[
https://issues.apache.org/jira/browse/DAFFODIL-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17030887#comment-17030887
]
Olabusayo Kilo commented on DAFFODIL-2272:
------------------------------------------
These findings are on a local sonarqube instance, but I've created
https://issues.apache.org/jira/browse/INFRA-19812 to get access Apache's
sonarcloud.io instance. That way all findings can be hosted publicly, and we
can make use of CI integration.
Also [https://github.com/apache/incubator-daffodil/pull/319] was created with
some fixes for the above and now we're 0s for bugs, hotspots and
vulnerabilities. And codesmells are down to 800, but that was mostly due to
some configuration changes.
> Address Findings from Trial Sonarqube Run
> -----------------------------------------
>
> Key: DAFFODIL-2272
> URL: https://issues.apache.org/jira/browse/DAFFODIL-2272
> Project: Daffodil
> Issue Type: Improvement
> Reporter: Olabusayo Kilo
> Assignee: Olabusayo Kilo
> Priority: Major
> Attachments: Screenshot from 2020-02-05 12-59-01.png
>
>
> h4. Bugs (10)
> * Branches in conditional structure with same implementation (4)
> ** 1 is false positive
> ** 2 are code smells
> ** 1 is bug
> * DBI: Double Brace Initialization (1)
> * Attempt to write class that isn’t serializable
> * Arrays.toString bug (3) in test udfs
> * Unused return val (1) in test udfs
> h4. Vulnerabilities (4)
> * Class variable field with public accessibility
> * Publicly mutable enum fields
> h4. Code Smells (5.6k)
> * Critical (469)
> ** Duplicated string literals (316: Scala + 9: Java)
> ** Empty methods with no comments explaining why (73: Scala + 1: Java)
> ** Code with high cognitive complexity (58)
> ** Non-compliant constant and enum names (11)
> ** Switch statement with no default (1)
> * Major (625)
> ** Commented out code (478: Scala + 32: XML + 3: Java)
> ** Collapsible if statements (22: Scala)
> ** Address FIXMEs (22: Scala)
> ** Unused function parameter (14)
> ** Function with too many parameters (13)
> ** Conditional branches of code with same implementation (13)
> ** Match statement with too many cases (6)
> ** Missing override annotation over function (5)
> ** Methods with duplicate code (5: Scala + 3: Java)
> ** Generic exception thrown (3)
> ** Unused Private Methods (2)
> ** Useless assignment to local variable (1)
> ** Returning null instead of empty collection (1)
> ** Not using static class initializers/constructor (1)
> ** Empty conditional blocks of code (1)
> * Minor (4.3k)
> ** Non-compliant method names (4.1k: Scala + 3: Java)
> ** Non-compliant local variables and function parameters (64)
> ** Non-compliant package names (23)
> ** Non-compliant class names (7)
> ** Redundant Boolean literals (45)
> ** Unused local variables (22)
> ** Not using diamond operator (9)
> ** Empty comments (5)
> ** Declaring and immediately returning local variable (3)
> ** Using inverted Boolean checks (3)
> ** Throws declaration of runtime exceptions (2)
> ** Packages with only “package-info.java” (2)
> ** Switch statement instead of if resulting in decreased readability
> ** Abstract class instead of interface (1)
> ** size instead of .isEmpty (1)
> ** Improper modifier order (1)
> ** Check cross-platform compatibility of hardcoded URIs (1)
> * Info (195)
> ** Track TODO tags (193: Scala + 2: Java)
> h4. Security Hotspots (3)
> * Verify command line args are safe and sanitized
> * Verify hashing is secure
> * Verify deserialization of object is secure
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
