Analyses
|
Do Not Serialize Direct Handles to System Resources (es.uniovi.reflection.analyses.cmu.sec56) We detect types implementing java.io.Serializable and defining any non-transient field derived from system resources such as java.io.File, org.omg.CosNaming.NamingContext, org.om.CORBA.DomainManager or org.omg.PortableInterceptor.ObjectReferenceFactory. This rule encourages programmers to make the detected fields transient. |
|
Provide Sensitive Mutable Classes with Unmodifiable Wrappers (es.uniovi.reflection.analyses.cmu.obj56) We detect non-public fields that are returned by a public method, and their state may be mutated by an external client. The type of a field will be mutable by a extern client if it has a public method that may modify its state (mutators), has a mutable field which is public or returned by a public method, or has any public non-final field.Additionally, it is checked whether there exists a subclass of the field type providing an immutable wrapper to recommend using it or implementing one. In such wrapper, the mutator methods or the ones exposing the mutable fields must be overridden with implementations where the state of the object is not mutated or exposed. |
|
Do Not Attempt to Help the Garbage Collector by Setting Local Reference Variables to Null (es.uniovi.reflection.analyses.cmu.obj54) This rule detects the assignment of null to local variables or parameters when they are no longer used. |
|
Never Confuse the Inmutability of a Reference with that of the Referenced Object (es.uniovi.reflection.analyses.cmu.obj50) It is checked that the state of objects pointed by final references is not mutated. We exclude assignments to fields inside constructors (or methods only called by constructors) since we understood them as initialization, not mutations. |
|
Convert Integers to Floating Point for Floating-Point Operations (es.uniovi.reflection.analyses.cmu.num50) The rule detects division expressions where the two operands are/promote to integers or longs, and the result is assigned to a float or double variable. It is recommended to include a double literal (1.0) as an operand (in case the programmer wants to enforce a double division) or to change the type of the variable to integer (if an integer result is expected). |
|
Return an Empty Array or Collection Instead of a Null Value for Methods that Return an Array or Collection (es.uniovi.reflection.analyses.cmu.met55) This rule detects statements returning the null literal in methods whose return type is an array or implements the java.util.Collection interface and encourages the programmer to use an empty collection or array instead. |
|
Ensure that the clone() Method Calls super.clone() (es.uniovi.reflection.analyses.cmu.met53) This rule detects implementations of the clone method that do not call (directly or indirectly) super.clone() and encourages the programmer to include such call. |
|
Do Not Use the clone() Method to Copy Untrusted Method Parameters (es.uniovi.reflection.analyses.cmu.met52) The rule checks when clone is invoked against a parameter in a public method or constructor of a public type, and the type of the parameter is not final (overridable). We also consider parameterized (generic) type and array type parameters of non-final types. |
|
Avoid Ambiguous or Confusing Uses of Overloading (es.uniovi.reflection.analyses.cmu.met50) This rule detects classes with overloaded methods with a) the same parameter types in a different order; or b) four or more parameters sharing the same types in different implementations. We consider boxed primitive types equivalent to their primitive counterpart for this rule. |
|
Use a Try-With-Resources Statement to Safely Handle Closeable Resources (es.uniovi.reflection.analyses.cmu.err54) We detect when local variables that implements java.lang.AutoCloseable are not initialized in a try-with-resources statement, and the code may throw an exception before calling the close method, causing the abrupt termination of the method, or reaching a catch or finally clause where the variable is not closed either. In that case, a try-with-resources statement is advised to the programmer. |
|
Avoid Cyclic Dependencies Between Packages (es.uniovi.reflection.analyses.cmu.dcl60) This rule detects cyclic dependencies between packages and encourages the programmer to undo them. |
|
Do Not Attach Significance to the Ordinal Associated with an Enum (es.uniovi.reflection.analyses.cmu.dcl56) If the ordinal method of some java.lang.Enum is invoked, this rule encourages the programmer to add a new integer field and access it instead. |
|
Minimize the Scope of the Variables - II(Fields) (es.uniovi.reflection.analyses.cmu.dcl53) We search for fields that are unconditionally assigned before their usage, for all the methods. The rule encourages the programmer to use local variables instead. |
|
Do not ignore exceptions (es.uniovi.reflection.analyses.bloch.9.65) This rule detects empty catch blocks, which must not be used to silently ignore exceptions. |
|
Include failure-capture information in detail messages (es.uniovi.reflection.analyses.bloch.9.63) This rule detects Exception subtype classes that do not provide enough parameters to encapsulate all the failure-capture information. To do so, the rule detects constructor calls from these classes, where a string is passed as argument concatenating different types of data (**Scenario 1**). Moreover, this rule also detects constructor calls from Exception subtype classes where a string is passed as argument concatenating different types of data, but whose classes define a constructor with enough parameters to store the failure-capture information without any concatenation (**Scenario 2**). |