Anda di halaman 1dari 51

Reglas ITSS

Blocker
Critical
Major
Minor
Info
Total

Integra

12
219
208
19
173
631

Blocker
Critical
Major
Minor
Info
Total

Regla
Findbugs
PMD
Checkstyle

0
489
41276
1583
11550
54898

Total

Blocker
543
70
18

12
0
0

Critical

Major
205
13
1

Minor
141
55
12

Info
13
2
4

172
0
1

Listado de Reglas
Nombre de la regla
Correctness - A known null value is checked to see if it is an instance of a type
Correctness - Impossible cast
Correctness - Impossible downcast
Correctness - Impossible downcast of toArray() result
Correctness - Null value is guaranteed to be dereferenced
Correctness - close() invoked on a value that is always null
Correctness - equals method always returns false
Correctness - equals method always returns true
Correctness - equals(...) used to compare incompatible arrays
Performance - Maps and sets of URLs can be performance hogs
Performance - The equals and hashCode methods of URL are blocking
Security - Hardcoded constant database password
Avoid Catching Throwable
Bad practice - Check for sign of bitwise operation
Bad practice - Class defines compareTo(...) and uses Object.equals()
Bad practice - Class defines equals() and uses Object.hashCode()
Bad practice - Class defines hashCode() and uses Object.equals()
Bad practice - Class defines hashCode() but not equals()
Bad practice - Class inherits equals() and uses Object.hashCode()
Bad practice - Clone method may return null
Bad practice - Equals method should not assume anything about the type of its argument
Bad practice - Finalizer nullifies superclass finalizer
Bad practice - Method may fail to close database resource
Bad practice - Method may fail to close database resource on exception
Bad practice - Method may fail to close stream
Bad practice - Method may fail to close stream on exception
Bad practice - Non-serializable value stored into instance field of a serializable class
Bad practice - Random object created and used only once
Bad practice - Static initializer creates instance before all static final fields assigned
Bad practice - Store of non serializable object into HttpSession
Bad practice - Suspicious reference comparison
Bad practice - Unchecked type in generic call
Bad practice - equals method fails for subtypes
Bad practice - equals() method does not check for null argument
Bad practice - serialVersionUID isn't final
Bad practice - toString method may return null
Broken Null Check
Class defines equal(Object); should it be equals(Object)?
Class defines hashcode(); should it be hashCode()?
Correctness - "." used for regular expression
Correctness - A collection is added to itself
Correctness - A parameter is dead upon entry to a method but overwritten
Correctness - An apparent infinite loop
Correctness - An apparent infinite recursive loop
Correctness - Bad attempt to compute absolute value of signed 32-bit hashcode
Correctness - Bad attempt to compute absolute value of signed 32-bit random integer

Correctness - Bad comparison of nonnegative value with negative constant


Correctness - Bad comparison of signed byte
Correctness - Bad constant value for month
Correctness - Bitwise OR of signed byte value
Correctness - Bitwise add of signed byte value
Correctness - Call to equals() comparing different interface types
Correctness - Call to equals() comparing different types
Correctness - Call to equals() comparing unrelated class and interface
Correctness - Call to equals() with null argument
Correctness - Check for sign of bitwise operation
Correctness - Check to see if ((...) & 0) == 0
Correctness - Class overrides a method implemented in super class Adapter wrongly
Correctness - Collections should not contain themselves
Correctness - Dead store of class literal
Correctness - Don't use removeAll to clear a collection
Correctness - Doomed attempt to append to an object output stream
Correctness - Doomed test for equality to NaN
Correctness - Double assignment of field
Correctness - Double.longBitsToDouble invoked on an int
Correctness - Exception created and dropped rather than thrown
Correctness - Explicit annotation inconsistent with use
Correctness - Explicit annotation inconsistent with use
Correctness - Field only ever set to null
Correctness - File.separator used for regular expression
Correctness - Format string placeholder incompatible with passed argument
Correctness - Format string references missing argument
Correctness - Illegal format string
Correctness - Incompatible bit masks
Correctness - Incompatible bit masks
Correctness - Integer multiply of result of integer remainder
Correctness - Integer remainder modulo 1
Correctness - Integer shift by an amount not in the range 0..31
Correctness - Invalid syntax for regular expression
Correctness - Invocation of equals() on an array, which is equivalent to ==
Correctness - Invocation of hashCode on an array
Correctness - Invocation of toString on an array
Correctness - Invocation of toString on an array
Correctness - JUnit assertion in run method will not be noticed by JUnit
Correctness - Method assigns boolean literal in boolean expression
Correctness - Method attempts to access a prepared statement parameter with index 0
Correctness - Method attempts to access a result set field with index 0
Correctness - Method call passes null for nonnull parameter
Correctness - Method call passes null for nonnull parameter
Correctness - Method call passes null to a nonnull parameter
Correctness - Method may return null, but is declared @NonNull
Correctness - Method performs math using floating point precision
Correctness - No previous argument for format string
Correctness - No relationship between generic parameter and method argument
Correctness - Non-virtual method call passes null for nonnull parameter
Correctness - Nonsensical self computation involving a field (e.g., x & x)

Correctness - Nonsensical self computation involving a variable (e.g., x & x)


Correctness - Null pointer dereference
Correctness - Null pointer dereference in method on exception path
Correctness - Nullcheck of value previously dereferenced
Correctness - Number of format-string arguments does not correspond to number of placeholders
Correctness - Overwritten increment
Correctness - Possible null pointer dereference
Correctness - Possible null pointer dereference in method on exception path
Correctness - Primitive array passed to function expecting a variable number of object arguments
Correctness - Self assignment of field
Correctness - Self comparison of field with itself
Correctness - Self comparison of value with itself
Correctness - Signature declares use of unhashable class in hashed construct
Correctness - Static Thread.interrupted() method invoked on thread instance
Correctness - Store of null value into field annotated NonNull
Correctness - TestCase declares a bad suite method
Correctness - TestCase defines setUp that doesn't call super.setUp()
Correctness - TestCase defines tearDown that doesn't call super.tearDown()
Correctness - TestCase has no tests
Correctness - TestCase implements a non-static suite method
Correctness - The type of a supplied argument doesn't match format specifier
Correctness - Uncallable method defined in anonymous class
Correctness - Unnecessary type check done using instanceof operator
Correctness - Unneeded use of currentThread() call, to call interrupted()
Correctness - Use of class without a hashCode() method in a hashed data structure
Correctness - Useless assignment in return statement
Correctness - Useless control flow to next line
Correctness - Using pointer equality to compare different types
Correctness - Vacuous call to collections
Correctness - Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required
Correctness - Value annotated as never carrying a type qualifier used where value carrying that qualifier is required
Correctness - Value is null and guaranteed to be dereferenced on exception path
Correctness - Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier
Correctness - Value that might not carry a type qualifier is always used in a way requires that type qualifier
Correctness - equals() used to compare array and nonarray
Correctness - hasNext method invokes next
Correctness - instanceof will always return false
Correctness - int value cast to double and then passed to Math.ceil
Correctness - int value cast to float and then passed to Math.round
Dead store due to switch statement fall through
Dead store due to switch statement fall through to throw
Do not call garbage collection explicitly
Dodgy - Check for oddness that won't work for negative numbers
Dodgy - Class exposes synchronization and semaphores in its public interface
Dodgy - Class extends Servlet class and uses instance variables
Dodgy - Class extends Struts Action class and uses instance variables
Dodgy - Code contains a hard coded reference to an absolute pathname
Dodgy - Complicated, subtle or wrong increment in for-loop
Dodgy - Computation of average could overflow
Dodgy - Dead store of null to local variable

