CQA Supported Rules

The following rules can be enabled in CQA mode:

BD.API.EQNULL - Make sure implementation of Object.equals(Object) properly handles null values
BD.API.EQREFL - Make sure implementation of Object.equals(Object) is reflexive
BD.CO.ITMOD - Do not modify collection while iterating over it
BD.EXCEPT.NP - Avoid NullPointerException
BD.OPT.INEFCOL - Avoid inefficient removal of Collection elements
BD.OPT.INEFMAPRM - Avoid inefficient removal of Map entries
BD.OPT.INEFMAP - Avoid inefficient iteration over Map entries
BD.PB.ARRAYINP - Avoid unvalidated input in array indexes
BD.PB.ARRAY - Avoid accessing arrays out of bounds
BD.PB.BADSHIFT - Avoid incorrect shift operations
BD.PB.CC - Avoid conditions that always evaluate to the same value
BD.PB.DEREF - Do not check for null after dereferencing
BD.PB.EXCEPT - Always catch exceptions
BD.PB.GETPERM - Method getPermission() is supposed to be invoked when user-defined class loaders are applied
BD.PB.INFREC - Avoid infinite recursion
BD.PB.NOTEXPLINIT - Avoid use before explicit initialization
BD.PB.NOTINITCTOR - Avoid use of fields before initialization in constructors and static initializers
BD.PB.PBIOS - Prevent external processes from blocking on input and output streams
BD.PB.POVR - Avoid overwriting method parameters before each use
BD.PB.RECFUN - Methods shall not call themselves, either directly or indirectly
BD.PB.SBONE - Ensure proper usage of StringBuilder/StringBuffer objects
BD.PB.STRNULL - Do not append null value to strings
BD.PB.SWITCH - Avoid switch with unreachable branches
BD.PB.VOVR - Avoid unused values
BD.PB.ZERO - Avoid division by zero
BD.RES.FREE - Do not use resources that have been freed
BD.RES.LEAKS - Ensure resources are deallocated
BD.SECURITY.BUFEXP - Do not expose data wrapped by a buffer to untrusted code
BD.SECURITY.CANPATH - Path should be standardized before validation
BD.SECURITY.CUSTOM - Prevent security vulnerability (custom rule)
BD.SECURITY.EACM - Encapsulate arguments of dangerous methods with a validation method
BD.SECURITY.PRIVIL - Avoid operating on tainted data in privileged blocks
BD.SECURITY.REMTMP - Remove temporary files before termination
BD.SECURITY.SENS - Prevent exposure of sensitive data
BD.SECURITY.SSSD - Safely serialize sensitive data
BD.SECURITY.TDCMD - Protect against Command injection
BD.SECURITY.TDDIG - Protect against Jakarta Digester injection
BD.SECURITY.TDENV - Protect against Environment injection
BD.SECURITY.TDFILES - Protect against File contents injection
BD.SECURITY.TDFNAMES - Protect against File names injection
BD.SECURITY.TDINPUT - Exclude unsanitized user input from format strings
BD.SECURITY.TDJXPATH - Protect against JXPath injection
BD.SECURITY.TDLDAP - Protect against LDAP injection
BD.SECURITY.TDLIB - Protect against Library injection
BD.SECURITY.TDLOG - Protect against log forging
BD.SECURITY.TDNET - Protect against network resource injection
BD.SECURITY.TDRESP - Protect against HTTP response splitting
BD.SECURITY.TDRFL - Protect against Reflection injection
BD.SECURITY.TDSQL - Protect against SQL injection
BD.SECURITY.TDXML - Protect against XML data injection
BD.SECURITY.TDXPATH - Protect against XPath injection
BD.SECURITY.TDXSS - Protect against XSS vulnerabilities
BD.SECURITY.VPPD - Validate all dangerous data
BD.SECURITY.XMLVAL - Validate untrusted XML using schema or DTD before reading
BD.TRS.DIFCS - Variable should be used in context of single critical section
BD.TRS.DLOCK - Avoid double locking
BD.TRS.LOCK - Do not abandon unreleased locks
BD.TRS.ORDER - Do not acquire locks in different order
BD.TRS.TSHL - Do not use blocking methods while holding a lock
BEAN.BLNC - Use appropriate signatures for listener method names in JavaBean classes
BEAN.EQUALS - Override 'Object.equals()' in JavaBean classes
BEAN.JDBC - Do not use JDBC code in JavaBean classes
BEAN.NFM - Define get and set methods for each instance field
BEAN.SERIALIZABLE - Ensure that JavaBean classes implement 'java.io.Serializable'
CDD.DFI - Avoid duplicated field initialization in constructors
CDD.DUPC - Avoid code duplication
CDD.DUPI - Avoid duplicate import statements
CDD.DUPM - Avoid method duplication
CDD.DUPS - Avoid string literal duplication
CDD.DUPT - Avoid class duplication
CODSTA.BP.ABCL - Avoid "break" and/or "continue" with labels
CODSTA.BP.AMRO - Avoid declaring methods that return 'Object'
CODSTA.BP.ARM - Avoid using reflection methods
CODSTA.BP.ARN - Avoid returning "null" for arrays and certain types
CODSTA.BP.AULS - Avoid label statements
CODSTA.BP.AUML - Avoid using multiple loggers, use logging levels instead
CODSTA.BP.AWRT - Avoid using wildcards in method return types
CODSTA.BP.BLK - Provide a '{}' block for conditional statements
CODSTA.BP.BLOCK - Avoid unnecessary nested blocks
CODSTA.BP.CFNF - Declare fields with uppercase character names as "final"
CODSTA.BP.CMUTA - Avoid 'public' or 'protected' constructors for immutable classes
CODSTA.BP.CONTINUE - Do not use "break" and/or "continue" statements
CODSTA.BP.CS - Place constants on the appropriate side of comparisons
CODSTA.BP.DLSF - Declare loggers as "static final" fields
CODSTA.BP.EXIT - Do not call 'System.exit()'
CODSTA.BP.FPF - Declare all formal parameters as "final"
CODSTA.BP.FQNIC - Reference interface constants with their declaring interface names
CODSTA.BP.HTV - Avoid using 'Hashtable' and 'Vector'
CODSTA.BP.IMPTD - Avoid or enforce usage of '*' form of import statements
CODSTA.BP.NRVA - Avoid passing non-reifiable types to varargs methods
CODSTA.BP.NTX - Avoid declaring methods to throw general or unchecked Exception types
CODSTA.BP.OCMA - Ensure overloaded constructors and methods share the same accessibility
CODSTA.BP.PCF - Ensure that a class which has only "private" constructors is declared as "final"
CODSTA.BP.PPAC - Do not define "public" or "protected" members in anonymous classes
