diff --git a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.xml b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.xml index 0361ff562c0..59b2db3ce99 100644 --- a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.xml +++ b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.xml @@ -1,5 +1,5 @@ - + diff --git a/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.xml b/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.xml index 2a10a0be651..7c331676318 100644 --- a/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.xml +++ b/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.xml @@ -1,13 +1,13 @@ + class="documentation.examples.spring.OrderService" + autowire="byName"/> - - - - \ No newline at end of file + class="documentation.examples.spring.OrderService"> + + + + diff --git a/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.xml b/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.xml index 92560855a7c..c9c8676f89d 100644 --- a/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.xml +++ b/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.xml @@ -1,13 +1,13 @@ - - + + - - - \ No newline at end of file + + + diff --git a/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.java b/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.java index ea5aa657ba0..eacb1d7d904 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.java +++ b/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.java @@ -1,13 +1,13 @@ public static void main(String args[]) { - Random r = new Random(); + Random r = new Random(); - // BAD: 'mayBeNegativeInt' is negative if - // 'nextInt()' returns 'Integer.MIN_VALUE'. - int mayBeNegativeInt = Math.abs(r.nextInt()); + // BAD: 'mayBeNegativeInt' is negative if + // 'nextInt()' returns 'Integer.MIN_VALUE'. + int mayBeNegativeInt = Math.abs(r.nextInt()); - // GOOD: 'nonNegativeInt' is always a value between 0 (inclusive) - // and Integer.MAX_VALUE (exclusive). - int nonNegativeInt = r.nextInt(Integer.MAX_VALUE); + // GOOD: 'nonNegativeInt' is always a value between 0 (inclusive) + // and Integer.MAX_VALUE (exclusive). + int nonNegativeInt = r.nextInt(Integer.MAX_VALUE); // GOOD: When 'nextInt' returns a negative number increment the returned value. int nextInt = r.nextInt(); diff --git a/java/ql/src/Likely Bugs/Comparison/CovariantEquals.java b/java/ql/src/Likely Bugs/Comparison/CovariantEquals.java index 9828400a491..4d0f8e59c3f 100644 --- a/java/ql/src/Likely Bugs/Comparison/CovariantEquals.java +++ b/java/ql/src/Likely Bugs/Comparison/CovariantEquals.java @@ -1,16 +1,16 @@ class BadPoint { - int x; - int y; + int x; + int y; - BadPoint(int x, int y) { - this.x = x; - this.y = y; - } + BadPoint(int x, int y) { + this.x = x; + this.y = y; + } - // overloaded equals method -- should be avoided - public boolean equals(BadPoint q) { - return x == q.x && y == q.y; - } + // overloaded equals method -- should be avoided + public boolean equals(BadPoint q) { + return x == q.x && y == q.y; + } } BadPoint p = new BadPoint(1, 2); @@ -18,22 +18,22 @@ Object q = new BadPoint(1, 2); boolean badEquals = p.equals(q); // evaluates to false class GoodPoint { - int x; - int y; + int x; + int y; - GoodPoint(int x, int y) { - this.x = x; - this.y = y; - } + GoodPoint(int x, int y) { + this.x = x; + this.y = y; + } - // correctly overrides Object.equals(Object) - public boolean equals(Object obj) { + // correctly overrides Object.equals(Object) + public boolean equals(Object obj) { if (obj != null && getClass() == obj.getClass()) { GoodPoint q = (GoodPoint)obj; return x == q.x && y == q.y; } return false; - } + } } GoodPoint r = new GoodPoint(1, 2); diff --git a/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.java b/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.java index 45df1ee0eb8..1e38b160462 100644 --- a/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.java +++ b/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.java @@ -1,30 +1,30 @@ public class DefineEqualsWhenAddingFields { - static class Square { - protected int width = 0; - public Square(int width) { - this.width = width; - } + static class Square { + protected int width = 0; + public Square(int width) { + this.width = width; + } @Override - public boolean equals(Object thatO) { // This method works only for squares. - if(thatO != null && getClass() == thatO.getClass() ) { + public boolean equals(Object thatO) { // This method works only for squares. + if(thatO != null && getClass() == thatO.getClass() ) { Square that = (Square)thatO; return width == that.width; - } + } return false; - } - } + } + } - static class Rectangle extends Square { - private int height = 0; - public Rectangle(int width, int height) { - super(width); - this.height = height; - } - } + static class Rectangle extends Square { + private int height = 0; + public Rectangle(int width, int height) { + super(width); + this.height = height; + } + } - public static void main(String[] args) { - Rectangle r1 = new Rectangle(4, 3); - Rectangle r2 = new Rectangle(4, 5); - System.out.println(r1.equals(r2)); // Outputs 'true' - } + public static void main(String[] args) { + Rectangle r1 = new Rectangle(4, 3); + Rectangle r2 = new Rectangle(4, 5); + System.out.println(r1.equals(r2)); // Outputs 'true' + } } diff --git a/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.java b/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.java index 045fc55c3ed..c0d96e65644 100644 --- a/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.java +++ b/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.java @@ -1,69 +1,69 @@ class BadPoint { - int x; - int y; + int x; + int y; - BadPoint(int x, int y) { - this.x = x; - this.y = y; - } + BadPoint(int x, int y) { + this.x = x; + this.y = y; + } - public boolean equals(Object o) { - if(!