Dodgy - Dead store to local variable


Dodgy - Dereference of the result of readLine() without nullcheck
Dodgy - Double assignment of local variable
Dodgy - Immediate dereference of the result of readLine()
Dodgy - Initialization circularity
Dodgy - Invocation of substring(0), which returns the original value
Dodgy - Load of known null value
Dodgy - Method directly allocates a specific implementation of xml interfaces
Dodgy - Method uses the same code for two branches
Dodgy - Method uses the same code for two switch clauses
Dodgy - Non serializable object written to ObjectOutput
Dodgy - Parameter must be nonnull but is marked as nullable
Dodgy - Possible null pointer dereference due to return value of called method
Dodgy - Possible null pointer dereference on path that might be infeasible
Dodgy - Potentially dangerous use of non-short-circuit logic
Dodgy - Questionable cast to concrete collection
Dodgy - Redundant comparison of non-null value to null
Dodgy - Redundant comparison of two null values
Dodgy - Redundant nullcheck of value known to be non-null
Dodgy - Redundant nullcheck of value known to be null
Dodgy - Remainder of 32-bit signed random integer
Dodgy - Remainder of hashCode could be negative
Dodgy - Result of integer multiplication cast to long
Dodgy - Self assignment of local variable
Dodgy - Test for floating point equality
Dodgy - Unchecked/unconfirmed cast
Dodgy - Unsigned right shift cast to short/byte
Dodgy - Useless control flow
Dodgy - Vacuous bit mask operation on integer value
Dodgy - Vacuous comparison of integer value
Dodgy - Write to static field from instance method
Dodgy - instanceof will always return true
Dodgy - int division result cast to double or float
Empty Catch Block
Empty Finally Block
Empty If Stmt
Empty While Stmt
Equals Hash Code
Equals Null
Malicious code vulnerability - Public static method may expose internal representation by returning array
Missing Break In Switch
Multithreaded correctness - Call to static Calendar
Multithreaded correctness - Call to static DateFormat
Multithreaded correctness - Class's readObject() method is synchronized
Multithreaded correctness - Class's writeObject() method is synchronized but nothing else is
Multithreaded correctness - Condition.await() not in loop
Multithreaded correctness - Constructor invokes Thread.start()
Multithreaded correctness - Field not guarded against concurrent access
Multithreaded correctness - Inconsistent synchronization
Multithreaded correctness - Incorrect lazy initialization and update of static field

Multithreaded correctness - Incorrect lazy initialization of static field


Multithreaded correctness - Method calls Thread.sleep() with a lock held
Multithreaded correctness - Method does not release lock on all exception paths
Multithreaded correctness - Method does not release lock on all paths
Multithreaded correctness - Mismatched notify()
Multithreaded correctness - Mismatched wait()
Multithreaded correctness - Naked notify
Multithreaded correctness - Static Calendar
Multithreaded correctness - Static DateFormat
Multithreaded correctness - Sychronization on getClass rather than class literal
Multithreaded correctness - Synchronization on Boolean could lead to deadlock
Multithreaded correctness - Synchronization on boxed primitive could lead to deadlock
Multithreaded correctness - Synchronization on boxed primitive values
Multithreaded correctness - Synchronization on interned String could lead to deadlock
Multithreaded correctness - Synchronization performed on java.util.concurrent Lock
Multithreaded correctness - Using notify() rather than notifyAll()
Multithreaded correctness - Wait not in loop
Naming - Suspicious equals method name
Performance - Huge string constants is duplicated across multiple class files
Performance - Inefficient use of keySet iterator instead of entrySet iterator
Performance - Method calls static Math class method on a constant value
Performance - Method concatenates strings using + in a loop
Performance - Method invokes inefficient Number constructor; use static valueOf instead
Performance - Method uses toArray() with zero-length array argument
Performance - Private method is never called
Security - A prepared statement is generated from a nonconstant String
Security - Array is stored directly
Security - Empty database password
Security - JSP reflected cross site scripting vulnerability
Security - Nonconstant string passed to execute method on an SQL statement
Security - Servlet reflected cross site scripting vulnerability
Security - Servlet reflected cross site scripting vulnerability
Switch statement found where one case falls through to the next case
Unconditional If Statement
Useless Operation On Immutable
Correctenss - Constructor makes call to non-final method [fb-contrib]
Correctness - Abstract method overrides a concrete implementation [fb-contrib]
Correctness - Class creates and initializes a collection but never reads or gains information from it [fb-contrib]
Correctness - Class defines fields that are used only as locals [fb-contrib]
Correctness - Class defines methods which confuse Character with int parameters [fb-contrib]
Correctness - Class defines static field that appears to allow memory bloat [fb-contrib]
Correctness - Class doesn't serialize superclass fields [fb-contrib]
Correctness - Class extends JComponent but does not implement Accessible interface [fb-contrib]
Correctness - Class has abnormal exit from finally block [fb-contrib]
Correctness - Class relies on internal api classes [fb-contrib]
Correctness - Clone method stores a new value to member field of source object [fb-contrib]
Correctness - Comparator method doesn't seem to return all ordering values [fb-contrib]
Correctness - Constructor declares a Logger parameter [fb-contrib]
Correctness - Correctness - Method calls intern on a string constant [fb-contrib]
Correctness - Equals method compares this object against other types in a non symmetric way [fb-contrib]

Correctness - Gui uses absolute layout [fb-contrib]


Correctness - JLabel doesn't specify what it's labeling [fb-contrib]
Correctness - Method accesses list or array with constant index [fb-contrib]
Correctness - Method appears to pass character to StringBuffer or StringBuilder integer constructor [fb-contrib]
Correctness - Method asserts that an auto-boxed value is not null [fb-contrib]
Correctness - Method assigns a value to a local twice in a row [fb-contrib]
Correctness - Method calls BigDecimal.equals() [fb-contrib]
Correctness - Method calls InetAddress.getLocalHost() [fb-contrib]
Correctness - Method calls Runtime.exit() or Runtime.halt() [fb-contrib]
Correctness - Method calls deprecated SecureRandom method [fb-contrib]
Correctness - Method calls equals on an enum instance [fb-contrib]
Correctness - Method calls wait when await was probably intended [fb-contrib]
Correctness - Method checks the result of a new allocation [fb-contrib]
Correctness - Method compares a double to Double.NAN [fb-contrib]
Correctness - Method creates DOM node but doesn't attach it to a document [fb-contrib]
Correctness - Method creates and initializes a collection but never reads or gains information from it [fb-contrib]
Correctness - Method creates insecure Random object [fb-contrib]
Correctness - Method creates iterators on synchronized collections [fb-contrib]
Correctness - Method creates local variable-based synchronized collection [fb-contrib]
Correctness - Method creates promiscuous ServerSocket object [fb-contrib]
Correctness - Method defines parameters more abstractly than needed to function properly [fb-contrib]
Correctness - Method deletes collection element while iterating [fb-contrib]
Correctness - Method encodes String bytes without specifying the character encoding [fb-contrib]
Correctness - Method explicitly sets the color of a Component [fb-contrib]
Correctness - Method manually casts the right hand side of an assignment more specifically than needed [fb-contrib]
Correctness - Method modifies collection element while iterating [fb-contrib]
Correctness - Method modifies http session attribute without calling setAttribute [fb-contrib]
Correctness - Method needlessly implements what is default streaming behavior [fb-contrib]
Correctness - Method passes a negative number as a bit to a BitSet which isn't supported [fb-contrib]
Correctness - Method passes a non array object to a parameter that expects an array [fb-contrib]
Correctness - Method passes a non calendar object to Calendar.before or Calendar.after [fb-contrib]
Correctness - Method passes constant string to title/label of component [fb-contrib]
Correctness - Method passes double value to BigDecimal Constructor [fb-contrib]
Correctness - Method performs a contravariant array assignment [fb-contrib]
Correctness - Method performs a contravariant array element assignment [fb-contrib]
Correctness - Method performs algorithmic operations on the result of a toString() call [fb-contrib]
Correctness - Method puts non-String values into a Properties object [fb-contrib]
Correctness - Method returns an array that appears not to be initialized [fb-contrib]
Correctness - Method serializes an instance of a non-static inner class [fb-contrib]
Correctness - Method specifies an unrelated class when allocating a Logger [fb-contrib]
Correctness - Method tests a field for not null as guard and reassigns it [fb-contrib]
Correctness - Method tests a local variable for not null as guard and reassigns it [fb-contrib]
Correctness - Method throws alternative exception from catch block without history [fb-contrib]
Correctness - Method treats null and normal strings differently than an empty strings [fb-contrib]
Correctness - Method triggers finalization [fb-contrib]
Correctness - Method uses Properties.put instead of Properties.setProperty [fb-contrib]
Correctness - Method uses array as basis of collection [fb-contrib]
Correctness - Method uses floating point indexed loops [fb-contrib]
Correctness - Method uses invalid C++ style null check on Boolean [fb-contrib]
Correctness - Method uses jdbc vendor specific classes and methods [fb-contrib]

Correctness - Method uses non standard math constant [fb-contrib]


Correctness - Method uses reflection to call a method available on java.lang.Object [fb-contrib]
Correctness - Method uses rt.jar class or method that does not exist [fb-contrib]
Correctness - Method uses same bean's getter value for setter [fb-contrib]
Correctness - Non derivable method declares throwing an exception that isn't thrown [fb-contrib]
Correctness - Serializable class defines a final transient field [fb-contrib]
Correctness - Tag library is not recycleable [fb-contrib]
Correctness - Window sets size manually, and doesn't use pack [fb-contrib]
Experimental - Abstract Method is already defined in implemented interface
Experimental - Bad Applet Constructor relies on uninitialized AppletStub
Experimental - Calls to equals on a final class that doesn't override Object's equals method
Experimental - Method accesses a private member variable of owning class
Experimental - Method may fail to clean up stream or resource
Experimental - Method superfluously delegates to parent class method
Experimental - Missing expected or desired warning from FindBugs
Experimental - Potential lost logger changes due to weak reference in OpenJDK
Experimental - Test for circular dependencies among classes
Experimental - Unexpected/undesired warning from FindBugs
Internationalization - Consider using Locale parameterized version of invoked method
MT Correctness - Method attempts to manually schedule threads [fb-contrib]
MT Correctness - Method calls Condition.signal() rather than Condition.signalAll() [fb-contrib]
MT Correctness - Method calls Locale.setDefault() [fb-contrib]
MT Correctness - Method calls wait, notify or notifyAll on a Thread instance [fb-contrib]
MT Correctness - Method ignores Lock's fairness settings by calling tryLock() [fb-contrib]
MT Correctness - Method sleeps without timeout [fb-contrib]
MT Correctness - Method tests if a lock is locked [fb-contrib]
MT Correctness - Method uses suspicious thread priorities [fb-contrib]
Performance - Class defines List based fields but uses them like Sets [fb-contrib]
Performance - Class defines unneeded synchronization on member collection [fb-contrib]
Performance - Class uses an ordinary set or map with an enum class as the key [fb-contrib]
Performance - Method allocates an object that is used in a constant way in a loop [fb-contrib]
Performance - Method appears to call the same method on the same object redundantly [fb-contrib]
Performance - Method assigns a variable in a larger scope then is needed [fb-contrib]
Performance - Method compares string without case after enforcing a case [fb-contrib]
Performance - Method concatenates an empty string to effect type conversion [fb-contrib]
Performance - Method converts String to boxed primitive using excessive boxing [fb-contrib]
Performance - Method converts String to primitive using excessive boxing [fb-contrib]
Performance - Method converts StringBuffer or Builder to String just to get it's length [fb-contrib]
Performance - Method copies arrays manually [fb-contrib]
Performance - Method creates Boxed primitive from primitive only to cast to another primitive type [fb-contrib]
Performance - Method creates Boxed primitive from primitive only to get primitive value [fb-contrib]
Performance - Method creates array using constants [fb-contrib]
Performance - Method employs tail recursion [fb-contrib]
Performance - Method executes sql queries inside of loops [fb-contrib]
Performance - Method fetches character array just to do the equivalent of the charAt method [fb-contrib]
Performance - Method invokes toString() method on a String
Performance - Method needlessly boxes a boolean constant [fb-contrib]
Performance - Method overly synchronizes a block of code [fb-contrib]
Performance - Method passes constant String of length 1 to character overridden method [fb-contrib]
Performance - Method passes empty string to StringBuffer of StringBuilder constructor [fb-contrib]

