Analyses
|
Use constants (es.uniovi.mp.rules) Always use literals with constants (except maybe 0) |
|
Do Not Serialize Direct Handles to System Resources (es.uniovi.reflection.analyses.cmu.sec56) We detect types implementing java.io.Serializable and defining any non-transient field derived from system resources such as java.io.File, org.omg.CosNaming.NamingContext, org.om.CORBA.DomainManager, etc. This rule encourages programmers to make the detected fields transient. |
|
Provide Sensitive Mutable Classes with Unmodifiable Wrappers (es.uniovi.reflection.analyses.cmu.obj56) When a given class may be mutated by a client because of m modifier methods ( i.e. which mutate its state or expose sensible non-final fields), it is checked that at least one subclass provides an immutable wrapper. In such wrapper, those m methods must be overridden with implementations where the state of the object is not mutated or exposed. |
|
Do Not Attempt to Help the Garbage Collector by Setting Local Reference Variables to Null (es.uniovi.reflection.analyses.cmu.obj54) This rule detects the assignment of null to local variables that are no longer used. |
|
Never Confuse the Inmutability of a Reference with that of the Referenced Object (es.uniovi.reflection.analyses.cmu.obj50) It is checked that the states of objects pointed by final references are not mutated. We exclude assignments to fields inside constructors (or methods only called by constructors) since we understood them as initialization, not mutations. |
|
Convert Integers to Floating Point for Floating-Point Operations (es.uniovi.reflection.analyses.cmu.num50) The rule detects division expressions where the two operands are/promote to integers, and the result is assigned to a float or double. It is recommended to include a double literal (1.0) as an operand (in case the programmer wants to enforce a double division) or to change the type of the variable to integer (if an integer result is expected). |
|
Return an Empty Array or Collection Instead of a Null Value for Methods that Return an Array or Collection (es.uniovi.reflection.analyses.cmu.met55) This rule detects statements returning the null literal in methods whose return type is an array or implements the java.util.Collection interface and encourages the programmer to use and empty collection or array instead. |
|
Ensure that the clone() Method Calls super.clone() (es.uniovi.reflection.analyses.cmu.met53) This rule detects implementations of the clone method that do not call (directly or indirectly) super.clone() and encourages the programmer to include such call. |
|
Do Not Use the clone() Method to Copy Untrusted Method Parameters (es.uniovi.reflection.analyses.cmu.met52) Inappropriate implementations of the clone method return objects that bypass validation and security checks. That vulnerable implementation of clone is commonly hidden by the attacker in derived classes of the cloned parameter. Thus, the rule checks when clone is invoked against a parameter in a public method of a public class, and the type of the parameter is not final (overridable). |
|
Avoid Ambiguous or Confusing Uses of Overloading (es.uniovi.reflection.analyses.cmu.met50) This rule detects classes with overloaded methods with a) the same parameter types in a different order; or b) four or more parameters in different implementations. |
|
Use a Try-With-Resources Statement to Safely Handle Closeable Resources (es.uniovi.reflection.analyses.cmu.err54) We detect when a local variable that implements java.lang.AutoCloseable is not initialized in a try-with-resources statement, and the code may throw an exception before calling close. In that case, a try-with-resources statement is advised to the programmer. |
|
Avoid Cyclic Dependencies Between Packages (es.uniovi.reflection.analyses.cmu.dcl60) This rule detects cyclic dependencies between packages and encourages the programmer to undo them. |
|
Do Not Attach Significance to the Ordinal Associated with an Enum (es.uniovi.reflection.analyses.cmu.dcl56) If the ordinal method of some java.lang.Enum is invoked, this rule encourages the programmer to add a new integer field and access it instead. |
|
Minimize the Scope of the Variables - II(Fields) (es.uniovi.reflection.analyses.cmu.dcl53) We search for fields that are unconditionally assigned before their usage, for all the methods. The rule encourages the programmer to use local variables instead. |
|
Include failure-capture information in detail messages (es.uniovi.reflection.analyses.bloch.9_63) This rule detects Exception subtype classes that do not provide enough parameters to encapsulate all the failure-capture information. To do so, the rule detects constructor calls from these classes, where a string is passed as argument concatenating different types of data (**Scenario 1**). \nMoreover, this rule also detects constructor calls from Exception subtype classes where a string is passed as argument concatenating different types of data, but whose classes define a constructor with enough parameters to store the failure-capture information without any concatenation (**Scenario 2**). |