sonar阻断级别错误(block)简单汇总
1、代码里面包含PASSWORD、PWD
'PWD' detected in this expression, review this potentially hardcoded credential.
2、父子类或者同一个类有同名的变量名(类方法、类变量、实例方法或者实例变量)
Rename method "ENCRYPTMethod" to prevent any misunderstanding/clash with method "encryptMethod" defined on line 35.
public static String encryptMethod(String HexString, String keyStr) { .... } public static String ENCRYPTMethod(String HexString, String keyStr, String keyENCODED, String HexStringENCODED, String CipherInstanceType) throws Exception { ..... }
或者
比如父类定义了一个Logger logger=...的logger变量,
子类又再次定义logger变量
父类里面已存在
或者
实体类的get/set方法多次定义,仅仅大小写不一样
同一个类里面
3、涉及到资源关闭这种,Use try-with-resources or close this "BufferedOutputStream" in a "finally" clause.
Use try-with-resources or close this "BufferedOutputStream" in a "finally" clause.
这种比较麻烦,传统的做法,即在finally里面进行if(stream!=null)(try{}catch(){})关闭仍然无法通过
这种单独开一篇博客寻找解决方法,见下一篇博客
Resources should be closed (squid:S2095) Bug Blocker Connections, streams, files, and other classes that implement the Closeable interface or its super-interface, AutoCloseable, needs to be closed after use. Further, that close call must be made in a finally block otherwise an exception could keep the call from being made. Preferably, when class implements AutoCloseable, resource should be created using "try-with-resources" pattern and will be closed automatically. Failure to properly close resources will result in a resource leak which could bring first the application and then perhaps the box it's on to their knees. Noncompliant Code Example private void readTheFile() throws IOException { Path path = Paths.get(this.fileName); BufferedReader reader = Files.newBufferedReader(path, this.charset); // ... reader.close(); // Noncompliant // ... Files.lines("input.txt").forEach(System.out::println); // Noncompliant: The stream needs to be closed } private void doSomething() { OutputStream stream = null; try { for (String property : propertyList) { stream = new FileOutputStream("myfile.txt"); // Noncompliant // ... } } catch (Exception e) { // ... } finally { stream.close(); // Multiple streams were opened. Only the last is closed. } } Compliant Solution private void readTheFile(String fileName) throws IOException { Path path = Paths.get(fileName); try (BufferedReader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) { reader.readLine(); // ... } // .. try (Stream<String> input = Files.lines("input.txt")) { input.forEach(System.out::println); } } private void doSomething() { OutputStream stream = null; try { stream = new FileOutputStream("myfile.txt"); for (String property : propertyList) { // ... } } catch (Exception e) { // ... } finally { stream.close(); } } Exceptions Instances of the following classes are ignored by this rule because close has no effect: •java.io.ByteArrayOutputStream •java.io.ByteArrayInputStream •java.io.CharArrayReader •java.io.CharArrayWriter •java.io.StringReader •java.io.StringWriter Java 7 introduced the try-with-resources statement, which implicitly closes Closeables. All resources opened in a try-with-resources statement are ignored by this rule. try (BufferedReader br = new BufferedReader(new FileReader(fileName))) { //... } catch ( ... ) { //... } See •MITRE, CWE-459 - Incomplete Cleanup •CERT, FIO04-J. - Release resources when they are no longer needed •CERT, FIO42-C. - Close files when they are no longer needed •Try With Resources
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· go语言实现终端里的倒计时
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· 分享 3 个 .NET 开源的文件压缩处理库,助力快速实现文件压缩解压功能!
· Ollama——大语言模型本地部署的极速利器
· 使用C#创建一个MCP客户端
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· Windows编程----内核对象竟然如此简单?