ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RULEAPI-617: Add Jira closed RSPECs in Github repository

Browse Source
This commit is contained in:
Arseniy Zaostrovnykh 2021-06-08 14:23:48 +02:00 committed by GitHub
parent 53c4d38f7a
commit 5d0cb68cd0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1269 changed files with 17133 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rules/S1007/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,3 @@
=== on 21 Oct 2014, 13:15:09 Samuel Mercier wrote:
Cannot be implemented, as this requires understanding of the developer's intent.

22
rules/S1007/cfamily/metadata.json Normal file
View File

@ -0,0 +1,22 @@
{
"title": "When the absolute positioning of bits representing a bit-field is required, then the behaviour and packing of bit-fields shall be documented",
"type": "CODE_SMELL",
"status": "closed",
"tags": [
"misra"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"ruleSpecification": "RSPEC-1007",
"sqKey": "S1007",
"scope": "Main",
"defaultQualityProfiles": [
]
}

28
rules/S1007/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,28 @@
Certain aspects of bit-fields are implementation-defined. In particular, the developer should be aware of the following:
* It is implementation-defined whether the bit-fields are allocated from the high or low end of a storage unit (usually a byte).
* It is implementation-defined whether or not a bit field can overlap a storage unit boundary (e.g. if a 6-bit bit-field and a 4-bit bit-field are declared in that order, then the 4-bit bit-field may either start a new byte or it may use 2 bits in one byte and 2 bits in the next).
These issues are generally benign (e.g. when packing together short-length data to save storage space), but they may lead to errors if the absolute position of the bit-fields is important (e.g. when accessing hardware registers).
Provided the elements of the structure are only accessed by name, the developer need make no assumptions about the way that the bit fields are stored within the structure.
Note that Rule 3-9-2 need not be followed when defining bit-fields, as their lengths are explicitly specified.
If the compiler has a switch to force bit fields to follow a particular layout, then this option should be documented.
== See Also
* MISRA {cpp}:2008, 3-9-2
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1007/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

8
rules/S1008/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,8 @@
=== duplicates: S814
=== on 9 Dec 2014, 21:11:36 Evgeny Mandrikov wrote:
\[~ann.campbell.2] I'd like to close this as duplicate of RSPEC-814, however they are significantly different in definition of SQALE model (characteristic and cost). So could you please advise which of those two SQALE models should be used?
=== on 9 Dec 2014, 21:12:36 Evgeny Mandrikov wrote:
Also they are different in default severity and activation.

27
rules/S1008/cfamily/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Bit-fields shall be either bool type or an explicitly unsigned or signed integral type",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10mn"
},
"tags": [
"misra"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1008",
"sqKey": "S1008",
"scope": "Main",
"defaultQualityProfiles": [
]
}

40
rules/S1008/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,40 @@
Using ``++int++`` is implementation-defined because bit-fields of type ``++int++`` can be either ``++signed++`` or ``++unsigned++``.
The use of ``++wchar_t++`` as a bit-field type is prohibited as ISO/IEC 14882:2003 does not explicitly define the underlying representation as ``++signed++`` or ``++unsigned++``.
== Noncompliant Code Example
----
struct S
{
char c : 2; // Noncompliant
int i : 2; // Noncompliant
short f : 2; // Noncompliant
wchar_t k : 2; // Noncompliant
signed int a : 2; // Compliant
unsigned int b : 2; // Compliant
signed char d : 2; // Compliant
unsigned char e : 2; // Compliant
signed short g : 2; // Compliant
unsigned short h : 2; // Compliant
bool j : 2; // Compliant
uint32_t l : 2; // Compliant
int8_t m : 2; // Compliant
};
----
== See
* MISRA {cpp}:2008, 9-6-2
* ISO/IEC 14882:2003
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1008/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

2
rules/S1010/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S2216

28
rules/S1010/cfamily/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Named bit-fields with signed integer type should have a length of more than one bit",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10min"
},
"tags": [
"misra",
"suspicious"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1010",
"sqKey": "S1010",
"scope": "Main",
"defaultQualityProfiles": [
]
}