Performance - Method passes parsed string to primitive wrapper constructor [fb-contrib]


Performance - Method passes primitive wrapper to Wrapper class valueOf method [fb-contrib]
Performance - Method passes primitive wrapper to same primitive wrapper constructor [fb-contrib]
Performance - Method passes simple concatenating string in StringBuffer or StringBuilder append [fb-contrib]
Performance - Method performs time consuming operation in gui thread [fb-contrib]
Performance - Method retrieves instance to load static member [fb-contrib]
Performance - Method uses a set of collections [fb-contrib]
Performance - Method uses a trinary operator to cast a boolean to true or false [fb-contrib]
Performance - Method uses two date comparisons when one would do [fb-contrib]
Style - Class 'overloads' a method with both instance and static versions [fb-contrib]
Style - Class appears to implement the old style type safe enum pattern [fb-contrib]
Style - Class defines a serialVersionUID as non private [fb-contrib]
Style - Class defines two or more one for one associated lists or arrays [fb-contrib]
Style - Class implements interface by relying on unknowing superclass methods [fb-contrib]
Style - Class uses non owned variables to synchronize on [fb-contrib]
Style - Code calls a method passing the same value to two different arguments [fb-contrib]
Style - Constrained method converts checked exception to unchecked [fb-contrib]
Style - Constrained method converts checked exception to unchecked instead of another allowable checked exception [fb-contrib]
Style - Empty method could be declared abstract [fb-contrib]
Style - Inherited method returns more specific type of object than declared [fb-contrib]
Style - Method accesses statically bound class with Class.forName [fb-contrib]
Style - Method adds unrelated types to collection or array [fb-contrib]
Style - Method asserts that a value is true or false [fb-contrib]
Style - Method asserts that two doubles are exactly equal [fb-contrib]
Style - Method builds String array using String Tokenizing [fb-contrib]
Style - Method builds xml strings through adhoc concatenation [fb-contrib]
Style - Method calls getProperties just to get one property, use getProperty instead [fb-contrib]
Style - Method calls keySet() just to call contains, use containsKey instead [fb-contrib]
Style - Method calls static method on instance reference [fb-contrib]
Style - Method checks the size of a collection against zero rather than using isEmpty() [fb-contrib]
Style - Method declares RuntimeException in throws clause [fb-contrib]
Style - Method defines parameter list with array as last argument, rather than vararg [fb-contrib]
Style - Method does not define a parameter as final, but could [fb-contrib]
Style - Method excessively uses methods of another class [fb-contrib]
Style - Method is implemented with an exact copy of it's superclass's method [fb-contrib]
Style - Method makes literal string comparisons passing the literal as an argument [fb-contrib]
Style - Method manually creates array from collection [fb-contrib]
Style - Method needlessly defines parameter with concrete classes [fb-contrib]
Style - Method passes an empty string to equalsIgnoreCase or compareToIgnoreCase [fb-contrib]
Style - Method passes constant to second (actual) assertion parameter [fb-contrib]
Style - Method returns different types of unrelated Objects [fb-contrib]
Style - Method returns modified parameter [fb-contrib]
Style - Method returns more specific type of object than declared [fb-contrib]
Style - Method returns null for Boolean type [fb-contrib]
Style - Method stores return result in local before immediately returning it [fb-contrib]
Style - Method stutters exception message in logger [fb-contrib]
Style - Method throws exception with static message string [fb-contrib]
Style - Method uses 1 element array to simulate call by reference [fb-contrib]
Style - Method uses a Side Effect Constructor [fb-contrib]
Style - Method uses instanceof on multiple types to arbitrate logic [fb-contrib]

Style - Method uses integer based for loops to iterate over a List [fb-contrib]
Style - Method uses old non collections interface methods [fb-contrib]
Style - Method uses simple loop to copy contents of one collection to another [fb-contrib]
Style - Method uses the same HttpRequest parameter name but with different casing [fb-contrib]
Style - Method uses the same HttpSession attribute name but with different casing [fb-contrib]
Style - Private method only returns one constant value [fb-contrib]
Style - Unconstrained method converts checked exception to unchecked [fb-contrib]
Unused Imports
Abstract naming
Assignment To Non Final Static
Avoid Catching NPE
Avoid Duplicate Literals
Avoid Print Stack Trace
Avoid Throwing Null Pointer Exception
Avoid Throwing Raw Exception Types
Avoid Using Octal Values
Bad practice - Abstract class defines covariant compareTo() method
Bad practice - Abstract class defines covariant equals() method
Bad practice - Certain swing methods needs to be invoked in Swing thread
Bad practice - Class defines clone() but doesn't implement Cloneable
Bad practice - Class defines equals() but not hashCode()
Bad practice - Class implements Cloneable but does not define or use clone method
Bad practice - Class is Externalizable but doesn't define a void constructor
Bad practice - Class is Serializable but its superclass doesn't define a void constructor
Bad practice - Class is Serializable, but doesn't define serialVersionUID
Bad practice - Class is not derived from an Exception, even though it is named as such
Bad practice - Class names shouldn't shadow simple name of implemented interface
Bad practice - Class names shouldn't shadow simple name of superclass
Bad practice - Classloaders should only be created inside doPrivileged block
Bad practice - Comparator doesn't implement Serializable
Bad practice - Comparison of String objects using == or !=
Bad practice - Comparison of String parameter using == or !=
Bad practice - Confusing method names
Bad practice - Covariant compareTo() method defined
Bad practice - Covariant equals() method defined
Bad practice - Creates an empty jar file entry
Bad practice - Creates an empty zip file entry
Bad practice - Dubious catching of IllegalMonitorStateException
Bad practice - Empty finalizer should be deleted
Bad practice - Equals checks for noncompatible operand
Bad practice - Explicit invocation of finalizer
Bad practice - Finalizer does not call superclass finalizer
Bad practice - Finalizer nulls fields
Bad practice - Finalizer only nulls fields
Bad practice - Method doesn't override method in superclass due to wrong package for parameter
Bad practice - Method ignores exceptional return value
Bad practice - Method ignores results of InputStream.read()
Bad practice - Method ignores results of InputStream.skip()
Bad practice - Method invoked that should be only be invoked inside a doPrivileged block
Bad practice - Method invokes System.exit(...)