(o instanceof BadPoint)) - return false; - BadPoint q = (BadPoint)o; - return x == q.x && y == q.y; - } + public boolean equals(Object o) { + if(!(o instanceof BadPoint)) + return false; + BadPoint q = (BadPoint)o; + return x == q.x && y == q.y; + } } class BadPointExt extends BadPoint { - String s; + String s; - BadPointExt(int x, int y, String s) { - super(x, y); - this.s = s; - } + BadPointExt(int x, int y, String s) { + super(x, y); + this.s = s; + } - // violates symmetry of equals contract - public boolean equals(Object o) { - if(!(o instanceof BadPointExt)) return false; - BadPointExt q = (BadPointExt)o; - return super.equals(o) && (q.s==null ? s==null : q.s.equals(s)); - } + // violates symmetry of equals contract + public boolean equals(Object o) { + if(!(o instanceof BadPointExt)) return false; + BadPointExt q = (BadPointExt)o; + return super.equals(o) && (q.s==null ? s==null : q.s.equals(s)); + } } class GoodPoint { - int x; - int y; + int x; + int y; - GoodPoint(int x, int y) { - this.x = x; - this.y = y; - } + GoodPoint(int x, int y) { + this.x = x; + this.y = y; + } - public boolean equals(Object o) { + public boolean equals(Object o) { if (o != null && getClass() == o.getClass()) { GoodPoint q = (GoodPoint)o; return x == q.x && y == q.y; } return false; - } + } } class GoodPointExt extends GoodPoint { - String s; + String s; - GoodPointExt(int x, int y, String s) { - super(x, y); - this.s = s; - } + GoodPointExt(int x, int y, String s) { + super(x, y); + this.s = s; + } - public boolean equals(Object o) { + public boolean equals(Object o) { if (o != null && getClass() == o.getClass()) { GoodPointExt q = (GoodPointExt)o; return super.equals(o) && (q.s==null ? s==null : q.s.equals(s)); - } - return false; - } + } + return false; + } } BadPoint p = new BadPoint(1, 2); diff --git a/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.java b/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.java index ed33ed71e62..94a33b3d0da 100644 --- a/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.java +++ b/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.java @@ -8,17 +8,17 @@ class Point { } public boolean equals(Object o) { - if (!(o instanceof Point)) return false; - Point q = (Point)o; - return x == q.x && y == q.y; + if (!(o instanceof Point)) return false; + Point q = (Point)o; + return x == q.x && y == q.y; } - // Implement hashCode so that equivalent points (with the same values of x and y) have the - // same hash code + // Implement hashCode so that equivalent points (with the same values of x and y) have the + // same hash code public int hashCode() { - int hash = 7; - hash = 31*hash + x; - hash = 31*hash + y; - return hash; + int hash = 7; + hash = 31*hash + x; + hash = 31*hash + y; + return hash; } -} \ No newline at end of file +} diff --git a/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.java b/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.java index 811e3cdcac6..55f024a3339 100644 --- a/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.java +++ b/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.java @@ -1,30 +1,30 @@ class LocalCache { - private Collection localResources; - - //... - - protected void finalize() throws Throwable { - for (NativeResource r : localResources) { - r.dispose(); - } - }; + private Collection localResources; + + //... + + protected void finalize() throws Throwable { + for (NativeResource r : localResources) { + r.dispose(); + } + }; } class WrongCache extends LocalCache { - //... - @Override - protected void finalize() throws Throwable { - // BAD: Empty 'finalize', which does not call 'super.finalize'. - // Native resources in LocalCache are not disposed of. - } + //... + @Override + protected void finalize() throws Throwable { + // BAD: Empty 'finalize', which does not call 'super.finalize'. + // Native resources in LocalCache are not disposed of. + } } class RightCache extends LocalCache { - //... - @Override - protected void finalize() throws Throwable { - // GOOD: 'finalize' calls 'super.finalize'. + //... + @Override + protected void finalize() throws Throwable { + // GOOD: 'finalize' calls 'super.finalize'. // Native resources in LocalCache are disposed of. - super.finalize(); - } -} \ No newline at end of file + super.finalize(); + } +} diff --git a/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.java b/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.java index f69824bf858..edea130fbb5 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.java +++ b/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.java @@ -3,9 +3,9 @@ import java.io.File; class ContainerSizeCmpZero { private static File MakeFile(String filename) { - if(filename != null && filename.length() >= 0) { - return new File(filename); - } - return new File("default.name"); + if(filename != null && filename.length() >= 0) { + return new File(filename); + } + return new File("default.name"); } } diff --git a/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZeroGood.java b/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZeroGood.java index b729fcbc8eb..667e899662f 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZeroGood.java +++ b/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZeroGood.java @@ -3,9 +3,9 @@ import java.io.File; class ContainerSizeCmpZero { private static File MakeFile(String filename) { - if(filename != null && !filename.isEmpty()) { - return new File(filename); - } - return new File("default.name"); + if(filename != null && !filename.isEmpty()) { + return new File(filename); + } + return new File("default.name"); } } diff --git a/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.java