CODSTA.EPC.AFP - Do not make assignments to method parameters
CODSTA.EPC.AGBPT - Avoid conversions from parameterized types to raw types
CODSTA.EPC.CLNC - Do not use constructors in the 'clone()' method
CODSTA.EPC.COMT - Avoid using the conditional operator with mismatched numeric types
CODSTA.EPC.IBS - Use "int" instead of "byte" or "short" and "double" instead of "float" for variable declarations
CODSTA.EPC.MSF - Do not use too many non-"final" "static" fields
CODSTA.EPC.NCAC - Do not call an "abstract" method from a constructor in an "abstract" class
CODSTA.EPC.NCE - Do not catch exception types which are too general or are unchecked exceptions
CODSTA.EPC.NCNFC - Do not call methods that might cause unexpected NullPointerExceptions during constructor execution
CODSTA.EPC.OVERLOAD - Use overloading judiciously
CODSTA.EPC.SCLONE - Call 'super.clone()' in all 'clone()' methods
CODSTA.EPC.STA - Avoid using the same type argument for multiple method arguments
CODSTA.EPC.UST - Use 'StringTokenizer' instead of 'indexOf()' and 'substring()' for String parsing
CODSTA.EPC.WSIM - Do not write to static fields from non-static methods
CODSTA.OIM.AMMO - Do not override non "abstract" methods of a parent class with "abstract" methods
CODSTA.OIM.CLONE2 - Use the 'clone()' method only to implement 'Cloneable' interface
CODSTA.OIM.CLONET - Ensure 'clone()' method of non-final Cloneable class declared to throw 'CloneNotSupportedException'
CODSTA.OIM.CLONE - Declare 'clone() throws CloneNotSupportedException' for Cloneable class
CODSTA.OIM.DVOM - Define a "static" 'valueOf()' method for "enum" types which override 'toString()'
CODSTA.OIM.OTOSM - Override 'toString()'
CODSTA.OIM.OVERRIDE - Override 'Object.hashCode()' when you override 'Object.equals()' and vice versa
CODSTA.OIM.OVOTS - Do not override 'toString()' in enum types
CODSTA.ORG.AMOC - Do not have more than one type in each file
CODSTA.ORG.DCI - Define constants in an "interface"
CODSTA.ORG.DINT - Do not make method calls to internal classes from non-internal classes
CODSTA.ORG.FO - Order class elements appropriately
CODSTA.ORG.IMP - Avoid importing specific classes or packages
CODSTA.ORG.OGM - Organize methods by name
CODSTA.ORG.ORCU - Order compilation unit elements appropriately
CODSTA.ORG.ORFIM - Place 'finalize()' methods between "public" and "protected" methods
CODSTA.ORG.ORIMP - Present "import" statements in alphabetical order
CODSTA.ORG.PML - Place the 'main()' method last
CODSTA.ORG.UNDPN - Ensure all types have a non default package name
CODSTA.POD.ACIAP - Avoid constant interface anti-pattern
CODSTA.POD.ASM - Avoid "static" methods when the declaring class is a parameter type
CODSTA.POD.AUVT - Use less specific types to accomplish loose coupling
CODSTA.POD.CHAIN - Use chain constructors in classes with multiple constructors
CODSTA.POD.CIOC - Avoid chains of "instanceof" comparisons
CODSTA.POD.DCTOR - Define a no argument constructor whenever possible
CODSTA.POD.IASM - Do not access static members indirectly
CODSTA.POD.ISACF - Do not define constants in interfaces
CODSTA.POD.SMC - Avoid "switch" statements with too many or too few "case" statements
CODSTA.POD.UET - Use "enum" types instead of a series of "static final" constants
CODSTA.POD.UPT - Enforce or avoid the use of parameterized types
CODSTA.READ.ABUB - Do not rely on automatic boxing and unboxing of primitive types
CODSTA.READ.ACCS - Do not use complicated conditional expressions in control structures
CODSTA.READ.AEFS - Avoid or enforce usage of enhanced "for" loops
CODSTA.READ.AFD - Access and set fields directly in the declaring type instead of using getter and setter methods
CODSTA.READ.AFQN - Do not use fully qualified type names
CODSTA.READ.AIC - Avoid anonymous inner classes
CODSTA.READ.ANL - Avoid using negative logic in if-else statement
CODSTA.READ.ASIS - Avoid static import statements
CODSTA.READ.AUTS - Avoid unnecessary calls to 'toString()'
CODSTA.READ.CCB - Comment the ends of control structures
CODSTA.READ.CEB - Comment empty blocks
CODSTA.READ.CID - Avoid using increment or decrement operators in nested expressions
CODSTA.READ.CLV - Comment local variables
CODSTA.READ.CTA - Always call 'Collection.toArray()' with an empty constant array argument
CODSTA.READ.CX - Enforce or avoid usage of conditional operators
CODSTA.READ.DOWHILE - Avoid using "do-while" statements
CODSTA.READ.DUN - Do not use too many negation operators '!' in a single method
CODSTA.READ.DVCU - Declare variables as close as possible to where they are used
CODSTA.READ.ECSC - Explicitly call one of the superclass' constructors from all constructors
CODSTA.READ.FF - Declare "private" constant fields "final"
CODSTA.READ.FLV - Declare constant local variables "final"
CODSTA.READ.HBE - Avoid using Hexadecimal binary exponents
CODSTA.READ.LONG - Avoid having a lower-case "l" or the number "1" at the end of a "long" integer constant
CODSTA.READ.MTBS - Minimize "try" block size
CODSTA.READ.MVOS - Do not declare multiple variables in one statement
CODSTA.READ.NEA - Avoid nested assignments or assignments embedded in other expressions
CODSTA.READ.NMUC - Declare never-modified collections as "unmodifiable" for clarity
CODSTA.READ.NSI - Avoid non-static initializers
CODSTA.READ.PCIF - Declare "for" loops with an initializer, conditional, and updater statements
CODSTA.READ.PCTOR - Do not declare "public" constructors in non-public classes
CODSTA.READ.PDBB - Put declarations only at the beginning of blocks
CODSTA.READ.PFL - Enforce use of "for" or "while" loops
CODSTA.READ.SIE - Use 'isEmpty()' for Collections and Maps instead of comparing 'size()' to 0
CODSTA.READ.UATS - Avoid or enforce the use of "this" and "super" expressions
CODSTA.READ.UBL - Avoid create integer values from binary notation using Integer.parseInt() methods
CODSTA.READ.ULIT - Use underscore characters (_) in numerical literal