Bad practice - Method invokes dangerous method runFinalizersOnExit


Bad practice - Method might drop exception
Bad practice - Method might ignore exception
Bad practice - Method with Boolean return type returns explicit null
Bad practice - Needless instantiation of class that only supplies static methods
Bad practice - Serializable inner class
Bad practice - Superclass uses subclass during initialization
Bad practice - The readResolve method must be declared with a return type of Object.
Bad practice - Transient field that isn't set by deserialization.
Bad practice - Usage of GetResource may be unsafe if class is extended
Bad practice - Use of identifier that is a keyword in later versions of Java
Bad practice - Use of identifier that is a keyword in later versions of Java
Bad practice - Very confusing method names (but perhaps intentional)
Bad practice - clone method does not call super.clone()
Bad practice - serialVersionUID isn't long
Bad practice - serialVersionUID isn't static
Big Integer Instantiation
Boolean Expression Complexity
Boolean Instantiation
Boolean Inversion
Check ResultSet
Class defines tostring(); should it be toString()?
Class names should start with an upper case letter
Code size - cyclomatic complexity
Compare Objects With Equals
Constructor Calls Overridable Method
Correctness - Apparent method/constructor confusion
Correctness - Array formatted in useless way using format string
Correctness - Can't use reflection to check for presence of annotation without runtime retention
Correctness - Class defines field that masks a superclass field
Correctness - Covariant equals() method defined for enum
Correctness - Covariant equals() method defined, Object.equals(Object) inherited
Correctness - Deadly embrace of non-static inner class and thread local
Correctness - MessageFormat supplied where printf style format expected
Correctness - Method defines a variable that obscures a field
Correctness - Method does not check for null argument
Correctness - Method doesn't override method in superclass due to wrong package for parameter
Correctness - Method ignores return value
Correctness - Method must be private in order for serialization to work
Correctness - More arguments are passed that are actually used in the format string
Correctness - Primitive value is unboxed and coerced for ternary operator
Correctness - Random value from 0 to 1 is coerced to the integer 0
Correctness - Read of unwritten field
Correctness - Repeated conditional tests
Correctness - Return value of putIfAbsent ignored, value passed to putIfAbsent reused
Correctness - Suspicious reference comparison of Boolean values
Correctness - Suspicious reference comparison to constant
Correctness - The readResolve method must not be declared as a static method.
Correctness - Uninitialized read of field in constructor
Correctness - Uninitialized read of field method called from constructor of superclass

Correctness - Very confusing method names


Correctness - equals method compares class names rather than class objects
Correctness - equals method overrides equals in superclass and may not be symmetric
Correctness - equals() method defined that doesn't override Object.equals(Object)
Correctness - equals() method defined that doesn't override equals(Object)
Do Not Use Threads
Dodgy - Ambiguous invocation of either an inherited or outer method
Dodgy - Call to unsupported method
Dodgy - Class doesn't override equals in superclass
Dodgy - Class implements same interface as superclass
Dodgy - Consider returning a zero length array rather than null
Dodgy - Exception is caught when Exception is not thrown
Dodgy - Method discards result of readLine after checking if it is nonnull
Dodgy - Non-Boolean argument formatted using %b format specifier
Dodgy - Questionable cast to abstract collection
Dodgy - Questionable use of non-short-circuit logic
Dodgy - Thread passed where Runnable expected
Dodgy - Transient field of class that isn't Serializable.
Dodgy - private readResolve method not inherited by subclasses
Empty Statement Not In Loop
Empty Try Block
Excessive Class Length
Excessive Method Length
Excessive Parameter List
Excessive Public Count
Explicit Initialization
Fall Through
Field names should start with a lower case letter
For Loops Must Use Braces
Illegal Import
Instantiation To Get Class
Integer Instantiation
Javadoc Method
Javadoc Style
Javadoc Type
Logger Is Not Static Final
Long Variable
Malicious code vulnerability - Field is a mutable Hashtable
Malicious code vulnerability - Field is a mutable array
Malicious code vulnerability - Field isn't final and can't be protected from malicious code
Malicious code vulnerability - Field isn't final but should be
Malicious code vulnerability - Field should be both final and package protected
Malicious code vulnerability - Field should be moved out of an interface and made package protected
Malicious code vulnerability - Field should be package protected
Malicious code vulnerability - Finalizer should be protected, not public
Malicious code vulnerability - May expose internal representation by incorporating reference to mutable object
Malicious code vulnerability - May expose internal representation by returning reference to mutable object
Malicious code vulnerability - May expose internal static state by storing a mutable object into a static field
More Than One Logger
Multithreaded correctness - A thread was created using the default empty run method

Multithreaded correctness - A volatile reference to an array doesn't treat the array elements as volatile
Multithreaded correctness - Empty synchronized block
Multithreaded correctness - Inconsistent synchronization
Multithreaded correctness - Invokes run on a thread (did you mean to start it instead?)
Multithreaded correctness - Method spins on field
Multithreaded correctness - Method synchronizes on an updated field
Multithreaded correctness - Monitor wait() called on Condition
Multithreaded correctness - Mutable servlet field
Multithreaded correctness - Possible double check of field
Multithreaded correctness - Synchronization on field in futile attempt to guard that field
Multithreaded correctness - Synchronize and null check on the same field.
Multithreaded correctness - Unconditional wait
Multithreaded correctness - Unsynchronized get method, synchronized set method
Multithreaded correctness - Wait with two locks held
NPath complexity
Naming - Class naming conventions
Naming - Method naming conventions
Naming - Short method name
Naming - Variable naming conventions
Non-transient non-serializable instance field in serializable class
Package Declaration
Package name
Performance - Could be refactored into a named static inner class
Performance - Could be refactored into a static inner class
Performance - Explicit garbage collection; extremely dubious except in benchmarking code
Performance - Method allocates a boxed primitive just to call toString
Performance - Method allocates an object, only to get the class object
Performance - Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
Performance - Method invokes inefficient floating-point Number constructor; use static valueOf instead
Performance - Method invokes inefficient new String() constructor
Performance - Method invokes inefficient new String(String) constructor
Performance - Primitive value is boxed and then immediately unboxed
Performance - Primitive value is boxed then unboxed to perform primitive coercion
Performance - Should be a static inner class
Performance - Unread field
Performance - Unread field: should this field be static?
Performance - Unused field
Performance - Use the nextInt method of Random rather than nextDouble to generate a random integer
Position Literals First In Comparisons
Proper Logger
Replace Enumeration With Iterator
Replace Hashtable With Map
Replace Vector With List
Security - HTTP Response splitting vulnerability
Security - HTTP cookie formed from untrusted input
Short Variable
Signature Declare Throws Exception
Simple Date Format Needs Locale
Strict Exception - Do not throw exception in finally
String Buffer Instantiation With Char

