177 Rules
| ID | Name | Severity |
|---|---|---|
| 2230 | DEPRECATED: Use of style sheets (JEE) |
medium
|
| 2236 | DEPRECATED: Avoid use of standard SQL API |
medium
|
| 2238 | Avoid unreferenced JSP pages |
medium
|
| 2242 | DEPRECATED: Avoid direct definition of JavaScript Functions in a Web page (JEE) |
medium
|
| 2244 | DEPRECATED: Avoid undocumented Web Server Pages |
medium
|
| 2248 | DEPRECATED: Avoid Web Server pages having a very low Comment/Code ratio |
medium
|
| 2254 | DEPRECATED: Avoid large Page files (JEE) |
medium
|
| 2258 | DEPRECATED: All image files should be in a specific directory |
medium
|
| 2260 | DEPRECATED: All script files should be in a specific directory |
medium
|
| 2262 | DEPRECATED: All cascading style sheet files should be in specific directory |
medium
|
| 2264 | DEPRECATED: All page files should be in a specific directory |
medium
|
| 2266 | DEPRECATED: Avoid non standard file extensions (JEE) |
medium
|
| 2278 | DEPRECATED: Check the use of "foreach" custom tag library |
medium
|
| 2280 | DEPRECATED: Avoid using Document.all collection |
medium
|
| 2282 | DEPRECATED: Avoid large Include Files |
medium
|
| 2284 | DEPRECATED: Avoid large JSP Pages - too many Scriptlets |
medium
|
| 4554 | Avoid large Classes - too many Methods (JEE) |
medium
|
| 4556 | Avoid large Classes - too many Constructors (JEE) |
medium
|
| 4558 | Avoid large Classes - too many Fields |
medium
|
| 4560 | Avoid large Interfaces - too many Methods (JEE) |
medium
|
| 4566 | Avoid declaring Instance Variables without defined access type |
medium
|
| 4568 | DEPRECATED: Avoid declaring Public Instance Variables |
high
|
| 4570 | Avoid declaring Non Final Class Variables with Public, Protected or Package access type |
medium
|
| 4572 | DEPRECATED : Avoid declaring Final Instance Variables that are not initialized |
medium
|
| 4574 | DEPRECATED: Avoid using deprecated objects |
medium
|
| 4576 | DEPRECATED: Provide accessors to Private Fields |
medium
|
| 4578 | Collection interfaces should be used as method return types instead of their implementation classes |
medium
|
| 4580 | Collection declarations should use interfaces instead of implementation classes |
medium
|
| 4592 | Avoid hiding static Methods |
high
|
| 4594 | Avoid using 'java.io.File' |
medium
|
| 4596 | Avoid using 'java.lang.System.getenv()' |
medium
|
| 4598 | Avoid using 'java.lang.Runtime.exec()' |
high
|
| 4600 | Avoid using Exit and Halt Methods on a Web/Application Server |
high
|
| 4602 | Avoid using Fields (non static final) from other Classes |
high
|
| 4604 | Avoid using 'java.lang.Error' |
medium
|
| 4606 | Avoid using 'sun.*' Classes |
medium
|
| 4610 | Avoid using anonymous Classes |
medium
|
| 4612 | Avoid using native Methods (JNI) |
medium
|
| 4614 | DEPRECATED: Proper overriding of 'clone()' |
high
|
| 4616 | 'super.finalize()' should be invoked when overriding finalize() method |
high
|
| 4618 | Avoid instantiating a Boolean object |
medium
|
| 4656 | Avoid declaring an exception in the method signature and not throwing it |
medium
|
| 4666 | Classes and Interfaces must have JavaDoc Comments |
medium
|
| 4668 | DEPRECATED: Classes and Interfaces must have JavaDoc @author tag |
medium
|
| 4670 | Public Methods must have JavaDoc comments |
medium
|
| 4672 | Public Methods must have appropriate JavaDoc @param tags |
medium
|
| 4674 | Public Methods must have appropriate JavaDoc @return tags |
medium
|
| 4676 | Public Methods must have appropriate JavaDoc @throws/@exception tags |
medium
|
| 4678 | DEPRECATED: Public Methods must have appropriate JavaDoc @exception tags |
medium
|
| 4680 | Public Fields must have JavaDoc Comments |
medium
|
| 4694 | Avoid using 'System.gc' and 'Runtime.gc' |
high
|
| 4696 | DEPRECATED: Avoid using 'System.err' and 'System.out' within a try catch block |
medium
|
| 4698 | DEPRECATED: Avoid using 'System.err' and 'System.out' outside a try catch block |
medium
|
| 4702 | Avoid using 'Throwable.printStackTrace()' with no argument |
medium
|
| 4704 | Avoid using Vector |
medium
|
| 4706 | Avoid using Hashtable |
medium
|
| 4708 | Avoid using Dynamic Instantiation |
medium
|
| 4716 | Avoid Classes implementing too many Interfaces (JEE) |
medium
|
| 4718 | Avoid having package without enough Classes/Interfaces |
medium
|
| 4722 | DEPRECATED: Avoid having classes referencing Database objects |
medium
|
| 4730 | Package naming convention - case control |
medium
|
| 4732 | Interface naming convention - case control |
medium
|
| 4734 | Class naming convention - case control (JEE) |
medium
|
| 4736 | Method naming convention - case control (JEE) |
medium
|
| 4738 | Constant naming convention - case control (JEE) |
medium
|
| 4740 | Field naming convention - case control |
medium
|
| 4744 | DEPRECATED: EJB Entity access through their local Interface |
high
|
| 4746 | DEPRECATED: EJB Session access through their local Interface |
high
|
| 7132 | DEPRECATED: Struts action Mappings should have few forwards |
medium
|
| 7134 | DEPRECATED: Avoid having Struts local forward with same name as Struts global forward |
medium
|
| 7136 | DEPRECATED: Each method in an Action Class should have a small complexity |
medium
|
| 7138 | DEPRECATED : Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x) |
medium
|
| 7140 | Struts Action artifacts should not directly call a JSP page |
medium
|
| 7142 | DEPRECATED: Action Classes should have only one public method |
medium
|
| 7144 | DEPRECATED : Avoid using database objects from Struts Action Artifacts |
high
|
| 7146 | Always have JSP pages referencing Java Objects associated to JEE Scoped Bean |
medium
|
| 7148 | DEPRECATED: JSP pages should always be accessed through their tiles definition |
medium
|
| 7150 | Avoid string interpolations to prevent SQL injections by using PreparedStatement or CallableStatement |
medium
|
| 7152 | Avoid Fields in Servlet Classes that are not final static |
high
|
| 7154 | Struts1: Avoid Struts Fields in Action Classes that are not final static |
high
|
| 7188 | DEPRECATED : Private fields must have JavaDoc Comments |
medium
|
| 7190 | Struts1: Validate() Method of Struts Validator form must call super.validate() |
high
|
| 7192 | Avoid using Struts Form that cannot extend Validator Class |
medium
|
| 7196 | Avoid large number of String concatenation (JEE) |
medium
|
| 7200 | Avoid String concatenation in loops |
medium
|
| 7202 | Avoid using '==' and '!=' to compare objects |
high
|
| 7206 | Avoid the use of Instanceof inside loops |
medium
|
| 7210 | Avoid instantiations inside loops |
high
|
| 7220 | DEPRECATED: Avoid Unused Imports |
medium
|
| 7238 | Avoid calls between JSP Page for application using Struts framework |
medium
|
| 7240 | DEPRECATED: Struts Action Classes should only call Business Classes |
medium
|
| 7242 | Struts1: Avoid implementing Action Classes inheriting directly from Struts Action |
medium
|
| 7246 | Avoid Packages with High Efferent Coupling (CE) |
medium
|
| 7248 | Avoid Packages with High Afferent Coupling (CA) |
medium
|
| 7250 | Avoid String initialization with String object (created using the 'new' keyword) |
medium
|
| 7252 | Call 'super.finalize ()' in the "finally" block of 'finalize ()' methods |
medium
|
| 7254 | Declare as Static all methods not using instance members |
medium
|
| 7256 | Provide a private default Constructor for utility Classes |
medium
|
| 7292 | Avoid cyclical calls and inheritances between packages |
medium
|
| 7306 | DEPRECATED: Avoid declaring Inner Classes |
medium
|
| 7308 | DEPRECATED: Avoid using Inner Classes |
medium
|
| 7362 | DEPRECATED: Avoid Struts action mappings validator turned off |
high
|
| 7372 | Struts 1: Enable Struts Validator plugin |
high
|
| 7380 | Struts 1: Avoid unused validation form |
medium
|
| 7382 | Struts1: Avoid Struts Validator field without Form Field |
medium
|
| 7416 | Struts1: Avoid Action Form Field without Validator |
high
|
| 7434 | Ensure to override both equals() and hashCode() |
high
|
| 7438 | Avoid non thread safe singleton |
high
|
| 7440 | Avoid having suspicious similar method names or signatures in an inheritance tree |
high
|
| 7442 | Avoid to use keyword 'this' within Constructor in multi-thread environment |
high
|
| 7444 | Avoid Using Non-Serialized Beans with Session Scope |
medium
|
| 7446 | Avoid double checked locking for JSE 4.x and previous version |
high
|
| 7488 | Lazy fetching should be used for Hibernate collection |
high
|
| 7490 | Avoid UPDATE trigger firing when not necessary |
high
|
| 7492 | Avoid Hibernate and JPA Entities using many-to-many association. |
medium
|
| 7494 | Persistent class method's equals() and hashCode() must access its fields through getter methods |
high
|
| 7496 | Use table-per-subclass strategy when subclasses have many properties |
medium
|
| 7498 | Avoid Incorrect implementation of getters and setters for Collection Type |
medium
|
| 7500 | Use table-per-class-hierarchy when subclasses have few properties |
medium
|
| 7502 | Never use an array to map Hibernate collection |