CODSTA.READ.USN - Avoid literal constants
CODSTA.READ.VDT - Do not declare multiple variables of different types in one statement
CODSTA.READ.VIFS - Limit the number of initialization and update statements in "for" loops
DBC.CPT - Do not include a postcondition saying that "$result!=null" in methods which can return null
DBC.IGM - Provide an '@invariant' contract for all getter methods
DBC.IMNR - Do not invoke a method on a reference that is not guaranteed to be non-null
DBC.IPAN - Include a '@pre != null' tag for each parameter that is dereferenced before being checked for null
DBC.PKGC - Provide an '@invariant' contract for all package-private classes
DBC.PKGMPOST - Provide a '@post' contract for all package-private methods
DBC.PKGMPRE - Provide a '@pre' contract for all package-private methods
DBC.PRIC - Provide an '@invariant' contract for all "private" classes
DBC.PRIMPOST - Provide a '@post' contract for all "private" methods
DBC.PRIMPRE - Provide a '@pre' contract for all "private" methods
DBC.PROC - Provide an '@invariant' contract for all "protected" classes
DBC.PROMPOST - Provide a '@post' contract for all "protected" methods
DBC.PROMPRE - Provide a '@pre' contract for all "protected" methods
DBC.PUBC - Provide an '@invariant' contract for all "public" classes
DBC.PUBMPOST - Provide a '@post' contract for all "public" methods
DBC.PUBMPRE - Provide a '@pre' contract for all "public" methods
DBC.RCC - Avoid rechecking @pre and @post conditions
DBC.SYNTAX - Use correct syntax in the DbC contracts
ECLIPSE.IPMF - Avoid exporting "internal" packages in MANIFEST.MF
ECLIPSE.PCMF - Ensure "Export-Package" and "Provide-Package" match in MANIFEST.MF for Eclipse 3.0 compatibility
ECLIPSE.SMF - Avoid missing "Eclipse-AutoStart" entry in MANIFEST.MF
EJB.ABCS - Do not use Servlet code in EJB classes
EJB.ABFG - Do not use Entity Beans as fine-grained objects
EJB.ACL - Do not access, use, or create a class loader within a bean class
EJB.ADCB - Do not use EJB code in java swing or servlet classes
EJB.AIEBC - Avoid excessive inter-entity bean communication
EJB.AJDBC - Do not use JDBC code inside of EJB classes
EJB.AMSC - Do not access or modify security configuration objects
EJB.AOTO - Avoid one-to-one mapping between session beans and entity beans
EJB.AUS - Do not use sockets in EJBs
EJB.CDP - Declare bean classes "public"
EJB.CNDA - Do not declare bean classes as "abstract"
EJB.CNDF - Do not declare bean classes as "final"
EJB.CRTE - Declare 'ejbCreate()' methods "public", but neither "static" nor "final"
EJB.DPANY - Avoid granting access permission for EJB methods to the 'ANYONE' role
EJB.EJB3.AIA - Avoid ignored or invalid annotations
EJB.EJB3.AISE - Avoid IllegalStateException when using transactions
EJB.EJB3.BMN - Do not start business method names with "ejb"
EJB.EJB3.CMF - Use proper formatting for lifecycle callback methods
EJB.EJB3.CPIM - Call 'InvocationContext.proceed()' from @AroundInvoke methods
EJB.EJB3.EAII - Do not expose @AroundInvoke method in business interface
EJB.EJB3.IDA - Avoid improper use of @Id annotation
EJB.EJB3.IDCS - Ensure @IdClass is Serializable and defines "equals()" and "hashCode()" methods
EJB.EJB3.MDBS - Do not extend other @MessageDriven beans from a @MessageDriven bean
EJB.EJB3.MDML - Ensure @MessageDriven beans specify a MessageListener
EJB.EJB3.MTM - Do not declare multiple "@Timeout" methods
EJB.EJB3.PCUN - Always specify "unitName" with @PersistenceContext
EJB.EJB3.PERMIT - Avoid EJB 3 methods without security annotations
EJB.EJB3.RLI - Do not declare an interface both @Local and @Remote
EJB.EJB3.RMSB - Specify a @Remove method for @Stateful beans
EJB.EJB3.SIVS - Ensure instance variables of @Stateful beans are Serializable
EJB.EJB3.SRBM - Ensure parameters and return type of remote business methods are Serializable
EJB.EJB3.ULI - Access beans through a local interface
EJB.EJBLOAD - Do not call finder methods in the 'ejbLoad()'
EJB.FNDM - Declare finder methods "public" and neither "final" nor "static"
EJB.IECM - Implement one or more 'ejbCreate()' methods in bean classes
EJB.IEPM - Implement one or more 'ejbPostCreate()' methods in EntityBean classes
EJB.JIO - Do not use types from the "java.io" package within bean classes
EJB.LNL - Avoid loading native libraries in a Bean class
EJB.MDBC - Implement a no-argument 'ejbCreate()' method for all Message-driven bean classes
EJB.MEC - Define a matching 'ejbPostCreate()' method for each 'ejbCreate' method in entity bean classes
EJB.MNDF - Do not define 'finalize()' method in bean classes
EJB.MRE - Throw 'java.rmi.RemoteException' in the methods of remote interface and remote home interface
EJB.NFDC - Declare a "public" constructor that takes no parameters in bean classes
EJB.NFS - Declare all "static" fields in EJB bean classes "final"
EJB.PCRTE - Declare 'ejbPostCreate()' "public" and neither "static" nor "final"
EJB.RILH - Do not throw 'java.rmi.RemoteException' in a bean's local interface and local home interface
EJB.RR - Do not declare entity beans as remote
EJB.RTC - Make the return type "void" for SessionBeans or MessageDrivenBeans' 'ejbCreate()' methods
EJB.RTP - Make the return type "void" for the 'ejbPostCreate()' method
EJB.RT - Make finder methods' return type the primary key or a collection of primary keys
EJB.RUH - Reuse EJB homes
EJB.SMSN - Do not set or create a new SecurityManager in EJBs
EJB.STD - Ensure EJB beans include necessary methods and EJB bean and interface classes follow the name format
EJB.TCE - Throw 'javax.ejb.CreateException' in create methods of remote home or local home interfaces
EJB.TFE - Throw 'javax.ejb.FinderException' in finder methods of remote home or local home interfaces
EJB.THISARG - Avoid passing the "this" reference as an argument
EJB.THISRET - Do not return "this"
EJB.THREAD - Avoid starting, stopping, or managing threads in any way in bean classes
