Common static analysis issue remediation

In this guide we'll look at using OpenRewrite to perform an automated remediation for many issues identified by common static analysis tools.

Example configuration

The Common Static Analysis Recipe consists of more than 50 types of issues and can be applied by including OpenRewrite's plugin to your project and configuring the recipe:

Gradle

build.gradle

plugins {
    id("java")
    id("org.openrewrite.rewrite") version("7.6.1")
}

rewrite {
    activeRecipe("org.openrewrite.staticanalysis.CommonStaticAnalysis")
}

repositories {
    mavenCentral() // rewrite is published to Maven Central
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-static-analysis:{{VERSION_REWRITE_STATIC_ANALYSIS}}")
}

Maven

pom.xml

<plugin>
    <groupId>org.openrewrite.maven</groupId>
    <artifactId>rewrite-maven-plugin</artifactId>
    <version>6.8.0</version>
    <configuration>
    <activeRecipes>
        <recipe>org.openrewrite.staticanalysis.CommonStaticAnalysis</recipe>
    </activeRecipes>
    </configuration>
    <dependencies>
    <dependency>
        <groupId>org.openrewrite.recipe</groupId>
        <artifactId>rewrite-static-analysis</artifactId>
        <version>{{VERSION_REWRITE_STATIC_ANALYSIS}}</version>
    </dependency>
    </dependencies>
</plugin>

At this point, you're ready to fix common static analysis issues by running mvn rewrite:run or gradlew rewriteRun.

Before and After

For the full list of changes this recipe will make, see its reference page.

Use explicit types on lambda arguments

Before

queue.findAll().forEach(msg -> {
    WebSocketMessageBody toSend = conv.fromMap(msg.getMessage(), WebSocketMessageBody.class);
    session.sendSync(toSend);
});  

After

queue.findAll().forEach((MessageQueue msg) -> {
    WebSocketMessageBody toSend = conv.fromMap(msg.getMessage(), WebSocketMessageBody.class);
    session.sendSync(toSend);
});   

No Double Brace Initialization

Before

class Menu {
    static final List<String> menuItems = Arrays.asList("rice", "beans");
    
    void newOrder(String main, String desert) {
        List<String> menuItems = new ArrayList<>() {
            {
                add(main);
                add(desert);
            }
        };
        ...
    }
}

After

class Menu {
    static final List<String> menuItems;
    static {
        menuItems = new ArrayList<>();
        menuItems.add("rice");
        menuItems.add("beans");
    }
    
    void newOrder(String main, String desert) {
        List<String> menuItems = new ArrayList<>();
        menuItems.add(main);
        menuItems.add(desert);
        ...
    }
}

Fields in a Serializable class should either be transient or serializable

Before

public class MessageExtBatch implements Serializable {
    private ByteBuffer encodedBuff;
    ...
}

After

public class MessageExtBatch implements Serializable {
    private transient ByteBuffer encodedBuff;
    ...
}

Known Limitations

We don't have OpenRewrite recipes implemented for all publicly available policies. If you find a violation you'd like automated, visit the rewrite repository and file an issue (or help out the community by contributing code yourself).

See how this recipe works across multiple open-source repositories

Run this recipe on OSS repos at scale with the Moderne SaaS.

Run this recipe here

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.