high
|
| 7504 | Persistent classes should Implement hashCode() and equals() |
high
|
| 7506 | equals() and hashCode() should be defined for Hibernate/JPA component |
high
|
| 7508 | Getter of collection-typed persistent attributes should return the correct interface type |
medium
|
| 7510 | DEPRECATED: Use only Hibernate API to access to the database |
medium
|
| 7562 | Avoid static Field of type collection |
medium
|
| 7634 | Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. |
high
|
| 7636 | Prefer using version number instead of timestamp for Hibernate Entity |
medium
|
| 7638 | Avoid directly managing the connection to the database by using DriverManager |
medium
|
| 7640 | Avoid using catch blocks with assertion |
medium
|
| 7648 | Avoid an explicit call to finalize() |
medium
|
| 7650 | All types of a serializable Class must be serializable |
medium
|
| 7652 | Avoid throwing an exception in a catch block without chaining it |
medium
|
| 7654 | Avoid database tables associated to more than one Hibernate Entity |
medium
|
| 7668 | DEPRECATED: Avoid using DOM parser for large or medium sized XML file parsing |
medium
|
| 7676 | DEPRECATED: Avoid too many packages referencing Mainframe |
medium
|
| 7678 | Avoid logging using basic java log files |
medium
|
| 7682 | Avoid having Hibernate domain model depending on other Java APIs |
medium
|
| 7700 | Struts1: Only Struts HTTP Servlet should be used for Struts based application |
medium
|
| 7702 | Hibernate-provided implementations from third parties should be used for connection pool |
medium
|
| 7704 | All static fields in the enterprise bean class should be declared as final |
medium
|
| 7706 | Avoid table and column names that are too long (portability) |
medium
|
| 7708 | Avoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL) |
medium
|
| 7710 | Avoid non serializable Entity beans |
medium
|
| 7712 | Avoid public/protected setter for the generated identifier field |
medium
|
| 7714 | Avoid using auto-wiring |
medium
|
| 7716 | Avoid defining singleton or factory classes when using Spring |
medium
|
| 7720 | DEPRECATED: Avoid too many EJB beans |
medium
|
| 7722 | Avoid using persistent class's identifier in equals() method |
high
|
| 7724 | Overriden equals() Methods in persistent Subclasses should only reference properties from the persistent base Class |
high
|
| 7726 | Avoid Struts Action Classes that call packages having direct access to database |
medium
|
| 7728 | Avoid thread creation for application running on application server |
critical
|
| 7730 | Always use declarative transaction |
medium
|
| 7732 | Avoid non validated inputs in JSP files that use JSF |
high
|
| 7734 | Avoid using debug() method without calling isDebugEnabled() method |
medium
|
| 7910 | Never exit a finally block with a return, break, continue, or throw statements |
high
|
| 7936 | DEPRECATED: Avoid using finalize() |
high
|
| 7940 | Avoid accumulating Stateful Beans |
high
|
| 7942 | Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods |
medium
|
| 7954 | Avoid indirect String concatenation inside loops |
high
|
| 7956 | DEPRECATED:Avoid indirect exception handling inside loops |
medium
|
| 7962 | Avoid direct or indirect remote calls inside a loop |
critical
|
| 7964 | Avoid directly instantiating a Class used as a managed bean |
high
|
| 8016 | Avoid unrestricted access to EJB remote methods |
high
|
| 8038 | Struts 2: Avoid Struts Validator field without Form Field |
medium
|
| 8040 | Struts 2: Avoid Action Fields without Validation |
high
|
| 8042 | Struts 2: Avoid unused validation form |
medium
|
| 8096 | Avoid testing floating point numbers for equality |
high
|
| 8100 | Blocking synchronous calls should have associated timeouts |
medium
|
| 8102 | Avoid hardcoded network resource names (JEE) |
high
|
| 8104 | Avoid missing release of SQL connection after an effective lifetime (JEE) |
critical
|
| 8136 | CDI Beans with normal scope must be proxyable to avoid runtime errors |
high
|
| 8214 | Avoid operating on resource after expiration or release |
high
|
| 8216 | Avoid using incompatible mutation |
high
|
| 8218 | DEPRECATED: Content type should be checked when receiving a HTTP Post |
critical
|
| 8220 | Avoid using deprecated method, constructor, field, type or package |
medium
|
| 1022000 | DEPRECATED: Avoid weak encryption algorithm as DES and triple DES |
high
|
| 1022002 | Avoid using RSA Cryptographic algorithms without OAEP (Optimal Asymmetric Encryption Padding) |
high
|