String Instantiation
String To String
Suppress Warnings
Switch statement found where default case is missing
System Println
Uncommented Main
Unnecessary Local Before Return
Unused Null Check In Equals
Unused Private Field
Unused formal parameter
Unused local variable
Unused private method
Use Array List Instead Of Vector
Use Equals To Compare Strings
Visibility Modifier
While Loops Must Use Braces
Avoid Star Import
Bad practice - Fields of immutable classes should be final
Bad practice - Finalizer does nothing but call superclass finalizer
Bad practice - Iterator next() method can't throw NoSuchElementException
Bad practice - Non-serializable class has a serializable inner class
Constant Name
Correctness - Creation of ScheduledThreadPoolExecutor with zero core threads
Correctness - Field not initialized in constructor
Correctness - Futile attempt to change max pool size of ScheduledThreadPoolExecutor
Correctness - Method ignores return value
Correctness - Unwritten field
Dodgy - Class is final but declares protected field
Dodgy - Class too big for analysis
Dodgy - Method checks to see if result of String.indexOf is positive
Dodgy - Unusual equals method
Duplicate Imports
Operator Wrap
Redundant import
Unnecessary Case Change

Plugin
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

Prioridad
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
BLOCKER
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
pmd
pmd
pmd
checkstyle
pmd
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
checkstyle
pmd
pmd
pmd
pmd
pmd
pmd
pmd
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
checkstyle
pmd
pmd
pmd
findbugs
findbugs
pmd
pmd
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs

MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR

findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
pmd
pmd
pmd
pmd
pmd
checkstyle
checkstyle
findbugs
pmd
checkstyle
pmd
pmd
checkstyle
checkstyle
checkstyle
pmd
pmd
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
findbugs

MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR

findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
pmd
pmd
pmd
pmd
findbugs
checkstyle
checkstyle
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
pmd
pmd
pmd
pmd
findbugs
findbugs
pmd
pmd
pmd
pmd
pmd

MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR

pmd
pmd
checkstyle
findbugs
pmd
checkstyle
pmd
pmd
pmd
pmd
pmd
pmd
pmd
pmd
checkstyle
pmd
checkstyle
findbugs
findbugs
findbugs
findbugs
checkstyle
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
findbugs
pmd
checkstyle
checkstyle
pmd

MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MAJOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR
MINOR

Resumen de las Critical

Nombre de regla
Dodgy - Dead store to local variable
Dodgy - Redundant nullcheck of value known to be non-null
Dodgy - Unchecked/unconfirmed cast
Avoid Catching Throwable
Dodgy - Class extends Servlet class and uses instance variables
Empty Catch Block
Security - Array is stored directly
Bad practice - Method may fail to close stream on exception
Dodgy - Load of known null value
Performance - Private method is never called
Empty If Stmt
Dodgy - Method uses the same code for two switch clauses
Broken Null Check
Dodgy - Redundant nullcheck of value known to be null
Bad practice - Suspicious reference comparison
Correctness - A parameter is dead upon entry to a method but overwritten
Missing Break In Switch
Bad practice - Method may fail to close database resource on exception
Dodgy - Write to static field from instance method
Correctness - Nullcheck of value previously dereferenced
Dodgy - Dead store of null to local variable
Correctness - Possible null pointer dereference
Bad practice - Class defines compareTo(...) and uses Object.equals()
Dodgy - Method directly allocates a specific implementation of xml interfaces
Dodgy - Useless control flow
Correctness - Don't use removeAll to clear a collection
Unconditional If Statement
Multithreaded correctness - Incorrect lazy initialization of static field
Correctness - Call to equals() comparing different types
Bad practice - Class defines hashCode() and uses Object.equals()
Security - Nonconstant string passed to execute method on an SQL statement

Numero de apariciones
132
88
76
34
31
18
15
14
13
11
11
6
5
4
4
3
3
3
3
2
2
2
1
1
1
1
1
1
1
1
1
489

Descripcion
Creacin de variables que luego no se usa
Este mtodo contiene un control redundante de un valor no nulo

Sin confirmacion de casting


No usar Throwable
Usar atributos en la clase
Catch vacios
Clonar Array
Cerrar ficheros
Asignar variables que se sabe que su valor es null
Se crea metodo privados que no se usa
condiciones con bloques vacios
Mismo valor para dos case de un switch
Caso de produccir null
Varias comprobaciones de null
Compara dos objecto con ==
Se le para un parametro y es sustituido por otro
Falta break (esto tendria que fallar)
No cerrar las conexiones de base datos (esto tendria que dar un error)
Asignar valor a una variable final en un mtodo
Conprobar que una variable es null antes se ha usado sin comprobacion
Declaracin de variables locales que no se usa
Se puede producir nullpointerexception
Mal implementado compare
Usar interface en vez de implementacion (Quitar esta regla)
Control de flujo vacio
tiene usar clear en vez de remveall
condiciones con false o true
poner synchronized en el metodo
error usa el metodo equals
no implementado el hascode o equals
Se usa statement pasando la consulta directa no una constante

Cambio de lgica
no
no
no
no
Si
no
no
no
no
no
no
no *
no
no
no
no
no
no
no
no
no
no
no
Si
no
no
no
no
no
no
no

ejemplo
(nombreVia == null || (nombreVia != null && "".equals(nombreVia)))
((UIPaginador) paginador).setNumeroPaginas(numPaginas);
catch (Throwable e) {

detalle.getObsSolicitante()==null && detalle.getObsSolicitante().length()>4000


if (anio != Long.valueOf(0))

log.equals(e);

Resumen de las Mayor

Nombre de regla
Javadoc Method
Javadoc Style
Naming - Variable naming conventions
Naming - Method naming conventions
Avoid Duplicate Literals
Short Variable
Long Variable
Javadoc Type
Constructor Calls Overridable Method
Dodgy - Exception is caught when Exception is not thrown
NPath complexity
Visibility Modifier
Explicit Initialization
Code size - cyclomatic complexity
Logger Is Not Static Final
Dodgy - Class implements same interface as superclass
Signature Declare Throws Exception
Unused Private Field
Non-transient non-serializable instance field in serializable class
Excessive Public Count
Excessive Method Length
Position Literals First In Comparisons
Multithreaded correctness - Mutable servlet field
Correctness - Repeated conditional tests
Bad practice - Confusing method names
Avoid Print Stack Trace
Simple Date Format Needs Locale
Excessive Class Length
Unused local variable
Use Equals To Compare Strings
Empty Statement Not In Loop
Integer Instantiation
Unnecessary Local Before Return
Big Integer Instantiation
Unused formal parameter
Avoid Catching NPE
Bad practice - Class is Serializable, but doesn't define serialVersionUID
Field names should start with a lower case letter
Switch statement found where default case is missing
Strict Exception - Do not throw exception in finally
Boolean Expression Complexity
Bad practice - Comparison of String objects using == or !=