EJB.UCIC - Cache reusable JNDI resources to minimize the use of expensive operations
EJB.USF - Use a Session Facade to manage access to entity beans
EJB.UVO - Use Value Objects to reduce the granularity of calls to the server
EXCEPT.AEFC - Do not abuse exceptions as flow control statements
EXCEPT.AIOC - Do not use instanceof in a catch block to check the exception type
EXCEPT.CATO - Catch all "Throwable" objects which may be thrown in the body of certain methods
EXCEPT.CDUPL - Avoid catch clauses with the same content
EXCEPT.CLFIN - Avoid using finally block for closing resource only
EXCEPT.CTE - Always chain thrown exceptions
EXCEPT.EPNFC - Do not throw exceptions from constructors of "public" non-"final" classes
EXCEPT.HCB - Do not hide 'catch' blocks
EXCEPT.IMMEX - Declare all fields of user-defined 'Exception' as "final"
EXCEPT.MTE - Do not declare any thrown exceptions in the 'main()' method
EXCEPT.NCERR - Do not catch the 'java.lang.Error' object
EXCEPT.NCNPE - Do not catch 'NullPointerException'
EXCEPT.NFE - Ensure that the 'parse' methods of the numeric classes do not throw unhandled "NumberFormatExceptions"
EXCEPT.NTERR - Do not throw exception types which are too general or are unchecked exceptions
EXCEPT.NTNPE - Do not throw 'NullPointerException'
EXCEPT.RTERR - Rethrow certain exceptions if they are caught
EXCEPT.TEFEC - Do not throw exceptions from the constructors of exception classes
EXCEPT.TRY - Place "try/catch/finally" blocks outside of loops
EXCEPT.TSCE - Exception messages must meet minimum character requirement
FORMAT.APAREN - Use '()' to separate complex expressions
FORMAT.ASPACE - Ensure proper spacing in array references
FORMAT.ATS - Do not place empty whitespace at the end of a line
FORMAT.BLBC - Put a blank line before each C-style comment
FORMAT.BLCD - Enforce number of blank line(s) before type declarations
FORMAT.BLSIM - Enforce number of blank line(s) to separate "imports" from different packages
FORMAT.CBRACE - Place a closing brace on its own line
FORMAT.CMS - Place a single space character or no space character after type casting
FORMAT.DOT - Do not leave spaces between qualified names and method invocations
FORMAT.DUT - Use spaces instead of tabs (or tabs instead of spaces)
FORMAT.FCB - Enforce the position of '{' brace
FORMAT.FCN - Place the type that has the same name as the file as the first type
FORMAT.IAD - Declare arrays with '[]' brackets after the array type and before the variable name(s)
FORMAT.IND - Enforce number of space(s) for indentation
FORMAT.LL - Limit the maximum length of a line
FORMAT.MO - Enforce the order of annotations and modifiers
FORMAT.MSP - Place a single space character or no space character between a method name and the opening "(" parenthesis
FORMAT.NSAB - Do not place statements on the same line as the '{' opening brace
FORMAT.OSPL - Write one statement per line
FORMAT.SAC - Enforce number of space character(s) after every comma
FORMAT.SAOP - Enforce number of space character(s) on each side of an assignment operator
FORMAT.SAP - Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement
FORMAT.SAS - Enforce number of space character(s) after every semicolon
FORMAT.SAUOP - Enforce number of space character(s) between a prefixed unary operator and its operand
FORMAT.SBOP - Enforce number of space character(s) on each side of a bitwise operator
FORMAT.SBUOP - Enforce number of space character(s) between a postfixed unary operator and its operand
FORMAT.SCOP - Enforce number of space character(s) before and after the "?" conditional operator
FORMAT.SC - Enforce number of space character(s) between a conditional statement and the opening "(" parenthesis
FORMAT.SLOP - Enforce number of space character(s) on each side of a logical operator
FORMAT.SROP - Enforce number of space character(s) on each side of a relational operator
FORMAT.TCOMMA - Avoid or enforce the use of trailing commas in array initializers
FORMAT.TC - Avoid using trailing comments
FORMAT.TE - Use the preferred formatting for conditional expressions
FORMAT.TNL - Make sure all files are terminated with a newline character
FORMAT.U2BL - Enforce number of blank line(s) between major sections
FORMAT.UP - Avoid unnecessary parentheses
GC.AUTP - Do not use unnecessary temporaries when converting primitive types to String
GC.DUD - Avoid using 'Date[]', use 'long[]' instead
GC.FCF - Call 'super.finalize()' from 'finalize()'
GC.FM - Do not use 'finalize()' methods to unregister listeners
GC.GCB - Reuse calls to 'getClipBounds()'
GC.GC - Do not explicitly call 'System.gc()' or 'Runtime.gc()'
GC.IFF - Call 'super.finalize()' in the "finally" block of 'finalize()' methods
GC.MML - Be cautious when calling methods which may cause memory leaks
GC.NCF - Do not call 'finalize()' explicitly
GC.OSTM - Prevent potential memory leaks in ObjectOutputStreams by calling 'reset()'
GC.RCO - Reuse immutable constant objects to conserve memory
GC.STV - Avoid "static" collections or maps; they can grow without bounds
HIBERNATE.CAR - Call 'addClass()' instead of 'addResource()' to add a mapping to a 'Configuration'
HIBERNATE.CHS - Close Hibernate Sessions in "finally" blocks
HIBERNATE.CSF - Close all 'SessionFactory' objects
HIBERNATE.GSIM - Include getter and setter methods and an id field for any object mapped to a column in a database table
HIBERNATE.IDC - Declare a no-argument constructor for Hibernate persistent classes
HIBERNATE.LHII - Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files
HIBERNATE.OHCE - Override the 'equals' and 'hashCode' methods for mapped Hibernate objects
HIBERNATE.PIDS - Declare the setter method for the Hibernate identifier 'private'
HIBERNATE.RBT - Roll back any active transactions in 'catch' blocks
HIBERNATE.SLM - Call 'setLockMode()' before executing a Hibernate Query
HIBERNATE.UGNQ - Use mapped, named HQL queries instead of writing queries in Java code
