首页 > 美文鉴赏

SonarQubeJava规则描述

更新时间:2023-07-12 22:21:39 阅读：评论：0

SonarQubeJava规则描述

⽂章⽬录

阻断

1、“PreparedStatement” and “ResultSet” methods should be called with valid indices

PreparedStatement 与 ResultSet 参数设置与获取数据由序号 1 开始⽽⾮ 0。

PreparedStatement ps = con.prepareStatement("SELECT fname, lname FROM employees where hireDate > ? and salary < ?");

ps.tDate(0, date);// Noncompliant

科比最后一战

ps.tDouble(3, salary);// Noncompliant

ResultSet rs = ps.executeQuery();

()){

String fname = rs.getString(0);// Noncompliant

// ...

}

2、 “wait” should not be called when multiple locks are held

wait() ⽅法不应该在多重锁内被使⽤，此时线程只释放了内层锁，⽽没有释放外层锁，可能导致死锁。

1){// threadB can't enter this block to 2 lock & relea threadA

2){

<2.wait();// Noncompliant; threadA is stuck here holding lock 1

}

3、“wait(…)” should be ud instead of “Thread.sleep(…)” when a lock is held

当持有锁的当前线程调⽤ Thread.sleep (…) 时，可能导致死锁问题。因为被挂起的线程⼀直持有锁。合适的做法是调⽤锁对象的 wait ()释放锁让其它等待线程运⾏。

public void doSomething(){

synchronized(monitor){

while(notReady()){

Thread.sleep(200);

}

process();

}

...

}

应：

public void doSomething(){

synchronized(monitor){

gbpwhile(notReady()){

monitor.wait(200);

}

process();

}

...

}

4、Double-checked locking should not be ud

必能裨补阙漏单例懒汉模式：当变量没加 volatile 修饰时，不要使⽤双重检查

public class DoubleCheckedLocking {

private static Resource resource;

public static Resource getInstance(){

if(resource == null){

synchronized(DoubleCheckedLocking.class){

if(resource == null)

resource =new Resource();

}

return resource;

}

static class Resource {

}

应

public class SafeLazyInitialization {

private static Resource resource;

public synchronized static Resource getInstance(){

if(resource == null)

resource =new Resource();

return resource;

}

static class Resource {

}

5、Loops should not be infinit

不应该存在死循环。

int j;

while(true){// Noncompliant; end condition omitted

j++;

}

6、Methods “wait(…)”, “notify()” and “notifyAll()” should not be called on Thread instances

不应该调⽤线程实例的 “wait (…)”, “notify ()” and “notifyAll ()”。

Thread myThread =new Thread(new RunnableJob());

...

myThread.wait(2000);

7、Printf-style format strings should not lead to unexpected behavior at runtime

因为 Printf 风格格式化是在运⾏期解读，⽽不是在编译期检验，所以会存在风险。

String.format("Not enough arguments %d and %d",1);//Noncompliant; the cond argument is missing

String.format("The value of my integer is %d","Hello World");// Noncompliant; an 'int' is expected rather than a String

String.format("Duke's Birthday year is %tX", c);//Noncompliant; X is not a supported time conversion character

String.format("Display %0$d and then %d",1);//Noncompliant; arguments are numbered starting from 1

String.format("%< is equals to %d",2);//Noncompliant; the argument index '<' refers to the previous format specifier but there isn't one

8、Resources should be clod

打开的资源应该关闭并且放到 finally 块中进⾏关闭。可以使⽤ JDK7 的 try-with-resources 表达式

private void readTheFile()throws IOException {

Path path = (this.fileName);

BufferedReader reader = wBufferedReader(path,this.chart);

// ...

reader.clo();// Noncompliant

// ...

Files.lines("").forEach(System.out::println);// Noncompliant: The stream needs to be clod

}

private void doSomething(){

OutputStream stream = null;

try{

for(String property : propertyList){

stream =new FileOutputStream("");// Noncompliant

// ...

}

}catch(Exception e){

// ...

}finally{

stream.clo();// Multiple streams were opened. Only the last is clod.

}

对镜拍照技巧

严重

标记1、“runFinalizersOnExit” should not be called

默认情况 JVM 退出时是不运⾏ finalizers 的，System.runFinalizersOnExit 和 Runtime.runFinalizersOnExit 可以在 jvm 退出时运⾏，但是因为他们不安全⽽弃⽤。

public static void main(String [] args){

...

System.runFinalizersOnExit(true);// Noncompliant

}

protected void finalize(){

doSomething();

}

应:

Runtime.addShutdownHook(new Runnable(){

public void run(){

doSomething();

}

});

2、“ScheduledThreadPoolExecutor” should not have 0 core threads

urrent.ScheduledThreadPoolExecutor 由 corePoolSize 指定核⼼线程数，如果设置为 0 表⽰线程池⽆线程可⽤且不做任何事。

3、 “super.finalize()” should be called at the end of “Object.finalize()” implementations

protected void finalize(){

releaSomeResources();

super.finalize ();// 调⽤，最后调⽤

}

4、Dependencies should not have “system” scope

maven 依赖不应该有 system 类型的依赖范围，使得系统的可移植性低。

<groupId>javax.sql</groupId>

<artifactId>jdbc-stdext</artifactId>

<scope>system</scope>

</dependency>

5、Locks should be relead

保证锁能够被释放

public class MyClass {

private Lock lock =new Lock();

public void doSomething(){

lock.lock();// Noncompliant

if(isInitialized()){

/ ...

lock.unlock();

}蛇吃什么食物

}

应：

public class MyClass {

private Lock lock =new Lock();

public void doSomething(){

if(isInitialized()){

犹豫的意思是什么lock.lock();

/ ...

lock.unlock();

}电器着火怎么办

}

标记6、The signature of “finalize()” should match that of "Object.finalize()"普通⽅法不应该以 finalize 命名。以免和 Object.finalize() ⽅法混淆。

public int finalize(int someParameter){// Noncompliant

/* ... */

}

应：

public int someBetterName(int someParameter){// Compliant

/* ... */

}

7、Zero should not be a possible denominator

分母不应该为零

void test_divide(){

int z =0;

if(unknown()){

// ..

z =3;

}el{

// ..

}

z =1/ z;// Noncompliant, possible division by zero

}

主要

标记1、".equals()" should not be ud to test the values of “Atomic” class

不要使⽤ equals ⽅法对 AtomicXXX 进⾏是否相等的判断

飞跃老人院

Atomic 变量是设计来⽆锁解决原⼦性问题的，逻辑上他永远只会和⾃⾝相等，Atomic 变量没有重写 equals () ⽅法。

2、"=+" should not be ud instead of "+="

“=+” 与 “+=” 意义不同

a =+ b; 虽然正确但写法不合规，应写成 a = +b。

int target =-5;

int num =3;

target =- num;// Noncompliant; target = -3. Is that really what's meant?

target =+ num;// Noncompliant; target = 3

应：

int target =-5;

int num =3;

target =-num;// Compliant; intent to assign inver value of num is clear

target += num;

标记3、“BigDecimal(double)” should not be ud

因为浮点的不精确，使⽤ BigDecimal (double) 可能得不到期望的值。