Empty Try Block


Unused private method
Performance - Could be refactored into a named static inner class
Abstract naming
Boolean Inversion
Performance - Method invokes inefficient floating-point Number constructor use static valueOf instead
Avoid Throwing Raw Exception Types
Replace Hashtable With Map
Bad practice - Method invoked that should be only be invoked inside a doPrivileged block
Bad practice - Method ignores results of InputStream.read()
Performance - Unread field
Boolean Instantiation
Dodgy - Consider returning a zero length array rather than null
Malicious code vulnerability - Field isn't final but should be
Replace Vector With List

Check ResultSet
Correctness - Suspicious reference comparison of Boolean values
Assignment To Non Final Static
Replace Enumeration With Iterator
Bad practice - Method might ignore exception
Fall Through
Unused Null Check In Equals
Bad practice - Class implements Cloneable but does not define or use clone method
Uncommented Main
String To String
Use Array List Instead Of Vector
For Loops Must Use Braces
Bad practice - Class is Serializable but its superclass doesn't define a void constructor
While Loops Must Use Braces

Numero de apariciones
11,968
11,093
1,875
1,251
914
749
734
568
474
370
359
328
273
256
218
209
162
151
141
141
94
92
92
84
67
65
63
53
45
40
37
35
34
30
22
20
18
17
16
15
13
12

Descripcion
Descripcion de los mtodos
Mal el estilo de javadoc
Quitar regla
Quitar regla
Texto duplicados
Quitar regla
Quitar regla
Descripcin de la clase
Constructor llama a metodos sobreescrito (Quitar regla)
Se captura la Exception cuando no se produce
Quitar regla
Cambiar la visibilidad de los atributos
Asignar valores por defectos a las variables que ya lo tiene
Complejidad del mtodo
La variable logger tiene que ser final
Quitar la interfaz porque el padre ya lo tiene
No poner throws Exception sino una mas especifica
No se usa variable privadas
Algo atributos no son serializable (Quitar Regla)
Nmero mximo de mtodos pblicos (Quitar Regla)
Nmero mximo de lneas para un mtodo (Quitar Regla)
Mal creado la condicin
Crear atributos no mutables en los Servlet
Repeticin de cdigo de condiciones
Mala practica de uso de nombres
Usar logger en vez de printStackTrace
Poner locale (Quitar regla)
Nmero mximo de lneas de clase (Quitar regla)
No usar variables locales
No usar equal
Hay doble ;
No usar el new Integer
Mal uso de return
No usar el BigDecimal
Pasar variables que no se usa
No usar nullpointerexception
No tiene declarada la variable serialVersionUID
variables que empieza por mayuscula
Switch sin sentencia default
No mandar un exception en bloque finally
Complejidad del condiciones en un mtodo (quitar regla)
Mala practica de uso del equal

10
9
9
9
7
7
4
4
3
3
3
3
3
2
2

Bloque vacio try


metodos privados que no se usa
Crear las clase internas static
Mal nombrado la clase
Mejorar el rendimiento de conversion de boleanos
No usar new double sino Double.valueOf(double)
No usar Exception
Utilizar Map
Quitar esta regla
No leer el valor de inputstream.read
no se usa los atributos privados
no usar new boolean
no delvolver null sino un array vacio
variables que tiene que ser final
Usar List en vez de vector

2
2
2
1
1
1
1
1
1
1
1
1
1
1
33293

No comprobar el resultset
Comparando referencias de boleans
Poner final la variable
Usar iterator en vez de enumeration
Ignorar el bloque catch
Default switch vacio
no comprueba el objecto si esta vacio
no implementa el metodo clonable
Quitar el main
no hace falta llamar toString()
Usar arraylist en vez de Vector
usar parntesis en loop
La clase implementa serializable y clase base no
no usar parntesis

Cambio de lgica
no
no

ejemplo

no
no
no
no
no
si
no
no
si
no
no
no
no
Si
Si
Si
no
no
no
no
no
no
si
no
no
no
no
no
no
no
no
no
no
no
no
no
no

The method fijarEditables() has an NPath complexity of 229645952

The method 'cogerDatosSujetoRPrincipal' has a Cyclomatic Complexity of 43.


public class IntegerVO extends BaseDetalleVO implements Serializable{
throws Exception, MensajeNegocio{
private List<SelectItem> tramiteRetroaccionList;

if(type.equals("9")||type.equals("38")
Map<String,Object> parameters = transformRequestToMap(request);
public String getTimeStamp() {

datosCVO.getBaseCotizadaContinProfesionales()!=""

List empresas=null; return empresas;


consultarListadoHistorico(String codigoOS) throws ExcepcionNegocio{

if(getInspeccionadaCombo()==null || getInspeccionadaCombo()=="0"){

no
no
no
no
no
no
no
no
no
no
no
no
no o si
no
no

no
no
no
no
no
no
no
no
no
no
no
no
no
no

theBoolean ^= true;

if (!results.next()) {
System.out.println("empty");
} else {
//display results
do {
String data = results.getString("first_name");
//name.setText(data);
System.out.println(data);
} while (results.next());
}

if(codigoNotifBE != null && tramite.getCodTramite().equals(codigoNotifBE)) {

Resumen de las Minor

Nombre de regla
Constant Name
Operator Wrap
Correctness - Field not initialized in constructor
Redundant import
Unnecessary Case Change
Correctness - Method ignores return value
Dodgy - Unusual equals method
Avoid Star Import
Correctness - Unwritten field
Duplicate Imports

Numero de apariciones
1,114
371
64
14
12
2
2
2
1
1
1583

Descripcion
La variables finales tiene que ser en mayuscula
Los operadores logicos en una nueva linea
variables no inicializada en el constructor (Quitar Regla)
import redundantes
usar equalsIgnoreCase()
acciones que no tiene sentido
inusual metodo equals
no usar asterisco en la importacin
campo que siempre tiene el mismo valor y nadie lo cambia
Duplicacion de import