HIBERNATE.UNP - Use named parameters in HQL queries
HIBERNATE.UPWD - Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files
INIT.AAI - Do not use array initializers
INIT.AULI - Ensure that the "if" check for lazy initialization uses the correct operator
INIT.CLIB - Do not put code other than initialization code in lazy initialization blocks
INIT.DIA - Use diamond to invoke the constructor of a generic class
INIT.IC - Do not use initialization circularities for fields
INIT.LV - Initialize all local variables explicitly at the declaration statement
INIT.NFS - Do not use non-final "static" fields during the initialization
INIT.SFA - Do not initialize "static" "final" variables with non "final" "static" variables
INIT.SF - Use explicit initializations/Do not initialize "static" fields to default values
INIT.SICUI - Do not use a "static" initializer that creates an instance of the current class before all "static final" fields are assigned
INTER.CCL - Provide 'Locale' argument when invoking 'String' conversion methods
INTER.CLO - Do not use single characters with logic operators in an Internationalized environment
INTER.COS - Do not use String concatenation in an Internationalized environment
INTER.CTLC - Do not call 'Character.toLowerCase(char)' or 'Character.toUpperCase(char)' in an internationalized environment
INTER.DTS - Do not call 'toString()' or 'String.valueOf()' on Date objects in an Internationalized environment
INTER.ITT - Isolate translatable text in resource bundles in an Internationalized environment
INTER.NCL - Use "static final" constants for single character literals in an Internationalized environment
INTER.NTS - Do not call 'toString()' or 'String.valueOf()' on numeric values in an Internationalized environment
INTER.PN - Do not call the 'parse' methods of the 'Number' types in an Internationalized environment
INTER.SCT - Do not call 'String.compareTo()' in an Internationalized environment
INTER.SDFL - Provide a 'Locale' argument when instantiating 'SimpleDateFormat' objects
INTER.SEO - Avoid calling methods and constructors which do not allow you to specify a character encoding option
INTER.SE - Do not call 'String.equals()' in an Internationalized environment
INTER.SIO - Do not call 'String.indexOf()' or 'String.lastIndexOf()' in an Internationalized environment
INTER.ST - Do not use 'StringTokenizer' in an Internationalized environment
INTER.TTS - Do not call 'toString()' or 'String.valueOf()' on Time objects in an Internationalized environment
INTER.UNLS - Avoid unnecessary "$NON-NLS" and "NOI18N" comments
JAVADOC.BT - Avoid unsupported '@' tags and other tags that should not be used in Javadoc comments
JAVADOC.CRN - Always include a description of whether or not a method can return null in the Javadoc
JAVADOC.DPMT - Avoid unused Javadoc tags
JAVADOC.ECTF - Enforce custom Javadoc tags for fields
JAVADOC.ECTM - Enforce custom Javadoc tags for methods/annotation member types
JAVADOC.ECTT - Enforce custom Javadoc tags for types
JAVADOC.JNJD - Do not insert non-Javadoc comments between Javadoc comments and declarations
JAVADOC.MAJDT - Use the '@author' Javadoc tag in declaration Javadoc comments
JAVADOC.MDJT - Include a meaningful description in Javadoc tags
JAVADOC.MISFORMAT - Avoid misformatted Javadoc tags
JAVADOC.MRDC - Use the '@return' Javadoc tag in method Javadoc comments
JAVADOC.MVJDT - Use the '@version' tag in type Javadoc comments
JAVADOC.ORDER - Order Javadoc tags appropriately
JAVADOC.PARAM - Use the '@param' Javadoc tag for each parameter of methods
JAVADOC.PJDC - Provide Javadoc comments and descriptions for types
JAVADOC.PJDF - Provide Javadoc comments and descriptions for fields
JAVADOC.PJDM - Provide Javadoc comments and descriptions for methods
JAVADOC.SINGLE - Enforce restraint on number of lines used for Javadoc comments
JAVADOC.SMJT - Use the '@concurrency' Javadoc tag on "synchronized" methods and blocks
JAVADOC.SPELL - Avoid misspelling words in Javadoc comments and string literals
JAVADOC.SRRP - Specify 'RUNTIME' as the retention policy when using the '@Documented' annotation
JAVADOC.THROW - Use the '@throws' or '@exception' Javadoc tag in methods
JAVADOC.TSMJT - Provide a Javadoc comment for 'toString()' methods
JAVADOC.TSOL - Ensure that certain Javadoc tags only span one line
JAVADOC.VMCR - Avoid using the '@return' Javadoc tag on "void" methods
JDBC.BRSA - Ensure index is valid in JDBC method invocation
JDBC.CDBC - Close JDBC connections in "finally" blocks
JDBC.COCO - Close JDBC objects in the correct order
JDBC.DSLV - Reuse data sources for JDBC connections
JDBC.ODBIL - Do not open or close JDBC connections in loops
JDBC.RRWD - Close JDBC resources in "finally" blocks
JDBC.SCSF - Do not store database connection objects in "static" fields
JDBC.UDS - Use javax.sql.DataSource to get the database connection
JDBC.UPSC - Use "PreparedStatements" correctly
JDBC.URSF - Use instance of RowSetFactory to create a RowSet object
JUNIT.AEAT - Use assertEquals instead of assertTrue
JUNIT.AHLOD - Do not hard code the location to data used by a unit test
JUNIT.ANAT - Use assertNull instead of assertTrue when checking null references
JUNIT.ANBA - Avoid negating boolean parameters to assertTrue() or assertFalse()
JUNIT.ASAT - Use assertSame instead of assertTrue when checking reference equality
JUNIT.ASSERT - Include a message string in JUnit assertions
JUNIT.AST - Do not include assertion statements in threads other than the main thread
JUNIT.CBA - Avoid calling 'assert' methods in catch blocks
JUNIT.CSUPER - Call the superclass' 'setUp' and 'tearDown' methods in the 'setUp' and 'tearDown' methods of JUnit test classes
JUNIT.CSUTD - Ensure that 'setUp()' and 'tearDown()' methods are implemented correctly
JUNIT.DIR - Place each test class in the same location as the class that it tests
