sonar阻断级别错误(block)简单汇总
1、代码里面包含PASSWORD、PWD
'PWD' detected in this expression, review this potentially hardcoded credential.
2、父子类或者同一个类有同名的变量名(类方法、类变量、实例方法或者实例变量)
Rename method "ENCRYPTMethod" to prevent any misunderstanding/clash with method "encryptMethod" defined on line 35.
public static String encryptMethod(String HexString, String keyStr) {
....
} public static String ENCRYPTMethod(String HexString, String keyStr, String keyENCODED, String HexStringENCODED, String CipherInstanceType) throws Exception {
.....
}
或者
比如父类定义了一个Logger logger=...的logger变量,
子类又再次定义logger变量
父类里面已存在
或者
实体类的get/set方法多次定义,仅仅大小写不一样
同一个类里面
3、涉及到资源关闭这种,Use try-with-resources or close this "BufferedOutputStream" in a "finally" clause.
Use try-with-resources or close this "BufferedOutputStream" in a "finally" clause.
这种比较麻烦,传统的做法,即在finally里面进行if(stream!=null)(try{}catch(){})关闭仍然无法通过
这种单独开一篇博客寻找解决方法,见下一篇博客
Resources should be closed (squid:S2095)
Bug Blocker
Connections, streams, files, and other classes that implement the Closeable interface or its super-interface, AutoCloseable, needs to be closed after use. Further, that close call must be made in a finally block otherwise an exception could keep the call from being made. Preferably, when class implements AutoCloseable, resource should be created using "try-with-resources" pattern and will be closed automatically. Failure to properly close resources will result in a resource leak which could bring first the application and then perhaps the box it's on to their knees. Noncompliant Code Example
private void readTheFile() throws IOException {
Path path = Paths.get(this.fileName);
BufferedReader reader = Files.newBufferedReader(path, this.charset);
// ...
reader.close(); // Noncompliant
// ...
Files.lines("input.txt").forEach(System.out::println); // Noncompliant: The stream needs to be closed
} private void doSomething() {
OutputStream stream = null;
try {
for (String property : propertyList) {
stream = new FileOutputStream("myfile.txt"); // Noncompliant
// ...
}
} catch (Exception e) {
// ...
} finally {
stream.close(); // Multiple streams were opened. Only the last is closed.
}
}
Compliant Solution
private void readTheFile(String fileName) throws IOException {
Path path = Paths.get(fileName);
try (BufferedReader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
reader.readLine();
// ...
}
// ..
try (Stream<String> input = Files.lines("input.txt")) {
input.forEach(System.out::println);
}
} private void doSomething() {
OutputStream stream = null;
try {
stream = new FileOutputStream("myfile.txt");
for (String property : propertyList) {
// ...
}
} catch (Exception e) {
// ...
} finally {
stream.close();
}
}
Exceptions
Instances of the following classes are ignored by this rule because close has no effect: •java.io.ByteArrayOutputStream
•java.io.ByteArrayInputStream
•java.io.CharArrayReader
•java.io.CharArrayWriter
•java.io.StringReader
•java.io.StringWriter
Java 7 introduced the try-with-resources statement, which implicitly closes Closeables. All resources opened in a try-with-resources statement are ignored by this rule. try (BufferedReader br = new BufferedReader(new FileReader(fileName))) {
//...
}
catch ( ... ) {
//...
}
See
•MITRE, CWE-459 - Incomplete Cleanup
•CERT, FIO04-J. - Release resources when they are no longer needed
•CERT, FIO42-C. - Close files when they are no longer needed
•Try With Resources
sonar阻断级别错误(block)简单汇总的更多相关文章
- atitit.404错误调查过程汇总
atitit.404错误调查过程汇总 #----------jsp head errorPage="" del zeu ok le. #------resin server. ...
- win服务器 文件上传下载出现“未指定的错误” 解决方法汇总
环境 WIN平台IIS服务器 经常出现于ASPX页面 汇总 1.权限问题 出现场景 : 基于ACCESS数据库 原因解析 : 1.首先需要排除自身问题,例如建表使用关键字,格式错误,插入数据与 ...