Cambio de lgica
no
no
no
no
no
no
no
no
no
no

Ejemplo
private static final String strEstadoElim = "estadoItemLista.eliminar";

strObservaciones.toString(); o log.equals(e);

Resumen de las Info

Nombre de regla
Performance - Method appears to call the same method on the same object redundantly
Style - Method makes literal string comparisons passing the literal as an argument
Performance - Method passes constant String of length 1 to character overridden method
Performance - Method converts String to primitive using excessive boxing
Style - Method uses integer based for loops to iterate over a List
Correctness - Method creates local variable-based synchronized collection
Correctness - Method throws alternative exception from catch block without history
Performance - Method needlessly boxes a boolean constant
Internationalization - Consider using Locale parameterized version of invoked method
Unused Imports
Correctness - Class defines fields that are used only as locals
Style - Method stores return result in local before immediately returning it
Style - Method returns modified parameter
Performance - Method passes simple concatenating string in StringBuffer or StringBuilder append
Performance - Method converts String to boxed primitive using excessive boxing
Style - Private method only returns one constant value
Correctenss - Constructor makes call to non-final method
Performance - Method invokes toString() method on a String
Performance - Method passes empty string to StringBuffer of StringBuilder constructor
Style - Method checks the size of a collection against zero rather than using isEmpty()
Experimental - Method may fail to clean up stream or resource
Correctness - Method uses same bean's getter value for setter
Correctness - Method manually casts the right hand side of an assignment more specifically than needed
Performance - Method creates Boxed primitive from primitive only to get primitive value
Style - Method is implemented with an exact copy of it's superclass's method
Performance - Method passes primitive wrapper to Wrapper class valueOf method
Correctness - Method specifies an unrelated class when allocating a Logger
Correctness - Method accesses list or array with constant index
Performance - Method creates array using constants
Style - Method defines parameter list with array as last argument, rather than vararg
Correctness - Method checks the result of a new allocation
Style - Method uses the same HttpRequest parameter name but with different casing
Style - Method needlessly defines parameter with concrete classes
Correctness - Method defines parameters more abstractly than needed to function properly
Style - Method declares RuntimeException in throws clause
Style - Method builds xml strings through adhoc concatenation
Style - Method passes an empty string to equalsIgnoreCase or compareToIgnoreCase
Correctness - Class doesn't serialize superclass fields
Style - Method throws exception with static message string
Correctness - Class has abnormal exit from finally block
Style - Method uses old non collections interface methods
Correctness - Non derivable method declares throwing an exception that isn't thrown

Performance - Method executes sql queries inside of loops


Correctness - Method creates and initializes a collection but never reads or gains information from it
Style - Method uses instanceof on multiple types to arbitrate logic
Style - Method stutters exception message in logger
Correctness - Method performs algorithmic operations on the result of a toString() call
Performance - Method allocates an object that is used in a constant way in a loop
Style - Unconstrained method converts checked exception to unchecked
Performance - Method converts StringBuffer or Builder to String just to get it's length
Performance - Method concatenates an empty string to effect type conversion
Correctness - Method calls equals on an enum instance
Correctness - Method treats null and normal strings differently than an empty strings
Style - Method uses simple loop to copy contents of one collection to another
Correctness - Class relies on internal api classes
Correctness - Method tests a field for not null as guard and reassigns it
Correctness - Method passes double value to BigDecimal Constructor
Correctness - Class defines static field that appears to allow memory bloat
Correctness - Method encodes String bytes without specifying the character encoding
Style - Method uses a Side Effect Constructor
Style - Method calls static method on instance reference
Style - Empty method could be declared abstract
Correctness - Class creates and initializes a collection but never reads or gains information from it

Numero de apariciones
6,719
609
447
387
339
305
297
276
190
188
176
164
152
135
117
97
89
80
71
64
61
60
45
41
41
37
36
34
34
29
25
22
19
13
13
12
10
10
10
10
9
8

8
6
6
6
5
5
4
4
4
3
3
3
2
2
2
1
1
1
1
1
1

Descripcion
Se hace ms de dos llamadas a un mismo objecto
no usar literales
para constantes de tipo String y tamao 1 usar character
no usar valueOf sino parseInt
En lo for que no se usa el valor utulizar iterator
No usar clase que use la clasula synchronized
No usar el exception original en la nueva que van a lanzar
Asignar true cuando es primitivo y Bolean.TRUE si es objecto
no usar locale en upper o lower case
no se usa import
atributos declarados que puede ser variables locales
utilizar directamente el return
Quitar regla
Usar Stringbuilder
Usar una variable para un valor que se repite varias veces
mtodos pblicos para devolver un atributo fijo quitar el mtodo y atributo pblico
Quitar regla
llamar tostring cuando el objecto es un string
pasar vacio StringBuilder
usar isEmpty() en vez de size()
no cierra los ficheros
asignarse el mismo valor
asignar a un objecto varias clase especifica
usar valores primitivos directamente
metodos iguales al padre
Abuso de Boxing
Mal creado o usado el logger
No usar un literal directamente en array o lista (Quitar regla)
Crear un contante en vez de una variable
Quitar regla
Quitar la comprobacin de null porque el objecto esta creado
Quitar regla
Usar List en vez de ArrayList
Quitar regla
Mtodo tiene declarado un throws exception dentro del mtodo no se lanza
Quitar Regla
En vez de comparar el contenido vacio mirar la longitud de la variable
Serializar la clase padre
Quitar regla
No enviar un trow exception en un finally
Quitar regla
No usar throws Exceptions

Quitar regla
Crear variables que luego no se usa
Quitar Regla
Mal uso de logger
Quitar Regla
Quitar Regla
Recoge la exception y la envia la misma
Usar el metodo de size de StringBuffer o Builder
Usar valueof de String
Usar == para comparar tipos enum
Mal uso de comprobacion de cadena vacia
Usar addAll para aadir todo una lista a otra
Mal uso de logger
Asignar valor a una variable que no es null
No usar new bigdecimal
Posible error de memoria para crear un campo fijo que no se limpiar
No se indica encoding
crear el objecto directo en return
Quitar regla
Metodo vacio declara abstrac
Quitar regla

Cambio de lgica
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no

no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no
no

Ejemplo

new StringBuffer("");

antecedentesAIFiltroVO.setRegistrosPageNum(antecedentesAIFiltroVO.getRegistrosPageNum());

float[] inner = { 80 };

request.getParameter("idCampania").equalsIgnoreCase("")

log.error(ne.getMessage(),ne);

strClaves.toString().length()
Integer.parseInt("" + numString.charAt(i));
TIPOCADENA.MAYUSCULAS.equals(mayuscula))