Checker | Guideline |
|---|
| FB.BAD_PRACTICE.DE_MIGHT_IGNORE | ERR00-J. Do not suppress or ignore checked exceptions |
| FB.BAD_PRACTICE.DM_EXIT | ERR09-J. Do not allow untrusted code to terminate the JVM |
| FB.BAD_PRACTICE.EQ_GETCLASS_AND_CLASS_CONSTANT | MET08-J. Preserve the equality contract when overriding the equals() method |
| FB.BAD_PRACTICE.FI_EMPTY | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.FI_EXPLICIT_INVOCATION | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.FI_FINALIZER_NULLS_FIELDS | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.FI_FINALIZER_ONLY_NULLS_FIELDS | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.FI_MISSING_SUPER_CALL | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.FI_NULLIFY_SUPER | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.FI_USELESS | MET12-J. Do not use finalizers |
| FB.BAD_PRACTICE.NP_BOOLEAN_RETURN_NULL | EXP01-J. Do not use a null in a case where an object is required |
| FB.BAD_PRACTICE.NP_CLONE_COULD_RETURN_NULL | EXP01-J. Do not use a null in a case where an object is required |
| FB.BAD_PRACTICE.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT | EXP01-J. Do not use a null in a case where an object is required |
| FB.BAD_PRACTICE.NP_TOSTRING_COULD_RETURN_NULL | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.BOA_BADLY_OVERRIDDEN_ADAPTER | MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface |
| FB.CORRECTNESS.BSHIFT_WRONG_ADD_PRIORITY | EXP53-J. Use parentheses for precedence of operation |
|
|---|
| JAVA.ALLOC.LEAK.NOTCLOSED | FIO04-J. Release resources when they are no longer needed |
| JAVA.ALLOC.LEAK.NOTSTORED | FIO04-J. Release resources when they are no longer needed |
| JAVA.ALLOC.LEAK.NOTSTORED | SER10-J. Avoid memory and resource leaks during serialization |
| JAVA.ALLOC.LEAK.NOTSTORED | MSC05-J. Do not exhaust heap space |
| JAVA.ARITH.FPEQUAL | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| JAVA.ARITH.OFLOW | NUM00-J. Detect or prevent integer overflow |
| JAVA.CAST.FTRUNC | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| JAVA.CAST.FTRUNC | NUM13-J. Avoid loss of precision when converting primitive integers to floating-point |
| JAVA.CLASS.ACCESS.BYPASS | SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields |
| JAVA.CLASS.ACCESS.MODIFY | SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields |
| JAVA.CLASS.CLONE.CCSM | MET53-J. Ensure that the clone() method calls super.clone() |
| JAVA.CLASS.CLONE.CNC | OBJ07-J. Sensitive classes must not let themselves be copied |
| JAVA.CLASS.CLONE.NF | OBJ07-J. Sensitive classes must not let themselves be copied |
| JAVA.CLASS.CLONE.SCNC | OBJ07-J. Sensitive classes must not let themselves be copied |
| JAVA.CLASS.ICSBS | OBJ08-J. Do not expose private members of an outer class from within a nested class |
| JAVA.CLASS.MCS | MET53-J. Ensure that the clone() method calls super.clone() |
| JAVA.CLASS.SER.ND | SER01-J. Do not deviate from the proper signatures of serialization methods |
| JAVA.CLASS.SER.ND | SER03-J. Do not serialize unencrypted sensitive data |
| JAVA.CLASS.SER.ND | SER06-J. Make defensive copies of private mutable components during deserialization |
| JAVA.CLASS.SER.ND | SER07-J. Do not use the default serialized form for classes with implementation-defined invariants |
| JAVA.CLASS.SER.ND | SER12-J. Prevent deserialization of untrusted data |
| JAVA.CLASS.SER.UIDM | SER00-J. Enable serialization compatibility during class evolution |
| JAVA.CLASS.UI | SER10-J. Avoid memory and resource leaks during serialization |
| JAVA.CLASS.UI | MSC05-J. Do not exhaust heap space |
| JAVA.COMPARE.CTO.ASSYM | MET08-J. Preserve the equality contract when overriding the equals() method |
| JAVA.COMPARE.EMPTYSTR | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| JAVA.COMPARE.EQ FB.CORRECTNESS.EC_BAD_ARRAY_COMPARE | EXP02-J. Do not use the Object.equals() method to compare two arrays |
| FB JAVA.CORRECTNESS.EQ_COMPARING_CLASS_NAMES | OBJ09-J. Compare classes and not class names |
| FB.CORRECTNESS.FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER | NUM07-J. Do not attempt comparisons with NaN |
| FB.CORRECTNESS.HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS | MET09-J. Classes that define an equals() method must also define a hashCode() method |
| FB.CORRECTNESS.HE_USE_OF_UNHASHABLE_CLASS | MET09-J. Classes that define an equals() method must also define a hashCode() method |
| FB.CORRECTNESS.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN | MET13-J. Do not assume that reassigning method arguments modifies the calling environment |