JUNIT.ETCTA - Avoid extending 'TestCase' in test classes which contain the '@Test' annotation
JUNIT.FAIL - Use the fail() method instead of forcing a failed condition using the assertTrue(false) or assertFalse(true) method
JUNIT.FICB - Do not invoke the 'fail()' method in a 'catch' block in a JUnit test method
JUNIT.ISMTC - Do not implement the 'suite()' method in JUnit test classes
JUNIT.MAIN - Ensure that JUnit classes have a main() allowing them to be executed in isolation
JUNIT.OSIC - Do not use the constructor to set up test cases
JUNIT.OSUM - Override the 'setUp()' method or define a '@Before' method
JUNIT.OTDM - Override the 'tearDown()' method or define an '@After' method
JUNIT.SIA - Ensure JUnit test cases include assertion methods
JUNIT.SIFN - Set all fields which are initialized in the 'setUp()' method to "null" in the 'tearDown()' method
JUNIT.SUITE - Make 'suite()' methods "public" and "static"
JUNIT.TATC - Use '@Test' annotation instead of extending 'TestCase'
JUNIT.TCWNT - Include at least one test method in each 'TestCase' class
JUNIT.TEST - Make sure all methods have at least one JUnit test method
JUNIT.UPJT - Include an appropriate Javadoc tag in the Javadoc for JUnit test methods
JUNIT.UPSS - Use the correct signature for the 'suite()' method in JUnit test classes
METRIC.CBO - Coupling Between Objects
METRIC.CC - McCabe Cyclomatic Complexity
METRIC.CLLOCRIF - Ratio of Comments to Number of Logical Lines in files
METRIC.CLLOCRIM - Ratio of Comments to Number of Logical Lines in methods
METRIC.CLLOCRIT - Ratio of Comments to Number of Logical Lines in types
METRIC.DIF - Nested If Statements
METRIC.ECC - Essential Cyclomatic Complexity
METRIC.FO - Fan Out
METRIC.HDIFM - Halstead Difficulty
METRIC.HEFM - Halstead Effort
METRIC.HICM - Halstead Intelligent Content
METRIC.HLENM - Halstead Program Length
METRIC.HLEVM - Halstead Program Level
METRIC.HNOBM - Halstead Number of Bugs
METRIC.HTTPM - Halstead Time to Program
METRIC.HVOCM - Halstead Program Vocabulary
METRIC.HVOLM - Halstead Program Volume
METRIC.IDOC - Inheritance Depth of Class
METRIC.LCOM - Lack of Cohesion
METRIC.MCC - Modified Cyclomatic Complexity
METRIC.MI - Maintainability Index
METRIC.NBD - Nested Blocks Depth
METRIC.NOBLIF - Number of Blank Lines in Files
METRIC.NOBLIM - Number of Blank Lines in Methods
METRIC.NOBLIT - Number of Blank Lines in Types
METRIC.NOCLIF - Number of Comment Lines in Files
METRIC.NOCLIM - Number of Comment Lines in Methods
METRIC.NOCLIT - Number of Comment Lines in Types
METRIC.NOC - Number of Classes
METRIC.NOF - Number of Files
METRIC.NOLLOCIF - Number of Logical Lines in Files
METRIC.NOLLOCIM - Number of Logical Lines in Methods
METRIC.NOLLOCIT - Number of Logical Lines in Types
METRIC.NOMIT - Number of Methods in Types
METRIC.NOPAR - Number of Parameters of Methods
METRIC.NOPLIF - Number of Physical Lines in Files
METRIC.NOPLIM - Number of Physical Lines in Methods
METRIC.NOPLIT - Number of Physical Lines in Types
METRIC.NOPRIVMIT - Number of Private Members of Types
METRIC.NOPROTMIT - Number of Protected Members of Types
METRIC.NOPUBMIT - Number of Public Members of Types
METRIC.NORET - Number of Returns in Methods
METRIC.NOSLIF - Number of Source Lines in Files
METRIC.NOSLIM - Number of Source Lines in Methods
METRIC.NOSLIT - Number of Source Lines in Types
METRIC.NOT - Number of Types
METRIC.RFC - Response for Class
METRIC.SCC - Strict Cyclomatic Complexity
METRICS.CTNL - DEPRECATED: Number of lines in "class" or "interface"
METRICS.ECLM - DEPRECATED: Number of statement lines in a method
METRICS.ECLT - DEPRECATED: Number of statement lines in a "class" or "interface"
METRICS.ID - DEPRECATED: "class" or "interface" inheritance level
METRICS.NOFT - DEPRECATED: Number of fields
METRICS.NOMCML - DEPRECATED: Number of comment lines in a method
METRICS.NOM - DEPRECATED: Number of methods
METRICS.NOTCML - DEPRECATED: Number of comment lines in a "class" or "interface"
METRICS.NPKGF - DEPRECATED: Number of package-private fields
METRICS.NPKGM - DEPRECATED: Number of package-private methods
METRICS.NPRIF - DEPRECATED: Number of "private" fields
METRICS.NPRIM - DEPRECATED: Number of "private" methods
METRICS.NPROF - DEPRECATED: Number of "protected" fields
METRICS.NPROM - DEPRECATED: Number of "protected" methods
METRICS.NPUBF - DEPRECATED: Number of "public" fields
METRICS.NPUBM - DEPRECATED: Number of "public" methods
METRICS.NSTMT - DEPRECATED: Number of statements in a method
METRICS.PAR - DEPRECATED: Number of parameters
METRICS.PJDC - DEPRECATED: Percentage of Javadoc comments (%)
METRICS.TNLM - DEPRECATED: Number of lines in a method
METRICS.TNMC - DEPRECATED: Number of method calls
METRICS.TRET - DEPRECATED: Number of "return" statements
METRICS.VG - DEPRECATED: Cyclomatic Complexity
METRIC.WMC - Weighted Methods of Class
MOBILE.ACFM - Avoid accessing same fields and methods multiple times
MOBILE.AMA - Avoid using 'getter' and 'setter' methods
MOBILE.ANDROID.AOSM - Always override 'onSaveInstanceState()'
MOBILE.ANDROID.WUP - Make sure that widgets aren't updated too often
MOBILE.APTA - Avoid using array of primtive wrapper objects
MOBILE.AUEF - Avoid using enhanced "for" loop to walk through a "java.lang.Iterable" object
MOBILE.AUI - Avoid declaring "interface" types
MOBILE.DARRAY - Avoid multiple dimension arrays
MOBILE.ENUM - Avoid using enums
MOBILE.FLOATER - Avoid using floats
MOBILE.J2ME.ACII - Do not use anonymous classes as interface implementors
MOBILE.J2ME.ARLL - Do not use an array length in a loop condition expression
MOBILE.J2ME.CIPA - Avoid constant initializations of primitive arrays that exceed a certain size
MOBILE.J2ME.EAOF - Do not access a field excessively
MOBILE.J2ME.EURP - Ensure methods use return parameters instead of returning new objects
MOBILE.J2ME.OOME - Catch 'OutOfMemoryError' for large array allocations
NAMING.ANNS - Follow class name conventions defined for annotations