- (转)Linux下root密码丢失和运行级别错误的解决办法
我们知道,root用户在Linux中是相当重要的,其地位如同Windows中的Adminstrator 有了root权限我们还能修改其他用户的密码,可是,如果root用户的密码丢失该怎么办? 不用担心 ...
- Linux内存简单汇总
Linux内存主要用来存储系统和应用程序的指令,数据,缓存等 一,内存映射 1,内核给每个进程提供一个独立的虚拟机地址空间,并且这个地址空间是连续的 2,虚拟地址空间内部又被分为内核空间和用户空间 3 ...
- Python中对时间日期的处理方法简单汇总
这篇文章主要介绍了Python实用日期时间处理方法汇总,本文讲解了获取当前datetime.获取当天date.获取明天/前N天.获取当天开始和结束时间(00:00:00 23:59:59).获取两个d ...
- iOS常用设计模式和机制之Block简单使用
Block :block 实际上就是 Objective-C语言对闭包的实现 闭包(Closure):闭包就是一个函数,或者一个指向函数的指针,加上这个函数执行的非局部变量.闭包允许一个函数访问声明该 ...
- 【转】20个Cydia常见错误问题解决方法汇总
对于已经越狱的用户来说,经常会使用Cydia来安装一些酷炫或实用插件,但是有时候它总是会出现一些问题,以下收集了在Cydia经常遇到的问题,供大家参考: 一.主屏幕没有 Cydia 图标 1.设备需已 ...
- Xcode编译错误和警告汇总<转>
1.error: macro names must be identifiers YourProject_prefix.pch 原因: 因为你弄脏了预处理器宏,在它处于<Multiple Val ...
- iOS block简单传值
(1)声明block变量并设置返回值类型 typedef int(^MYBlock)(NSString *); @property (nonatomic, copy) MYBlock block; ( ...
随机推荐
- node-mysql中防止SQL注入
备注: 本文针对mysqljs/mysql. 为了防止SQL注入,可以将SQL中传入参数进行编码,而不是直接进行字符串拼接.在node-mysql中,防止SQL注入的常用方法有以下四种: 方法一:使用 ...
- hdu2516-取石子游戏 (斐波那契博弈)【博弈 二分查找】
http://acm.hdu.edu.cn/showproblem.php?pid=2516 取石子游戏 Time Limit: 2000/1000 MS (Java/Others) Memor ...
- java程序员应该熟悉的20个有用的库(转)
优秀且经验丰富的Java开发人员的一个特点是API的广泛知识,包括JDK和第三方库.我花了很多时间学习API,特别是在阅读Effective Java 3rd Edition之后,Joshua Blo ...
- LIN通讯
1.定义 LIN(Local Interconnect Network)总线是基于UART/SCI(通用异步收发器/串行接口)的低成本串行通讯协议.其目标定位于车身网络模块节点间的低端通信,主要用于智 ...
- Opencv 发现轮廓 findContours
vector<vector<Point>> vec_p; vector<Vec4i> vec_4f; findContours(img_canny1, vec_p, ...
- 一款比较好用的JS时间控件-laydate
官方讲解:http://laydate.layui.com/ 具体的内容请看官方讲解,此处仅说名应用: 1.在jsp或html或其他中引入laydate.js <script src=&qu ...
- 处理事件冒泡,阻止默认事件工具类,兼容IE
//处理事件冒泡,阻止默认事件工具类,兼容IEvar eventUtil={ // 添加句柄 addHandler:function(element,type,handler){ if(element ...
- 最大公约数(gcd)和 最小公倍数(lcm)——辗转相除法
辗转相除法(又称欧几里得算法)是求最大公因数的算法 要求a,b的最大公约数(a>b),我们可以递归地求b,a%b的最大公约数,直到其中一个数变成0,这时另一个数就是a,b的最大公约数. C++实 ...
- JMS 之 Active MQ的安全机制
一.认证 认证(Authentication):验证某个实体或者用户是否有权限访问受保护资源. MQ提供两种插件用于权限认证:(一).Simple authentication plug-in:直接把 ...
- Python3 urllib.parse 常用函数示例
Python3 urllib.parse 常用函数示例 http://blog.51cto.com/walkerqt/1766670 1.获取url参数. >>> from url ...