the right direction |
Assertions should be complete |
Assignments should not be made from within sub-expressions |
Classes should not be compared by name |
Collections should not be passed as arguments to their own methods |
Conditions should not unconditionally evaluate to “TRUE” or to “FALSE” |
Custom serialization method signatures should meet requirements |
Default EJB interceptors should be declared in “ejb-jar.xml” |
Dissimilar primitive wrappers should not be used with the ternary operator without explicit casting |
Fields in a “Serializable” class should either be transient or serializable |
Floating point numbers should not be tested for equality |
Identical expressions should not be used on both sides of a binary operator |
IllegalMonitorStateException should not be caught |
Inappropriate “Collection” calls should not be made |
Inappropriate regular expressions should not be used |
Instance methods should not write to “static” fields |
Ints and long |