Static analysis and remediation

Remediations for issues identified by SAST tools.

Categories

• Java

Composite Recipes

Recipes that include further recipes, often including the individual recipes below.

• Code cleanup
• Common static analysis issues
• Modernize BufferedWriter creation & prevent file descriptor leaks
• Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
• Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
• Simplify ternary expressions
• URL Equals and Hash Code

Recipes

• Add @Serial annotation to serialVersionUID
• Add missing @Override to overriding and implementing methods
• Add serialVersionUID to a Serializable class when missing
• Annotate methods which may return null with @Nullable
• Atomic Boolean, Integer, and Long equality checks compare their values
• Avoid boxed boolean expressions
• BigDecimal rounding constants to RoundingMode enums
• Boolean checks should not be inverted
• CaseInsensitive comparisons do not alter case
• Catch clause should do more than just rethrow
• Chain StringBuilder.append() calls
• Chain calls to builder methods
• Change StringBuilder and StringBuffer character constructor argument to String
• Changes code to use Java 17's instanceof pattern matching
• Combine semantically equal catch blocks
• Constructors of an abstract class should not be declared public
• Control flow statement indentation
• Convert new BufferedWriter(new FileWriter(File)) to Files.newBufferedWriter(Path)
• Convert new BufferedWriter(new FileWriter(File, boolean)) to Files.newBufferedWriter(Path, StandardOpenOption)
• Convert new BufferedWriter(new FileWriter(String)) to Files.newBufferedWriter(Path)
• Convert new BufferedWriter(new FileWriter(String, boolean)) to Files.newBufferedWriter(Path, StandardOpenOption)
• Covariant equals
• Default comes last
• Don't use final on local variables
• Enum values should be compared with "=="
• Equals avoids null
• Explicit initialization
• Externalizable classes have no-arguments constructor
• Fall through
• Finalize classes with private constructors
• Finalize local variables
• Finalize method arguments
• Finalize private fields
• Fix String#format and String#formatted expressions
• Fix missing braces
• Hidden field
• Hide utility class constructor
• Inline variable
• Java API best practices
• Jump statements should not be redundant
• Mask credit card numbers
• Modifier order
• Move @Nullable method annotations to the return type
• Nested enums are not static
• No C-style array declarations
• No double brace initialization
• No multiple variable declarations
• No primitive wrappers for #toString() or #compareTo(..)
• Operator wrapping
• Prefer while over for loops
• Properly use declaration-site type variance
• Properly use declaration-site type variance for well-known types
• Redundant file creation
• Reformat local variable names to camelCase
• Reformat private field names to camelCase
• Remove @Nullable and @CheckForNull annotations from primitives
• Remove JavaDoc @param, @return, and @throws with no description
• Remove Object.finalize() invocations
• Remove System.out#println statements
• Remove author tags from JavaDocs
• Remove catch for a checked exception if the try block does not throw that exception
• Remove empty blocks
• Remove extra semicolons
• Remove finalize() method
• Remove garbage collection invocations
• Remove redundant casts
• Remove toString() calls on arrays
• Remove unnecessary parentheses
• Remove unneeded assertions
• Remove unneeded block
• Remove unused local variables
• Remove unused private fields
• Remove unused private methods
• Removes from code Java 14's instanceof pattern matching
• Rename caught exceptions in empty catch blocks to ignored
• Rename methods named hashcode, equal, or tostring
• Rename packages to lowercase
• Replace A.class.isInstance(a) with a instanceof A
• Replace Optional#isPresent() with Optional#ifPresent()
• Replace Stream.toList() with Stream.collect(Collectors.toList())
• Replace StringBuilder#append with String
• Replace booleanExpression ? false : true with !booleanExpression
• Replace booleanExpression ? true : false with booleanExpression
• Replace calls to Thread.run() with Thread.start()
• Replace deprecated Runtime#exec() methods
• Replace duplicate String literals
• Replace invocations of Collections#sort(List, Comparator) with List#sort(Comparator)
• Replace java.util.Set#removeAll(java.util.Collection) with java.util.Collection#forEach(Set::remove)
• Replace java.util.Stack with java.util.Deque
• Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
• Replace redundant String format invocations that are wrapped with PrintStream operations
• Replace referential equality operators with Object equals method invocations when the operands both override Object.equals(Object obj)
• Replace text block with regular string
• Replaces Object.notify() with Object.notifyAll()
• Set charset encoding explicitly when calling String#getBytes
• Simplify boolean expression
• Simplify boolean return
• Simplify compound statement
• Simplify consecutive assignments
• Simplify constant if branch execution
• Simplify java.time.Duration units
• Simplify lambda blocks to expressions
• Sorted set stream should be collected to LinkedHashSet
• Standardize method name casing
• Static methods need not be final
• Ternary operators should not be nested
• Typecast parenthesis padding
• URL Equals
• URL Hash Code
• Unnecessary String#toString
• Unnecessary String#valueOf(..)
• Unnecessary close in try-with-resources
• Unnecessary explicit type arguments
• Unnecessary return as last statement in void method
• Unnecessary throws
• Unwrap @Repeatable annotations
• Upper case literal suffixes
• Use Collection interfaces
• Use Collection#isEmpty() instead of comparing size()
• Use Collections#emptyList(), emptyMap(), and emptySet()
• Use Empty Array for Collection.toArray()
• Use Map#containsKey
• Use StandardCharset constants
• Use String.contentEquals(CharSequence) instead of String.equals(CharSequence.toString())
• Use String.equals() on String literals
• Use String::replace() when first parameter is not a real regular expression
• Use System.lineSeparator()
• Use comparison rather than equality checks in for conditions
• Use explicit types on lambda arguments
• Use indexOf(String, int)
• Use lambda expressions instead of anonymous classes
• Use method references in lambda
• Use primitive wrapper valueOf method
• Use the diamond operator
• Week Year (YYYY) should not be used for date formatting
• Write octal values as decimal
• finalize() calls super
• for loop counters incremented in update
• for loop counters should use postfix operators
• hashCode() should not be called on array instances
• indexOf should not compare greater than zero
• indexOf() replaceable by contains()
• new BigDecimal(double) should not be used
• switch statements should have at least 3 case clauses