38
rules/S1010/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,38 @@
The values which may be represented by a bit-field of length one may not meet developer expectations. Anonymous signed bit-fields of any length are allowed.
== Noncompliant Code Example
----
struct S
{
signed int a : 1; // Noncompliant, signed fields require at least two bits
signed int : 1; // Compliant, cannot be referenced
signed int : 0; // Compliant, cannot be referenced
};
----
== Compliant Solution
----
struct S
{
signed int a : 2; // Compliant
signed int : 1; // Compliant, cannot be referenced
signed int : 0; // Compliant, cannot be referenced
};
----
== See
* MISRA {cpp}:2008, 9-6-4
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1010/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

2
rules/S1018/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S3656

27
rules/S1018/cfamily/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Member data in non-POD class types should be private",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10min"
},
"tags": [
"misra"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1018",
"sqKey": "S1018",
"scope": "Main",
"defaultQualityProfiles": [
]
}

48
rules/S1018/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,48 @@
By implementing class interfaces with member functions, the implementation retains more control over how the object state can be modified, and helps to allow a class to be maintained without affecting clients.
== Noncompliant Code Example
----
class C
{
public:
int32_t b; // Noncompliant
protected:
int32_t c; // Noncompliant
private:
int32_t d; // Compliant
};
----
== Compliant Solution
----
class C
{
public:
int32_t getB() { return _b; }
void setB(int32_t b) { _b = b; }
protected:
int32_t getC() { return _c; }
void setC(int32_t c) { _c = c; }
private:
int32_t _b; // Compliant
int32_t _c; // Compliant
int32_t _d; // Compliant
};
----
== See
* MISRA {cpp}:2008, 11-0-1
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1018/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

8
rules/S1021/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,8 @@
=== duplicates: S1709
=== on 17 Nov 2015, 21:49:14 Evgeny Mandrikov wrote:
\[~ann.campbell.2] duplicates RSPEC-1709 ?
=== on 18 Nov 2015, 17:38:58 Ann Campbell wrote:
It sure does [~evgeny.mandrikov]. Closed & MISRA reference added to RSPEC-1709

27
rules/S1021/cfamily/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Constructors that are callable with a single argument of fundamental type should be \"explicit\"",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10mn"
},
"tags": [
"misra"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1021",
"sqKey": "S1021",
"scope": "Main",
"defaultQualityProfiles": [
]
}

40
rules/S1021/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,40 @@
The explicit keyword prevents the constructor from being used to implicitly convert from a fundamental type to the class type.
== Noncompliant Code Example
----
class C
{
public:
C ( int32_t a ) // Noncompliant
{
}
};
----
== Compliant Solution
----
class D
{
public:
explicit D ( int32_t a )
{
}
};
----
== See
* MISRA {cpp}:2008, 12-1-3
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1021/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

6
rules/S1038/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,6 @@
=== on 16 Aug 2016, 18:06:27 Alban Auzeill wrote:
I close this rule in favor of [RSPEC-3696] that mark as non-compliant NULL and 0 (zero).
=== on 16 Aug 2016, 19:28:50 Ann Campbell wrote:
As an addendum to the previous comment: ``++NULL++`` evaluates to 0, so we can't distinguish between ``++throw NULL++`` and ``++throw 0++``.

28
rules/S1038/cfamily/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "NULL should not be thrown",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "2min"
},
"tags": [
"misra",
"pitfall"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1038",
"sqKey": "S1038",
"scope": "Main",
"defaultQualityProfiles": [
]
}

50
rules/S1038/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,50 @@
``++throw(NULL)++`` is equivalent to ``++throw(0)++``, and is therefore caught by an integer handler. However, since ``++NULL++`` is typically used in the context of pointers, developers may expect it to be caught by a pointer-to-type handler. Thus to avoid confusion, zero should be thrown instead of ``++NULL++``.
== Noncompliant Code Example
----
try
{
throw ( NULL ); // Noncompliant
}
catch ( int32_t i ) // NULL exception handled here
{
// ...
}
catch ( const char_t * ) // Developer may expect it to be caught here
{
// ...
}
----
== Compliant Solution
----
try
{
throw ( 0 );
}
catch ( int32_t i )
{
// ...
}
catch ( const char_t * )
{
// ...
}
----
== See
* MISRA {cpp}:2008, 15-1-2
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1038/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

12
rules/S1049/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,12 @@
=== relates to: S1047
=== relates to: S1050
=== on 8 Nov 2018, 14:58:39 Loïc Joly wrote:
Exceptions specifications have been deprecated in {cpp}11, and removed in {cpp}17/{cpp}20. And even before that, it was never an accepted practice.
Therefore, canceling this RSPEC.

37
rules/S1049/cfamily/metadata.json Normal file
View File

@ -0,0 +1,37 @@
{
"title": "Functions should not throw exceptions not included in their specifications",
"type": "BUG",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "5min"
},
"tags": [
"cwe",
"misra",
"cert"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-1049",
"sqKey": "S1049",
"scope": "Main",
"securityStandards": {
"CWE": [
391
],
"CERT": [
"ERR55-CPP."
]
},
"defaultQualityProfiles": [
]
}

52
rules/S1049/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,52 @@
When exception types are included in a method specification, only those exception types may be thrown by the method. If an attempt is made to throw anything else, then by default a ``++std::bad_exception++`` is thrown. If ``++std::bad_exception++`` is not itself listed in the method specification, then the end result is that ``++terminate()++`` is called, resulting in an implementation-defined termination of the program.
Methods that don't include exception types in their specifications can throw any exception type. However, this fact should not be taken as an argument for omitting exception types. It is far better to thoroughly specify a method, so that callers know what to expect, than to leave them in the dark.
Therefore, all exceptions that could be thrown by a method should be explicitly listed in its specification.
== Noncompliant Code Example
----
void foo () // no exceptions specified
{
throw ( 21 ); // anything can be thrown
}
void goo ( ) throw ( Exception )
{
foo ( ); // Noncompliant; an int could be thrown
}
----
== Compliant Solution
----
void foo () // no exceptions specified
{
throw ( 21 ); // this is legal; anything can be thrown
}
void goo ( ) throw ( Exception, int )
{
foo ( );
}
----
== See
* MISRA {cpp}:2008, 15-5-2
* http://cwe.mitre.org/data/definitions/391.html[MITRE, CWE-391] - Unchecked Error Condition
* https://www.securecoding.cert.org/confluence/x/EADTAQ[CERT, ERR55-CPP.] - Honor exception specifications
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1049/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

2
rules/S1063/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

5
rules/S1063/plsql/comments-and-links.adoc Normal file
View File

@ -0,0 +1,5 @@
=== duplicates: S1524
=== on 21 May 2013, 14:11:55 Fabrice Bellingard wrote:
Implementation: \http://jira.sonarsource.com/browse/PLSQL-348

27
rules/S1063/plsql/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Names should not be reused in inner scopes",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "30min"
},
"tags": [
"pitfall"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1063",
"sqKey": "S1063",
"scope": "Main",
"defaultQualityProfiles": [
"Sonar way"
]
}

48
rules/S1063/plsql/rule.adoc Normal file
View File

@ -0,0 +1,48 @@
Using the same name for multiple purposes reduces the understandability of the code and might eventually lead to bugs.
This rule verifies that no name is reused in an inner scope.
== Noncompliant Code Example
----
<<foo>> -- Compliant
DECLARE
a CONSTANT PLS_INTEGER := 0;
BEGIN
<<foo>> -- Non-Compliant
DECLARE
b CONSTANT PLS_INTEGER := 42;
BEGIN
DBMS_OUTPUT.PUT_LINE('x = ' || foo.b); -- Confusing
END;
END;
/
----
== Compliant Solution
----
<<foo>> -- Compliant
DECLARE
a CONSTANT PLS_INTEGER := 0;
BEGIN
<<bar>> -- Compliant
DECLARE
b CONSTANT PLS_INTEGER := 42;
BEGIN
DBMS_OUTPUT.PUT_LINE('x = ' || bar.b); -- Clear
END;
END;
/
----
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1073/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

8
rules/S1073/plsql/comments-and-links.adoc Normal file
View File

@ -0,0 +1,8 @@
=== duplicates: S2145
=== on 30 May 2013, 13:48:23 Fabrice Bellingard wrote:
This is originally a TOAD rule.
It could be improve to check only the first case which involves a single variable (because the gain in readability of the 2nd case is not really clear...).

27
rules/S1073/plsql/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Complex \"IF\" statements should be replaced by \"CASE\" statements ",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1073",
"sqKey": "S1073",
"scope": "Main",
"defaultQualityProfiles": [
]
}

78
rules/S1073/plsql/rule.adoc Normal file
View File

@ -0,0 +1,78 @@
Complex chains of IF, ELSIF and ELSE statements should be replaced by the more readable CASE one. A complex IF statement has either several ELSIF clauses, or both an ELSIF and an ELSE clause.
== Noncompliant Code Example
----
DECLARE
x PLS_INTEGER := 0;
BEGIN
IF x = 0 THEN -- Noncompliant
DBMS_OUTPUT.PUT_LINE('x = 0');
ELSIF x = 1 THEN
DBMS_OUTPUT.PUT_LINE('x = 1');
ELSIF x = 2 THEN
DBMS_OUTPUT.PUT_LINE('x = 2');
END IF;
END;
/
DECLARE
x PLS_INTEGER := 0;
y PLS_INTEGER := 0;
BEGIN
IF x = 0 THEN -- Noncompliant
DBMS_OUTPUT.PUT_LINE('x = 0, y = ?');
ELSIF y = 1 THEN
DBMS_OUTPUT.PUT_LINE('x != 0, y = 1');
ELSE
DBMS_OUTPUT.PUT_LINE('x != 0, y != 1');
END IF;
END;
/
----
== Compliant Solution
----
DECLARE
x PLS_INTEGER := 0;
BEGIN
CASE x
WHEN 0 THEN
DBMS_OUTPUT.PUT_LINE('x = 0');
WHEN 1 THEN
DBMS_OUTPUT.PUT_LINE('x = 1');
WHEN 2 THEN
DBMS_OUTPUT.PUT_LINE('x = 2');
ELSE
-- Do not forget the ELSE to prevent ORA-06592
NULL;
END CASE;
END;
/
DECLARE
x PLS_INTEGER := 0;
y PLS_INTEGER := 0;
BEGIN
CASE -- Compliant
WHEN x = 0 THEN
DBMS_OUTPUT.PUT_LINE('x = 0, y = ?');
WHEN y = 1 THEN
DBMS_OUTPUT.PUT_LINE('x != 0, y = 1');
ELSE
DBMS_OUTPUT.PUT_LINE('x != 0, y != 1');
END CASE;
END;
/
----
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

11
rules/S1076/comments-and-links.adoc Normal file
View File

@ -0,0 +1,11 @@
=== is related to: S1149
=== on 8 Aug 2013, 06:05:30 Dinesh Bolkensteyn wrote:
Perhaps this rule should be merged with RSPEC-1149, as it's again about synchronized classes.
=== on 8 Aug 2013, 06:19:35 Dinesh Bolkensteyn wrote:
Implemented by \https://jira.codehaus.org/browse/SONARJAVA-179
=== on 8 Aug 2013, 12:36:43 Freddy Mallet wrote:
This rule spec has been merged with RSPEC-1149

28
rules/S1076/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "StringBuilder class should be used in place of StringBuffer class",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": null,
"linearFactor": "10mn"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1076",
"sqKey": "S1076",
"scope": "Main",
"defaultQualityProfiles": [
]
}

4
rules/S1076/rule.adoc Normal file
View File

@ -0,0 +1,4 @@
Since Java 5, <code>StringBuffer</code> has been supplemented with an equivalent class designed for use by a single thread, <code>StringBuilder</code>.
<code>StringBuilder</code> is faster, as it performs no synchronization, and should be preferred.

3
rules/S1078/comments-and-links.adoc Normal file
View File

@ -0,0 +1,3 @@
=== on 8 Jul 2013, 18:26:58 Freddy Mallet wrote:
Is implemented by \http://jira.codehaus.org/browse/SONARPLUGINS-2997

28
rules/S1078/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Form fields should be associated to labels",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": null,
"linearFactor": null
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
"RSPEC-1097"
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1078",
"sqKey": "S1078",
"scope": "Main",
"defaultQualityProfiles": [
]
}

11
rules/S1078/rule.adoc Normal file
View File

@ -0,0 +1,11 @@
The <label> tag defines a label for an <input> element.
The <label> element does not render as anything special for the user. However, it provides a usability improvement for mouse users, because if the user clicks on the text within the <label> element, it toggles the control.
The for attribute of the <label> tag should be equal to the id attribute of the related element to bind them together.
The following code snippet illustrates this rul

2
rules/S1080/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S1081

27
rules/S1080/cfamily/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "The C function 'strcpy' should not be used to prevent any memory overflow",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "20min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1080",
"sqKey": "S1080",
"scope": "Main",
"defaultQualityProfiles": [
"Sonar way"
]
}

7
rules/S1080/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,7 @@
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1080/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

5
rules/S1115/java/comments-and-links.adoc Normal file
View File

@ -0,0 +1,5 @@
=== relates to: S1114
=== on 15 Oct 2013, 08:11:16 Freddy Mallet wrote:
Partially duplicates RSPEC-1114 so we're not going to implement this rule.

28
rules/S1115/java/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Empty or useless Object.finalize() implementations should be removed",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": "useless Object.finalize() implementations",
"linearFactor": "5min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Minor",
"ruleSpecification": "RSPEC-1115",
"sqKey": "S1115",
"scope": "Main",
"defaultQualityProfiles": [
]
}

25
rules/S1115/java/rule.adoc Normal file
View File

@ -0,0 +1,25 @@
Overriding the Object.finalize() method should be done with caution and with a clear goal in mind so empty implementations or implementations containing only a call to 'super.finalize()' are useless and misleading.
The following code snippet illustrates this rule:
----
protected finalize() { //Non-Compliant
}
...
protected finalize() {
super.finalize(); //Non-Compliant
}
...
protected finalize() {
disposeSomeResources(); //Compliant
}
----
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1115/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

26
rules/S1127/comments-and-links.adoc Normal file
View File

@ -0,0 +1,26 @@
=== on 11 Jul 2013, 16:28:39 Dinesh Bolkensteyn wrote:
I'm changing the severity to Critical as this is most likely a bug that will be caught at runtime.
=== on 11 Jul 2013, 17:18:18 Dinesh Bolkensteyn wrote:
Implemented by \https://jira.codehaus.org/browse/SONARJAVA-205
=== on 11 Jul 2013, 17:21:24 Dinesh Bolkensteyn wrote:
Fabrice, it looks like to me that this can also deprecate some Findbugs checks:
ES_COMPARING_STRINGS_WITH_EQ
ES_COMPARING_PARAMETER_STRING_WITH_EQ
I did not really get the difference between those 2 however
=== on 13 Apr 2015, 09:17:37 Dinesh Bolkensteyn wrote:
FYI, [~ann.campbell.2], this rule is not applicable to C# and VB.NET, where ``++==++`` works.
=== on 31 Oct 2018, 17:19:36 Tibor Blenessy wrote:
We are reopening this issue because it can be used as a bug activated by default in SonarWay, while RSPEC-1698 should remain a code smell.
=== on 31 Oct 2018, 17:36:38 Tibor Blenessy wrote:
In fact, it would be better to have a new rule, because we want to extend for boxed primitives (``++java.lang.Integer++``, etc...}}

27
rules/S1127/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Strings should be compared using \"equals()\"",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "5min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
"RSPEC-1698"
]
},
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1127",
"sqKey": "S1127",
"scope": "Main",
"defaultQualityProfiles": [
]
}

25
rules/S1127/rule.adoc Normal file
View File

@ -0,0 +1,25 @@
Strings, just like any other ``++Object++``, should be compared using the ``++equals()++`` method.
Using ``++==++`` or ``++!=++`` compares references rather than values, and usually does not work.
== Noncompliant Code Example
----
if (variable == "foo") { /* ... */ }
if (variable != "foo") { /* ... */ }
----
== Compliant Solution
----
if ("foo".equals(variable)) { /* ... */ }
if (!"foo".equals(variable)) { /* ... */ }
----
== See
* http://cwe.mitre.org/data/definitions/597.html[MITRE, CWE-597] - Use of Wrong Operator in String Comparison

3
rules/S1140/cobol/comments-and-links.adoc Normal file
View File

@ -0,0 +1,3 @@
=== on 23 Sep 2013, 09:52:45 Freddy Mallet wrote:
Manually tested !

28
rules/S1140/cobol/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Any closable statement having some nested statement should be closed",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": "closable statements",
"linearFactor": "20min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
"Cobol"
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1140",
"sqKey": "S1140",
"scope": "Main",
"defaultQualityProfiles": [
]
}

22
rules/S1140/cobol/rule.adoc Normal file
View File

@ -0,0 +1,22 @@
As soon as a closable statement contains some nested statements, it could quickly become difficult to see which statements are nested and which are not. That's why ending a list of nested statements by END-${STATEMENT-NAME} is advised.
The following code snippet illustrates this rule:
----
READ DF-PARAM-SPILOTE AT END
GO TO F-LECT-SPILOTE. *> Non-Compliant
...
IF SOMETHING
MOVE A TO B.
END-IF. *> Compliant
...
----
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1140/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

2
rules/S1164/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S2737

3
rules/S1164/csharp/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1164/csharp/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

3
rules/S1164/java/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1164/java/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

27
rules/S1164/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Exceptions should not be caught and immediately rethrown",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "2min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1164",
"sqKey": "S1164",
"scope": "Main",
"defaultQualityProfiles": [
"Sonar way"
]
}

41
rules/S1164/rule.adoc Normal file
View File

@ -0,0 +1,41 @@
Catching an exception only to immediately rethrow it without doing anything else is useless and misleading.
== Noncompliant Code Example
----
try {
/* ... */
} catch (Exception e) { // Non-Compliant
throw e;
}
----
== Exceptions
When all instances of a general exception must be handled, but some specific ones not, propagation must be used and so is allowed by this rule.
----
try {
/* ... */
} catch (RuntimeException e) { // Compliant - propagation of the unchecked exception
throw e;
} catch (Exception e) { // Compliant - catching of the checked exception
LOGGER.error("...", e);
}
----
Throwing the same exception can also makes sense when an action is done before throwing it again.
----
try {
/* ... */
} catch (MyException e) { // Compliant - something is done before throwing again the exception
fixSomething();
throw e;
}
----

2
rules/S1169/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

2
rules/S1169/plsql/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S2486

30
rules/S1169/plsql/metadata.json Normal file
View File

@ -0,0 +1,30 @@
{
"title": "At least one exception should be handled in an exception block",
"type": "CODE_SMELL",
"status": "closed",
"tags": [
"cwe",
"bug",
"bad-practice"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1169",
"sqKey": "S1169",
"scope": "Main",
"securityStandards": {
"CWE": [
391
]
},
"defaultQualityProfiles": [
"Sonar way"
]
}

61
rules/S1169/plsql/rule.adoc Normal file
View File

@ -0,0 +1,61 @@
Shadowing all exceptions with NULL statements indicates that no error handling has been done for a given block of code. This is a common bad-practice and only the non-relevant exceptions should be ignored (and a comment is welcome in such cases).
== Noncompliant Code Example
----
BEGIN
SELECT value
INTO :hits
FROM hitCounter
WHERE pageIn = 'Sample';
EXCEPTION -- Noncompliant
WHEN OTHERS THEN
NULL;
END;
BEGIN
SELECT value
INTO :hits
FROM hitCounter
WHERE pageIn = 'Sample';
EXCEPTION -- Noncompliant
WHEN TOO_MANY_ROWS THEN
NULL;
WHEN OTHERS THEN
NULL;
END;
----
== Compliant Solution
----
BEGIN
SELECT value
INTO :hits
FROM hitCounter
WHERE pageIn = 'Sample';
EXCEPTION -- Compliant
WHEN NO_DATA_FOUND THEN
hits := 0;
WHEN TOO_MANY_ROWS THEN
DBMS_OUTPUT.PUT_LINE('Error: too many entries for Sample');
WHEN OTHERS THEN
-- Cannot do more in this case
NULL;
END;
----
== See
* http://cwe.mitre.org/data/definitions/391.html[MITRE, CWE-391] - Unchecked Error Condition
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