b/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.java index 24c8d634d21..3f0a6eaa6f7 100644 --- a/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.java +++ b/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.java @@ -1,37 +1,37 @@ class WrongMemo implements Externalizable { - private String memo; + private String memo; - // BAD: No public no-argument constructor is defined. Deserializing this object - // causes an 'InvalidClassException'. - - public WrongMemo(String memo) { - this.memo = memo; - } - - public void writeExternal(ObjectOutput arg0) throws IOException { - //... - } - public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { - //... - } + // BAD: No public no-argument constructor is defined. Deserializing this object + // causes an 'InvalidClassException'. + + public WrongMemo(String memo) { + this.memo = memo; + } + + public void writeExternal(ObjectOutput arg0) throws IOException { + //... + } + public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { + //... + } } class Memo implements Externalizable { - private String memo; + private String memo; - // GOOD: Declare a public no-argument constructor, which is used by the - // serialization framework when the object is deserialized. - public Memo() { - } - - public Memo(String memo) { - this.memo = memo; - } + // GOOD: Declare a public no-argument constructor, which is used by the + // serialization framework when the object is deserialized. + public Memo() { + } - public void writeExternal(ObjectOutput out) throws IOException { - //... - } - public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { - //... - } -} \ No newline at end of file + public Memo(String memo) { + this.memo = memo; + } + + public void writeExternal(ObjectOutput out) throws IOException { + //... + } + public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { + //... + } +} diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.java b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.java index ece078110f2..960c032d67c 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.java +++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.java @@ -1,25 +1,25 @@ public static void main(String[] args) { - { - try { + { + try { TestImpl obj = new TestImpl(); - + // BAD: default socket factory is used Test stub = (Test) UnicastRemoteObject.exportObject(obj, 0); } catch (Exception e) { // fail - } - } - - { - try { - TestImpl obj = new TestImpl(); - SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory(); + } + } + + { + try { + TestImpl obj = new TestImpl(); + SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory(); SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(); - + // GOOD: SSL factories are used Test stub = (Test) UnicastRemoteObject.exportObject(obj, 0, csf, ssf); } catch (Exception e) { // fail - } - } -} \ No newline at end of file + } + } +} diff --git a/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArrayGood.java b/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArrayGood.java index a48cc7962f5..3195841630d 100644 --- a/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArrayGood.java +++ b/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArrayGood.java @@ -1,8 +1,8 @@ // Solution 1: Extract to individual constants public class Display { - public static final String RED = "FF0000"; - public static final String GREEN = "00FF00"; - public static final String BLUE = "0000FF"; + public static final String RED = "FF0000"; + public static final String GREEN = "00FF00"; + public static final String BLUE = "0000FF"; } // Solution 2: Define constants using in an enum type @@ -21,22 +21,22 @@ public enum Display // Solution 3: Use an unmodifiable collection public class Display { - public static final List RGB = - Collections.unmodifiableList( - Arrays.asList("FF0000", - "00FF00", - "0000FF")); + public static final List RGB = + Collections.unmodifiableList( + Arrays.asList("FF0000", + "00FF00", + "0000FF")); } // Solution 4: Use a utility method public class Utils { - public static List constList(T... values) { - return Collections.unmodifiableList( - Arrays.asList(values)); - } + public static List constList(T... values) { + return Collections.unmodifiableList( + Arrays.asList(values)); + } } public class Display { - public static final List RGB = - Utils.constList("FF0000", "00FF00", "0000FF"); + public static final List RGB = + Utils.constList("FF0000", "00FF00", "0000FF"); } diff --git a/java/ql/src/external/DuplicateAnonymous.java b/java/ql/src/external/DuplicateAnonymous.java index 5181afbdf08..cce83f1c7e1 100644 --- a/java/ql/src/external/DuplicateAnonymous.java +++ b/java/ql/src/external/DuplicateAnonymous.java @@ -3,7 +3,7 @@ button1.addActionListener(new ActionListener() { public void actionPerfored(ActionEvent e) { for (ActionListener listener: listeners) - listeners.actionPerformed(e); + listeners.actionPerformed(e); } }); @@ -11,7 +11,7 @@ button2.addActionListener(new ActionListener() { public void actionPerfored(ActionEvent e) { for (ActionListener listener: listeners) - listeners.actionPerformed(e); + listeners.actionPerformed(e); } }); @@ -19,12 +19,12 @@ button2.addActionListener(new ActionListener() { // GOOD: Better solution: class MultiplexingListener implements ActionListener { - public void actionPerformed(ActionEvent e) { - for (ActionListener listener : listeners) - listener.actionPerformed(e); - } + public void actionPerformed(ActionEvent e) { + for (ActionListener listener : listeners) + listener.actionPerformed(e); + } } button1.addActionListener(new MultiplexingListener()); button2.addActionListener(new MultiplexingListener()); -// ... and so on. \ No newline at end of file +// ... and so on.