Uploaded image for project: 'Daffodil'
  1. Daffodil
  2. DAFFODIL-2272

Address Findings from Trial Sonarqube Run

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.6.0
    • None
    • None

    Description

      Bugs (10)

      • Branches in conditional structure with same implementation (4)
        • 1 is false positive
        • 2 are code smells
        • 1 is bug
      • DBI: Double Brace Initialization (1)
      • Attempt to write class that isn’t serializable
      • Arrays.toString bug (3) in test udfs
      • Unused return val (1) in test udfs

      Vulnerabilities (4)

      • Class variable field with public accessibility
      • Publicly mutable enum fields

      Code Smells (5.6k)

      • Critical (469)
        • Duplicated string literals (316: Scala + 9: Java)
        • Empty methods with no comments explaining why (73: Scala + 1: Java)
        • Code with high cognitive complexity (58)
        • Non-compliant constant and enum names (11)
        • Switch statement with no default (1)
      • Major (625)
        • Commented out code (478: Scala + 32: XML + 3: Java)
        • Collapsible if statements (22: Scala)
        • Address FIXMEs (22: Scala)
        • Unused function parameter (14)
        • Function with too many parameters (13)
        • Conditional branches of code with same implementation (13)
        • Match statement with too many cases (6)
        • Missing override annotation over function (5)
        • Methods with duplicate code (5: Scala + 3: Java)
        • Generic exception thrown (3)
        • Unused Private Methods (2)
        • Useless assignment to local variable (1)
        • Returning null instead of empty collection (1)
        • Not using static class initializers/constructor (1)
        • Empty conditional blocks of code (1)
      • Minor (4.3k)
        • Non-compliant method names (4.1k: Scala + 3: Java)
        • Non-compliant local variables and function parameters (64)
        • Non-compliant package names (23)
        • Non-compliant class names (7)
        • Redundant Boolean literals (45)
        • Unused local variables (22)
        • Not using diamond operator (9)
        • Empty comments (5)
        • Declaring and immediately returning local variable (3)
        • Using inverted Boolean checks (3)
        • Throws declaration of runtime exceptions (2)
        • Packages with only “package-info.java” (2)
        • Switch statement instead of if resulting in decreased readability
        • Abstract class instead of interface (1)
        • size instead of .isEmpty (1)
        • Improper modifier order (1)
        • Check cross-platform compatibility of hardcoded URIs (1)
      • Info (195)
        • Track TODO tags (193: Scala + 2: Java)

      Security Hotspots (3)

      • Verify command line args are safe and sanitized
      • Verify hashing is secure
      • Verify deserialization of object is secure

      Attachments

        Activity

          People

            okilo@tresys.com Olabusayo Kilo
            okilo@tresys.com Olabusayo Kilo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: