I have a few SonarQube vulnerabilities and one of them caught my eye. As you can see in my code, I have a new DocumentBuilder(); and then I parse this: The Sonar “solution” is to do one of the following things: This is legacy code and I am quite lost here. Could someone explain me the differences between the three
Tag: sonarqube
What should I do to fix SonarLint warning “remove usage of generic wildcard type”
When I use SonarLint plugin to scan the Java code in IntelliJ IDEA, it shows warning like this: remove usage of generic wildcard type. This is the Java code: What should I do to avoid this warnings? Answer You should use generic type or actual type for return type of method declaration Or Or specific type:
SonarQube Major Issue: Duplicated blocks of code must be removed same class with different annotations
Sonarqube block my build due to Duplicated blocks for this two classes : any idea how i can resolve this issue since i don’t want to create an abstract class then inherit from it because i will lose the swagger and JPA annotations and i want to keep the visibility for each class and layer. thanks. Answer Unfortunately, the only
AES Encryption algorithms and padding scheme
Hello currently i have to do an AES encription and send it to an external SW but i am having trouble with the sonarqube. this is the relevant part of my current code: Is a little spaguetti cause it´s recyclated for an old code (TripleDES) sorry for that. But we can get the gist of it that`s that we are
Sonar scan says Use try-with-resources or close this “Stream” in a “finally” clause
Sonar qube is giving me the following error: Use try-with-resources or close this “Stream” in a “finally” clause This is my code: How can I fix this error? Answer define and open your stream this way: Doing this, the system will automatically close the stream and you don’t need to worry about it
I am unable to test the below mentioned method in JUnit testcase and getting ClassCastException
For below method i am writing JUnit testcase for sonarqube coverage. JUnit testcase: but, unable to mock or test the below line in JUnit testcase. MessageHeaders headers = ((MessagingException) message.getPayload()).getFailedMessage().getHeaders(); Exception: Answer Your productive code means you expect message.payload to be a MessagingException. But in your test, you create so payload will be a string. You need to build a
Sonar Issue-Possible null pointer dereference due to return value of called method. Return value from a method is dereferenced without a null check
I have a void method which is being called with a string argument from a parent method. Answer getText seems to be more than a simple getter. The second time it evidently may return null.
Should I close the prepared statement passed as parameter?
I am aware that we should not reuse prepared statement or use try-with-resource in java. But what should I do with prepared statement passed as parameter? Should I close it too? For example: Answer The way I see it is as follows: In your code somemethod is not the owner of those prepared statements that were passed to it. It
Java mutable object to causing nullpointer exception
I have the following DTO and I pass the objects to the ArrayLists to prevent objects to be changed and fix the SonarQube error as “Message: Store a copy of allergenInfoList”, etc. However, this approach requires null check and it makes my code ugly as shown below: So, is there any better approach to fix the problem without null check?
How to SupressWarnings for Sonar Security Hotspots?
I’m getting a Sonar CSRF Security Hotspot complaint on a Spring Boot code with Spring Security enabled that needs to be reviewed every then and now, and I would like to suppress the hotspot from the code as in @SuppressWarnings(“squid:x”) sonar.cpd.exclusions sonar.coverage.exclusions but as it it not a rule it has no id, at least on the screen How can