| FB.CORRECTNESS.NP_ALWAYS_NULL | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_ALWAYS_NULL_EXCEPTION | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_ARGUMENT_MIGHT_BE_NULL | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_CLOSING_NULL | EXP01-J. Do not use a null in a case where an object is required |
| COMPARE.EQ | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| JAVA.COMPARE.EQARRAY | EXP02-J. Do not use the Object.equals() method to compare two arrays |
| JAVA.COMPARE.EQARRAY | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| JAVA.CONCURRENCY.LOCK.DCL | LCK10-J. Use a correct form of the double-checked locking idiom |
| JAVA.CONCURRENCY.LOCK.ICS | VNA00-J. Ensure visibility when accessing shared primitive variables |
| JAVA.CONCURRENCY.LOCK.ISTR | LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code |
| JAVA.CONCURRENCY.LOCK.SCTB | THI00-J. Do not invoke Thread.run() |
| JAVA.CONCURRENCY.LOCK.STATIC | VNA00-J. Ensure visibility when accessing shared primitive variables |
| JAVA.CONCURRENCY.STARVE.BLOCKING | LCK09-J. Do not perform operations that can block while holding a lock |
| JAVA.CONCURRENCY.SYNC.MSS | VNA00-J. Ensure visibility when accessing shared primitive variables |
| JAVA.CONCURRENCY.UG.FIELD | VNA00-J. Ensure visibility when accessing shared primitive variables |
| JAVA.CONCURRENCY.UG.METH | LCK05-J. Synchronize access to static fields that can be modified by untrusted code |
| JAVA.CONCURRENCY.UG.PARAM | VNA00-J. Ensure visibility when accessing shared primitive variables |
| JAVA.CONCURRENCY.VOLATILE | VNA00-J. Ensure visibility when accessing shared primitive variables |
| JAVA.CONCURRENCY.VOLATILE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| JAVA.CRYPTO.BASE64 | MSC02-J. Generate strong random numbers |
| JAVA.CRYPTO.RA | MSC02-J. Generate strong random numbers |
| JAVA.CRYPTO.RCF | MSC02-J. Generate strong random numbers |
| JAVA.CRYPTO.RF | MSC02-J. Generate strong random numbers |
| JAVA.CRYPTO.WHAF | MSC02-J. Generate strong random numbers |
| JAVA.DEBUG.CALL | ERR09-J. Do not allow untrusted code to terminate the JVM |
| JAVA.DEBUG.CEDF | ENV06-J. Production code must not contain debugging entry points |
| JAVA.DEBUG.LOG | ERR02-J. Prevent exceptions while logging data |
| JAVA.DEBUG.MEDF | ENV06-J. Production code must not contain debugging entry points |
| JAVA.DEEPNULL. FB.CORRECTNESS.NP_GUARANTEED_DEREF | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.CORRECTNESS.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH DEEPNULL.EFIELD | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.CORRECTNESSDEEPNULL.NP_NONNULL_FIELD _NOT_INITIALIZED_IN_CONSTRUCTOR | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.CORRECTNESSDEEPNULL.NP_NONNULL_PARAM_VIOLATION PARAM.ACTUAL | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.DEEPNULL.CORRECTNESS.NP_NONNULL_RETURN_VIOLATION PARAM.EACTUAL | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.DEEPNULL.CORRECTNESS.NP_NULL_ON_SOME_PATH RET.EMETH | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.DEEPNULL.CORRECTNESS.NP_NULL_ON_SOME_PATH_EXCEPTION RET.METH | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.CORRECTNESS.NP_NULL_PARAM_DEREF FUNCS.IRV | EXP00 EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_NULL_PARAM_DEREF_NONVIRTUAL | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_STORE_INTO_NONNULL_FIELD | EXP01-J. Do not use a null in a case where an object is required |
| FB.CORRECTNESS.NP_UNWRITTEN_FIELD | EXP01-J. Do not use a null in a case where an object is required |
| ignore values returned by methods |
| JAVA.FUNCS.IRV | FIO02-J. Detect and handle file-related errors |
| JAVA.HARDCODED.PASSWD | MSC03-J. Never hard code sensitive information |
| JAVA.HARDCODED.SEED | MSC02-J. Generate strong random numbers |
| JAVA.IDEF.CTOEQ | MET08-J. Preserve the equality contract when overriding the equals() method |
| JAVA.IDEF.CTONOEQ FB.CORRECTNESS.OVERRIDING_EQUALS_NOT_SYMMETRIC | MET08-J. Preserve the equality contract when overriding the equals() method |
| FB JAVA.CORRECTNESS.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE | EXP01-J. Do not use a null in a case where an object is required |
| FB.I18N.DM_CONVERT_CASE | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| FB.I18N.DM_DEFAULT_ENCODING | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| FB.MALICIOUS_CODE.EI_EXPOSE_REP | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| FB.MALICIOUS_CODE.EI_EXPOSE_REP2 | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| FB.MALICIOUS_CODE.EI_EXPOSE_STATIC_REP2 | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| FB.MALICIOUS_CODE.FI_PUBLIC_SHOULD_BE_PROTECTED | MET12-J. Do not use finalizers |
| FB.MALICIOUS_CODE.MS_MUTABLE_COLLECTION | OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers |
| FB.MALICIOUS_CODE.MS_MUTABLE_COLLECTION_PKGPROTECT | OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers |
| FB.MALICIOUS_CODE.MS_OOI_PKGPROTECT | OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers |
| FB.MALICIOUS_CODE.MS_PKGPROTECT | OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers |
| FB.MALICIOUS_CODE.MS_SHOULD_BE_FINAL | OBJ10-J. Do not use public static nonfinal fields |
| FB.MALICIOUS_CODE.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL | OBJ10-J. Do not use public static nonfinal fields |
| FB.MT_CORRECTNESS.DC_DOUBLECHECK | LCK10-J. Use a correct form of the double-checked locking idiom |
| FB.MT_CORRECTNESS.DC_PARTIALLY_CONSTRUCTED | TSM03-J. Do not publish partially initialized objects |
| FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOOLEAN | LCK01-J. Do not synchronize on objects that may be reused |
| FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE | LCK01-J. Do not synchronize on objects that may be reused |
| FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_SHARED_CONSTANT | LCK01-J. Do not synchronize on objects that may be reused |
| FB.MT_CORRECTNESS.IS2_INCONSISTENT_SYNC | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.MT_CORRECTNESS.IS2_INCONSISTENT_SYNC | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.MT_CORRECTNESS.IS_FIELD_NOT_GUARDED | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.MT_CORRECTNESS.IS_FIELD_NOT_GUARDED | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.MT_CORRECTNESS.JLM_JSR166_LOCK_MONITORENTER | LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects |
| FB.MT_CORRECTNESS.NO_NOTIFY_NOT_NOTIFYALL | THI02-J. Notify all waiting threads rather than a single thread |
| FB.MT_CORRECTNESS.RU_INVOKE_RUN | THI00-J. Do not invoke Thread.run() |
| FB.MT_CORRECTNESS.SC_START_IN_CTOR | TSM02-J. Do not use background threads during class initialization |
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.MT_CORRECTNESS.STCAL_STATIC_CALENDAR_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.MT_CORRECTNESS.STCAL_STATIC_CALENDAR_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.MT_CORRECTNESS.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.MT_CORRECTNESS.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.MT_CORRECTNESS.SWL_SLEEP_WITH_LOCK_HELD | LCK09-J. Do not perform operations that can block while holding a lock |
| FB.MT_CORRECTNESS.WA_AWAIT_NOT_IN_LOOP | THI03-J. Always invoke wait() and await() methods inside a loop |
| FB.MT_CORRECTNESS.WA_NOT_IN_LOOP | THI03-J. Always invoke wait() and await() methods inside a loop |
| FB.SECURITY.DMI_CONSTANT_DB_PASSWORD | MSC03-J. Never hard code sensitive information |
| FB.SECURITY.DMI_EMPTY_DB_PASSWORD | MSC03-J. Never hard code sensitive information |
| FB.SECURITY.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE | IDS00-J. Prevent SQL injection |
| FB.SECURITY.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING | IDS00-J. Prevent SQL injection |
| FB.STYLE.IC_INIT_CIRCULARITY | DCL00-J. Prevent class initialization cycles |
| IDEF.EQUALSNOHC | MET09-J. Classes that define an equals() method must also define a hashCode() method |
| JAVA.IDEF.HCNOEQUALS | MET09-J. Classes that define an equals() method must also define a hashCode() method |
| JAVA.IDEF.NOEQUALS | MET08-J. Preserve the equality contract when overriding the equals() method |
| JAVA.INSEC.LDAP.DA | ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it |
| JAVA.IO.INJ.ANDROID.MESSAGE | SER02-J. Sign then seal objects before sending them outside a trust boundary |
| JAVA.IO.INJ.ANDROID.MESSAGE | SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar |
| JAVA.IO.INJ.CODE | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.INJ.COMMAND | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method |
| JAVA.IO.INJ.COMMAND | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.INJ.DENIAL | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.INJ.DLL | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.INJ.SQL | IDS00-J. Prevent SQL injection |
| JAVA.IO.INJ.SQL | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.INJ.XSS | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.INJ.XSS.EMWP | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.PERM | FIO01-J. Create files with appropriate access permissions |
| JAVA.IO.PERM | SEC01-J. Do not allow tainted variables in privileged blocks |
| JAVA.IO.PERM | ENV03-J. Do not grant dangerous combinations of permissions |
| JAVA.IO.PERM.ACCESS | FIO01-J. Create files with appropriate access permissions |
| JAVA.IO.PERM.ACCESS | SEC01-J. Do not allow tainted variables in privileged blocks |
