sonar阻断级别错误(block)简单汇总
1、代码里面包含PASSWORD、PWD
'PWD' detected in this expression, review this potentially hardcoded credential.
2、父子类或者同一个类有同名的变量名(类方法、类变量、实例方法或者实例变量)
Rename method "ENCRYPTMethod" to prevent any misunderstanding/clash with method "encryptMethod" defined on line 35.
public static String encryptMethod(String HexString, String keyStr) { .... } public static String ENCRYPTMethod(String HexString, String keyStr, String keyENCODED, String HexStringENCODED, String CipherInstanceType) throws Exception { ..... }
或者
比如父类定义了一个Logger logger=...的logger变量,
子类又再次定义logger变量
父类里面已存在
或者
实体类的get/set方法多次定义,仅仅大小写不一样
同一个类里面
3、涉及到资源关闭这种,Use try-with-resources or close this "BufferedOutputStream" in a "finally" clause.
Use try-with-resources or close this "BufferedOutputStream" in a "finally" clause.
这种比较麻烦,传统的做法,即在finally里面进行if(stream!=null)(try{}catch(){})关闭仍然无法通过
这种单独开一篇博客寻找解决方法,见下一篇博客
Resources should be closed (squid:S2095) Bug Blocker Connections, streams, files, and other classes that implement the Closeable interface or its super-interface, AutoCloseable, needs to be closed after use. Further, that close call must be made in a finally block otherwise an exception could keep the call from being made. Preferably, when class implements AutoCloseable, resource should be created using "try-with-resources" pattern and will be closed automatically. Failure to properly close resources will result in a resource leak which could bring first the application and then perhaps the box it's on to their knees. Noncompliant Code Example private void readTheFile() throws IOException { Path path = Paths.get(this.fileName); BufferedReader reader = Files.newBufferedReader(path, this.charset); // ... reader.close(); // Noncompliant // ... Files.lines("input.txt").forEach(System.out::println); // Noncompliant: The stream needs to be closed } private void doSomething() { OutputStream stream = null; try { for (String property : propertyList) { stream = new FileOutputStream("myfile.txt"); // Noncompliant // ... } } catch (Exception e) { // ... } finally { stream.close(); // Multiple streams were opened. Only the last is closed. } } Compliant Solution private void readTheFile(String fileName) throws IOException { Path path = Paths.get(fileName); try (BufferedReader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) { reader.readLine(); // ... } // .. try (Stream<String> input = Files.lines("input.txt")) { input.forEach(System.out::println); } } private void doSomething() { OutputStream stream = null; try { stream = new FileOutputStream("myfile.txt"); for (String property : propertyList) { // ... } } catch (Exception e) { // ... } finally { stream.close(); } } Exceptions Instances of the following classes are ignored by this rule because close has no effect: •java.io.ByteArrayOutputStream •java.io.ByteArrayInputStream •java.io.CharArrayReader •java.io.CharArrayWriter •java.io.StringReader •java.io.StringWriter Java 7 introduced the try-with-resources statement, which implicitly closes Closeables. All resources opened in a try-with-resources statement are ignored by this rule. try (BufferedReader br = new BufferedReader(new FileReader(fileName))) { //... } catch ( ... ) { //... } See •MITRE, CWE-459 - Incomplete Cleanup •CERT, FIO04-J. - Release resources when they are no longer needed •CERT, FIO42-C. - Close files when they are no longer needed •Try With Resources
