I have a few SonarQube vulnerabilities and one of them caught my eye. As you can see in my code, I have a new DocumentBuilder(); and then I parse this: The Sonar “solution” is to do one of the following things: This is legacy code and I am quite lost here. Could someone explain me the differences between the three
When I use SonarLint plugin to scan the Java code in IntelliJ IDEA, it shows warning like this: remove usage of generic wildcard type. This is the Java code: What should I do to avoid this warnings? Answer You should use generic type or actual type for return type of method declaration Or Or specific type:
Sonarqube block my build due to Duplicated blocks for this two classes : any idea how i can resolve this issue since i don’t want to create an abstract class then inherit from it because i will lose the swagger and JPA annotations and i want to keep the visibility for each class and layer. thanks. Answer Unfortunately, the only
Hello currently i have to do an AES encription and send it to an external SW but i am having trouble with the sonarqube. this is the relevant part of my current code: Is a little spaguetti cause it´s recyclated for an old code (TripleDES) sorry for that. But we can get the gist of it that`s that we are
Sonar qube is giving me the following error: Use try-with-resources or close this “Stream” in a “finally” clause This is my code: How can I fix this error? Answer define and open your stream this way: Doing this, the system will automatically close the stream and you don’t need to worry about it
For below method i am writing JUnit testcase for sonarqube coverage. JUnit testcase: but, unable to mock or test the below line in JUnit testcase. MessageHeaders headers = ((MessagingException) message.getPayload()).getFailedMessage().getHeaders(); Exception: Answer Your productive code means you expect message.payload to be a MessagingException. But in your test, you create so payload will be a string. You need to build a
I am aware that we should not reuse prepared statement or use try-with-resource in java. But what should I do with prepared statement passed as parameter? Should I close it too? For example: Answer The way I see it is as follows: In your code somemethod is not the owner of those prepared statements that were passed to it. It
I have the following DTO and I pass the objects to the ArrayLists to prevent objects to be changed and fix the SonarQube error as “Message: Store a copy of allergenInfoList”, etc. However, this approach requires null check and it makes my code ugly as shown below: So, is there any better approach to fix the problem without null check?
I have sonarQube running but it says that there are duplicates within these lines of code. How do resolve this in a switch statement? I am just learning how unit testing in java works so any help would be great! Answer I think below solution should work for you:
Using SonarQube (version 3.0) I am trying to implement a blacklist of java libraries. For example I’d like for SonarQube to generate a code smell for any java file that contains an import for org.apache.lang.StringUtils I did find this rule: “Track uses of disallowed dependencies” however as previously stated I want to focus on the java file import statements themselves.