6
rules/S1173/comments-and-links.adoc Normal file
View File

@ -0,0 +1,6 @@
=== on 1 Aug 2013, 12:50:19 Freddy Mallet wrote:
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-262
=== on 20 Aug 2013, 11:38:45 Freddy Mallet wrote:
This rule generates too many false-positives

28
rules/S1173/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Names should not be too short to be meaningful",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": null,
"linearFactor": "10mn"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1173",
"sqKey": "S1173",
"scope": "Main",
"defaultQualityProfiles": [
]
}

36
rules/S1173/rule.adoc Normal file
View File

@ -0,0 +1,36 @@
Names should be self-descriptive and this can't be the case when they are made of less than 3 characters.
Two-letter English words such as "is", "as", "of", etc. are allowed.
Local variables are not verified by this rule.
The following code snippet illustrates this rule:
----
public class A { // Non-Compliant
public int convert(String a) { // Non-Compliant
for (int i = 0; i < 42 ; i++) { // Compliant - local variable
/* ... */
}
}
public void a() { // Non-Compliant
int i = 0; // Compliant - local variable
try {
/* ... */
} catch (Exception e) { // Compliant - local variable
/* ... */
}
}
private boolean is(Object a) { // Compliant - two-letter English word
/* ... */
}
}
----

5
rules/S1189/java/comments-and-links.adoc Normal file
View File

@ -0,0 +1,5 @@
=== relates to: S1190
=== on 8 Aug 2013, 16:23:48 Freddy Mallet wrote:
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-279

27
rules/S1189/java/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "The \"assert\" keyword should not be used as a variable identifier",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "10min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1189",
"sqKey": "S1189",
"scope": "Main",
"defaultQualityProfiles": [
]
}

19
rules/S1189/java/rule.adoc Normal file
View File

@ -0,0 +1,19 @@
As of Java 5, "assert" is a keyword. By default, using the word as an identifier generates a compilation error, and backward compatibility must be activated with "-source=1.4" to compile such pieces of code. Eventually this backward compatibility mode will be dropped.
The following code snippet illustrates this rule:
----
public void doSomething(){
int assert = 4; // Non-Compliant
...
}
----
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1189/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

27
rules/S1196/java/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Cycles between packages should be removed",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "1d"
},
"tags": [
"design"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1196",
"sqKey": "S1196",
"scope": "Main",
"defaultQualityProfiles": [
]
}

4
rules/S1196/java/rule.adoc Normal file
View File

@ -0,0 +1,4 @@
When several packages are involved in a cycle (package A > package B > package C > package A, where ">" means "depends upon"), that means those packages are highly coupled, and there is no way to reuse/extract one of those packages without importing all the other packages. Such cycle could quickly increase the effort required to maintain an application and embrace business change.
SonarQube not only detect cycles between packages, but also calculates the minimum effort to break those cycles. This rule logs a violation on each source file having an outgoing dependency to be cut in order to break a cycle.

2
rules/S1196/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

3
rules/S1224/cfamily/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1224/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

39
rules/S1224/comments-and-links.adoc Normal file
View File

@ -0,0 +1,39 @@
=== is replaced by: S1701
=== on 20 Aug 2013, 20:48:31 Freddy Mallet wrote:
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-313
=== on 21 Aug 2013, 00:10:32 Ann Campbell wrote:
This description says that in the case of a member name matching a method name, the member should be renamed. However, the non-compliant example shows a member that name-clashes with a private method.
In this case, I would be tempted to rename the method - particularly because it's private. Should the method in the examples be made public?
=== on 21 Aug 2013, 06:37:14 Freddy Mallet wrote:
Examples updated to make methods public
=== on 11 Oct 2013, 15:25:03 Dinesh Bolkensteyn wrote:
This rule is not valuable as it will trigger lots of violations on fluent APIs:
----
class ClassTree {
private final String name; // There really is no problem here
public String name() { // There really is no problem here
return name;
}
}
----
Class names and fields/method should never collide because of naming conventions. (although they might collide when compared case insensitively)
=== on 16 Jun 2014, 19:39:26 Ann Campbell wrote:
\[~freddy.mallet] You closed this RSpec "Won't Fix" last Friday, 2 minutes before you marked the implementing PHP ticket "manually tested"
Surely you closed this in error...?
=== on 16 Jun 2014, 19:40:26 Ann Campbell wrote:
\[~freddy.mallet] never mind.

