Common static analysis issue remediation

In this guide we'll look at using OpenRewrite to perform an automated remediation for many issues identified by common static analysis tools.

Example Configuration

The Common Static Analysis Recipe consists of more than 50 types of issues and can be applied by including OpenRewrite's plugin to your project and configuring the recipe:

<plugin>
  <groupId>org.openrewrite.maven</groupId>
  <artifactId>rewrite-maven-plugin</artifactId>
  <version>5.27.2</version>
  <configuration>
    <activeRecipes>
      <recipe>org.openrewrite.staticanalysis.CommonStaticAnalysis</recipe>
    </activeRecipes>
  </configuration>
  <dependencies>
    <dependency>
      <groupId>org.openrewrite.recipe</groupId>
      <artifactId>rewrite-static-analysis</artifactId>
      <version>1.4.2</version>
    </dependency>
  </dependencies>
</plugin>

plugins {
    id("java")
    id("org.openrewrite.rewrite") version("6.11.2")
}

rewrite {
    activeRecipe("org.openrewrite.staticanalysis.CommonStaticAnalysis")
}

repositories {
    mavenCentral() // rewrite is published to Maven Central
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-static-analysis:1.4.2")
}

At this point, you're ready to fix common static analysis issues by running mvn rewrite:run or gradlew rewriteRun.

Before and After

For the full list of changes this recipe will make, see its reference page.

Use explicit types on lambda arguments

queue.findAll().forEach(msg -> {
    WebSocketMessageBody toSend = conv.fromMap(msg.getMessage(), WebSocketMessageBody.class);
    session.sendSync(toSend);
});  

queue.findAll().forEach((MessageQueue msg) -> {
    WebSocketMessageBody toSend = conv.fromMap(msg.getMessage(), WebSocketMessageBody.class);
    session.sendSync(toSend);
});   

No Double Brace Initialization

class Menu {
    static final List<String> menuItems = Arrays.asList("rice", "beans");
    
    void newOrder(String main, String desert) {
        List<String> menuItems = new ArrayList<>() {
            {
                add(main);
                add(desert);
            }
        };
        ...
    }
}

class Menu {
    static final List<String> menuItems;
    static {
        menuItems = new ArrayList<>();
        menuItems.add("rice");
        menuItems.add("beans");
    }
    
    void newOrder(String main, String desert) {
        List<String> menuItems = new ArrayList<>();
        menuItems.add(main);
        menuItems.add(desert);
        ...
    }
}

Fields in a Serializable class should either be transient or serializable

public class MessageExtBatch implements Serializable {
    private ByteBuffer encodedBuff;
    ...
}

public class MessageExtBatch implements Serializable {
    private transient ByteBuffer encodedBuff;
    ...
}

Known Limitations

We don't have OpenRewrite recipes implemented for all publicly available policies. If you find a violation you'd like automated, visit the rewrite repository and file an issue (or help out the community by contributing code yourself).

See how this recipe works across multiple open-source repositories

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.