| JAVA.IO.TAINT.ADDR | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.BUNDLE | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.CONTROL | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.DEVICE | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.EVAL | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.HTTP | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.LDAP.ATTR | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.LDAP.FILTER | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.LOG | IDS03-J. Do not log unsanitized user input |
| JAVA.IO.TAINT.LOG | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.MESSAGE | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.MESSAGE | SER02-J. Sign then seal objects before sending them outside a trust boundary |
| JAVA.IO.TAINT.MESSAGE | SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar |
| JAVA.IO.TAINT.PATH | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.REFLECTION | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.REGEX | IDS08-J. Sanitize untrusted data included in a regular expression |
| JAVA.IO.TAINT.REGEX | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.RESOURCE | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.SESSION | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.TRUSTED | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.URL | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.XAML | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.XML | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.IO.TAINT.XPATH | IDS14-J. Do not trust the contents of hidden form fields |
| JAVA.LIB.RAND.FUNC | MSC02-J. Generate strong random numbers |
| JAVA.LIB.RAND.LEGACY.GEN | MSC02-J. Generate strong random numbers |
| JAVA.MATH.ABSRAND | NUM00-J. Detect or prevent integer overflow |
| JAVA.MATH.APPROX.E | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| JAVA.MATH.APPROX.PI | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| JAVA.MISC.SD.EXT | MSC03-J. Never hard code sensitive information |
| JAVA.NULL.DEREF FB.STYLE.NP_DEREFERENCE_OF_READLINE_VALUE | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.NULL.STYLE.NP_IMMEDIATE_DEREFERENCE_OF_READLINE PARAM.ACTUAL | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.NULL.STYLE.NP_LOAD_OF_KNOWN_NULL_VALUE RET.ARRAY | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.NULL.STYLE.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE RET.BOOL | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.NULL.STYLE.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE RET.OPT | EXP01-J. Do not use a null in a case where an object is required |
| FB JAVA.NULL.STYLE.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE RET.UNCHECKED | EXP00 EXP01-J. Do not use a null in a case where an object is required ignore values returned by methods |
| JAVA.STRUCT.DUPD FB.STYLE.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD | EXP01-J. Do not use a null in a case where an object is required |
| PMD JAVA.STRUCT.BasicEXCP.AvoidThreadGroup BROAD | THI01 ERR07-J. Do not invoke ThreadGroup methods throw RuntimeException, Exception, or Throwable |
| JAVA.STRUCT.EXCP.EEH | ERR00 | PMD.Basic.DontUseFloatTypeForLoopIndices | NUM09-J. Do not use floating-point variables as loop counters suppress or ignore checked exceptions |
| JAVA.STRUCT.EXCP.GEH | ERR08 | PMD.Design.AvoidReassigningParameters | MET13-J. Do not assume that reassigning method arguments modifies the calling environment catch NullPointerException or any of its ancestors |
| JAVA.STRUCT.EXCP.INAPP | ERR08 | PMD.Design.BadComparison | NUM07-J. Do not attempt comparisons with NaN |
| PMD.Design.SimpleDateFormatNeedsLocale | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| PMD.Design.UseLocaleWithCaseConversions | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| PMD.Design.UseNotifyAllInsteadOfNotify | THI02-J. Notify all waiting threads rather than a single thread |
| PMD.J2EE.DoNotCallSystemExit | ERR09-J. Do not allow untrusted code to terminate the JVM |
| PMD.Security-Code-Guidelines.ArrayIsStoredDirectly | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| PMD.Strict-Exceptions.AvoidCatchingThrowable | ERR08-J. Do not catch NullPointerException or any of its ancestors |
| catch NullPointerException or any of its ancestors |
| JAVA.STRUCT.SE.ASSERT | DCL00-J. Prevent class initialization cycles |
| JAVA.STRUCT.SE.ASSERT | EXP06-J. Expressions used in assertions must not produce side effects |
| JAVA.STRUCT.UA | DCL00-J. Prevent class initialization cycles |
| JAVA.STRUCT.UA.DEFAULT | DCL00-J. Prevent class initialization cycles |
| JAVA.STRUCT.UPD | EXP01-J. Do not use a null in a case where an object is required |
| JAVA.STRUCT.UPED | EXP01-J. Do not use a null in a case where an object is required | PMD.Strict-Exceptions.DoNotThrowExceptionInFinally | ERR04-J. Do not complete abruptly from a finally block |