3
rules/S1224/csharp/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1224/csharp/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

3
rules/S1224/flex/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1224/flex/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

3
rules/S1224/java/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1224/java/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

28
rules/S1224/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Field names should not match any method names",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": "field names",
"linearFactor": "10min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1224",
"sqKey": "S1224",
"scope": "Main",
"defaultQualityProfiles": [
]
}

23
rules/S1224/rule.adoc Normal file
View File

@ -0,0 +1,23 @@
Having a duplication between a field name and a method name is confusing, misleading, and probably an indication that the field name should be updated to be more meaningful.
== Noncompliant Code Example
----
public class Foo {
public int sum; // Noncompliant, matching sum() method name
public int sum() {...}
}
----
== Compliant Solution
----
public class Foo {
public int sumTotal; // Compliant
public int sum() {...}
}
----

3
rules/S1224/vbnet/metadata.json Normal file
View File

@ -0,0 +1,3 @@
{
}

8
rules/S1224/vbnet/rule.adoc Normal file
View File

@ -0,0 +1,8 @@
include::../rule.adoc[]
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1230/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S1440

28
rules/S1230/metadata.json Normal file
View File

@ -0,0 +1,28 @@
{
"title": "Avoid use of == and != in favor of === and !==",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Linear",
"linearDesc": null,
"linearFactor": "30mn"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Major",
"ruleSpecification": "RSPEC-1230",
"sqKey": "S1230",
"scope": "Main",
"defaultQualityProfiles": [
]
}

2
rules/S1230/rule.adoc Normal file
View File

@ -0,0 +1,2 @@
The == and != operators do type coercion before comparing. This is bad because it causes ' \t\r\n' == 0 to be true. This can mask type errors. It is best to not use == and != and to always use the more reliable === and !== operators instead.

2
rules/S1234/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S3624

29
rules/S1234/cfamily/metadata.json Normal file
View File

@ -0,0 +1,29 @@
{
"title": "Classes should define copy constructors and \"operator=\" methods",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "30min"
},
"tags": [
"leak",
"bug",
"cert"
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1234",
"sqKey": "S1234",
"scope": "Main",
"defaultQualityProfiles": [
"Sonar way"
]
}

33
rules/S1234/cfamily/rule.adoc Normal file
View File

@ -0,0 +1,33 @@
Any class that has memory to manage should provide all the methods necessary to properly manage that memory, including a copy constructor and an override of ``++operator=++``. Without those methods, you're likely to end up with memory leaks and multiple class instances pointing at the same segments of memory for their members.
== Noncompliant Code Example
----
class MyClass // Noncompliant
{
private:
char* cpData;
public
MyClass(const char* value);
~MyClass();
}
MyClass a = new MyClass("The quick red fox");
MyClass b = new MyClass("How now brown cow");
b = a; // cpData pointer, not value copied. Also b's old value not deleted: Memory leak.
----
== See
* https://www.securecoding.cert.org/confluence/x/SAAV[CERT, OOP-06-CPP.] - Create a private copy constructor and assignment operator for non copyable objects
ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)
include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]

2
rules/S1234/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

2
rules/S1239/cfamily/comments-and-links.adoc Normal file
View File

@ -0,0 +1,2 @@
=== duplicates: S1241

27
rules/S1239/cfamily/metadata.json Normal file
View File

@ -0,0 +1,27 @@
{
"title": "Don't try to return a reference when you must return an object",
"type": "CODE_SMELL",
"status": "closed",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "0min"
},
"tags": [
],
"extra": {
"coveredLanguages": [
],
"replacementRules": [
]
},
"defaultSeverity": "Critical",
"ruleSpecification": "RSPEC-1239",
"sqKey": "S1239",
"scope": "Main",
"defaultQualityProfiles": [
"Sonar way"
]
}

Some files were not shown because too many files have changed in this diff Show More