NAMING.CVN - Use conventional variable names
NAMING.DJLO - Do not declare types with the same name as types in the Java platform
NAMING.DSN - Avoid using dollar signs in names
NAMING.ECN - Ensure class names reflect classes which they extend
NAMING.EXTENDS - Follow class name conventions defined for base classes
NAMING.GETA - Follow a naming convention for getter methods
NAMING.GETB - Follow a naming convention for "boolean" getter methods
NAMING.ID - Avoid using potential Java keywords as identifiers
NAMING.IFV - Use all uppercase letters for the names of fields in an "interface"
NAMING.IMPLS - Follow class name conventions defined for implemented interfaces
NAMING.IRB - Use 'is...' only for naming methods that return a "boolean"
NAMING.LLI - Follow limits for the lengths of type, method, field, parameter, and variable names
NAMING.NACL - Use a naming convention for "abstract" classes
NAMING.NAC - Use a naming convention for array and collection variables
NAMING.NA - Use a naming convention for annotations
NAMING.NCL - Use a naming convention for classes
NAMING.NENUM - Use a naming convention for enum type declarations
NAMING.NE - Use a naming convention for exceptions
NAMING.NFL - Use a naming convention for "final" local variables
NAMING.NIF - Use a naming convention for non-"static" fields
NAMING.NITF - Use a naming convention for interfaces
NAMING.NLV - Use a naming convention for local variables
NAMING.NMP - Use a naming convention for method parameters
NAMING.NM - Use a naming convention for non-"static" methods
NAMING.NPH - Use a naming convention for type parameters
NAMING.NSF - Use a naming convention for non-"final" "static" fields
NAMING.NSM - Use a naming convention for "static" methods
NAMING.NTEST - Use a naming convention for JUnit test classes
NAMING.PKG - Use a naming convention for "package" names
NAMING.RPKG - Do not use a package name that is reserved by Sun
NAMING.SETA - Follow a naming convention for setter methods
NAMING.SINGLETON - Use a naming convention for singleton classes
NAMING.THAC - Use a naming convention for tag handlers and associated classes
NAMING.UHN - Use Hungarian notation for variables
NAMING.USF - Do not use lowercase letters in "final" "static" field names
NAMING.UUVN - Do not use variable names which differ only in case
OOP.ACECC - Do not extend concrete classes in "abstract" classes
OOP.ACST - Avoid casts to types which are more specific than necessary
OOP.AF - Avoid "public"/"protected"/package-private fields
OOP.AHF - Do not hide inherited fields
OOP.AHSM - Do not hide inherited "static" member methods
OOP.AOA - Add the "@Override" annotation to overriding methods
OOP.AOCM - Always override certain methods when extending certain types
OOP.ASFI - Redeclare a class with only "abstract" methods and "static final" fields as an "interface"
OOP.AUASI - Do not implement or extend annotations
OOP.AUO - Do not use an object to access "static" fields or methods
OOP.CIMOM - Do not declare a method in an interface which conflicts with a 'protected' method of 'Object'
OOP.CQS - Ensure methods are either a command(change state) or a query(get state)
OOP.HIF - Do not hide fields and local variables declared in enclosing scopes
OOP.HMF - Do not give method local variables and parameters the same name as class fields
OOP.ICIF - Avoid inner classes in interfaces
OOP.IDOM - Avoid declaring methods inherited from class "Object" in an interface
OOP.IIAC - Avoid implementing interfaces only to access constants
OOP.IIN - Implement interface methods non-trivially or declare them "abstract"
OOP.INSOF - Use "instanceof" only on interfaces
OOP.LEVEL - Avoid more than two levels of nested inner classes
OOP.MFP - Give "finalize()" methods "protected" access
OOP.MI - Avoid interfaces with no fields or methods (marker interfaces)
OOP.MUCOP - Provide mutable classes with copy functionality
OOP.NAM - Avoid "abstract" classes without "abstract" methods
OOP.NOMA - Declare methods in "abstract" classes with empty bodies "abstract"
OOP.NPAC - Do not declare "public" or package-private constructors in "abstract" classes
OOP.OPM - Do not override an instance "private" method
OOP.PIFC - Do not use "protected" access for members of "final" classes
OOP.PMPC - Ensure 'public' classes have at least one 'public' or 'protected' member
OOP.PSDF - Do not declare "private" or "static" methods as "final"
OOP.RI - Do not declare a class as implementing an interface if a superclass already implements that interface
OOP.RSFC - Avoid referencing a class' subclasses from itself
OOP.SNGL - Use a naming convention for singleton classes
OOP.SVHM - Specify which version of potentially ambiguous methods you wish to call for method calls in inner classes
OOP.THRECL - Use getContextClassLoader() instead of getClassLoader()
OPT.AAM - Change non-"private" members to "private" in anonymous classes
OPT.AAS - Use abbreviated assignment operators
OPT.ACDO - Do not use the 'new String(String)' constructor
OPT.AGC - Do not get the 'Class' object through new object instantiation
OPT.ANIPW - Avoid new instantiations of primitive wrapper objects, whose values are cached
OPT.AUMO - Avoid unnecessary Map operations
OPT.BR - Simplify "boolean" returns
OPT.CCR - Close all "java.io.Closeable" resources in a "finally" block
OPT.CEIL - Avoid putting constant expressions inside loops
OPT.CEL - Do not call methods in loop condition statements
OPT.CIO - Close input and output resources in "finally" blocks
OPT.CLL - Check the logging level before calling potentially expensive logging operations
OPT.CPTS - Do not convert a value to a String by concatenating the empty String
OPT.CRSG - Avoid duplicate calls to the "get" methods of "ResultSet"
OPT.CRWD - Close resources as early as possible
OPT.CTLV - Do not use a "private" field that is accessed in only one method; change it to a local variable
OPT.DIC - Define initial capacities for 'ArrayList', 'HashMap', 'HashSet', 'Hashtable', 'Vector' and 'WeakHashMap'
OPT.EES - Use 'String.length() == 0' instead of 'String.equals("")'
OPT.EIC - Use 'equalsIgnoreCase()' instead of calls to 'toLowerCase()' or 'toUpperCase()'
OPT.EOIL - Avoid calling expensive operations in the body of a loop
OPT.ICDPC - When calling "Math.ceil()", do not pass in an integer that has been cast to a floating point type
OPT.ICGA - Avoid accessing members which will require synthetic accessor methods
OPT.ILUG - Do not iterate through Lists using the 'get()' method
OPT.IRB - Use 'System.arraycopy()' instead of using a loop to copy arrays
OPT.ISC - Do not instantiate a class which contains only static fields and methods
OPT.LIOL - Move invariants outside of loops wherever possible
OPT.LOOP - Do not instantiate variables in a loop body
OPT.MAF - Make getter and setter methods for instance fields "final"
OPT.MUNC - Avoid unnecessary comparisons to "null"
OPT.NCIO - Avoid 'null' check before 'instanceof'
OPT.NIVND - Use the 'nextInt()' method to generate a random integer
OPT.NIW - Avoid creating new instances of BigInteger and BigDecimal
OPT.NSF - Declare "final" fields with a known compile time value as "static"
OPT.PCTS - Use 'charAt()' instead of 'startsWith()' for one character comparisons
OPT.PRIM - Do not instantiate the wrapper classes for primitive types
OPT.SBL - Avoid converting StringBuffer or StringBuilder to String to check length
OPT.SBS - Use 'StringBuilder' instead of 'StringBuffer' when synchronization is not required
OPT.SB - Specify an initial 'StringBuffer' capacity
OPT.SDLS - Avoid using synchronized data structures for local variables
OPT.SI - Declare member classes "static" if possible
OPT.SRA - Avoid using 'String.replaceAll()' with literal values
OPT.STCA - Do not call ''String.toCharArray()'' unnecessarily
OPT.STRBUF - Simplify methods that return strings that are always concatenated
OPT.STR - Use single quotes instead of double quotes for single character string concatenation
OPT.STS - Avoid unnecessary calls to 'String' methods
OPT.SWIF - Avoid use of if statements if they can be replaced with switch statements
OPT.SYN - Do not call a synchronized method inside of a loop
OPT.TOARRAY - Use collection size for target array in 'toArray()'
OPT.UEQ - Do not compare boolean variables with "true"
OPT.UISO - Avoid unnecessary "instanceof" evaluations
OPT.UMATH - Do not call the methods from 'java.lang.Math' if the result is a constant which can be easily determined
OPT.UNC - Avoid unnecessary casting
OPT.USB - Use 'StringBuffer' instead of 'String' when concatenating strings
OPT.USCL - Avoid questionable uses of non-short-circuit logic
OPT.USC - Use 'String' instead of 'StringBuffer' for constant strings
OPT.USV - Use 'stack' variables whenever possible
PB.API.AECC - Avoid extending certain classes (custom rule)
PB.API.APPG - Avoid 'put, 'putAll' and 'get' methods of 'java.util.Properties' objects
PB.API.APT - Avoid using certain packages or types
PB.API.CMMT - Ensure that the types passed to "Collection" and "Map" methods match the types in those data structures
PB.API.DANNOT - Add the "@Deprecated" annotation to the declarations of deprecated members
PB.API.DNCSS - Do not call 'setSize()' in 'ComponentListener.componentResized()'
PB.API.DPRAPI - Do not use deprecated APIs
PB.API.ECMC - Do not extend "Collection" and "Map" classes
PB.API.EHM - Do not extend 'java.util.HashMap' or 'java.util.Hashtable'
PB.API.EJF - Do not create an empty JarFile entry or an empty ZipFile entry
PB.API.EQNL - Avoid calling 'equals(null)'
PB.API.HNCN - Do not call the 'next' method from the 'hasNext' method of an Iterator
PB.API.IUMS - Do not use "URL" objects in "Collections" or "Maps"
PB.API.KOEH - Ensure that all types which are used as keys in Sets and Maps override the 'equals()' and 'hashCode()' methods
PB.API.MASP - Assign "protected" accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes
PB.API.MOHK - Avoid using objects with dangerous implementations of 'equals()' or 'hashCode()' as keys in hashed data structures
PB.API.NDC - Do not define direct or indirect subclasses of 'Error' and 'Throwable'
PB.API.OF - Do not overload the 'finalize()' method
PB.API.REP - Avoid using "." as a regular expression in 'String.replaceAll()' and 'String.replaceFirst()'
PB.API.SBCC - Do not pass a 'char' to the 'StringBuffer(int)' constructor
PB.API.UNI - Avoid improper casting of the results of the 'next' methods in the 'java.util.Random' class
PB.API.URL - Avoid using the 'equals()' and 'hashCode()' methods of "java.net.URL"
PB.API.VAFS - Ensure the correct number of arguments for varargs methods with format strings
PB.API.VENDOR - Update values which may be using to compare with vendor properties
PB.CLOSE - Unrestricted lock resource
PB.CUB.ADE - Avoid dangling "else" statements
PB.CUB.AIPQ - Avoid using 'iterator()' with PriorityQueue and PriorityBlockingQueue
PB.CUB.AMCO - Avoid using multiple '!' or '~' unary operators
PB.CUB.APAM - Avoid passing arrays as arguments to methods that take non-array parameters
PB.CUB.ARCF - Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block
PB.CUB.ATSF - Do not exit "finally" blocks abruptly
PB.CUB.AWP - Avoid confusing assignments to constructor arguments
PB.CUB.CILB - Do not put code other than logging code inside logging blocks
PB.CUB.CNVC - Avoid improper concatenation of characters with numbers
PB.CUB.CTOR - Do not call non-"final", non-"static" and non-"private" methods from constructors
PB.CUB.CWRITE - Avoid usage of File.canWrite() method because it may returns true even if directory is not writable
PB.CUB.DCP - Do not use the "+" string concatenation operator to concatenate numbers; use it only to add numbers
PB.CUB.EBI - Avoid erroneously placing statements outside blocks
PB.CUB.EOOM - Avoid errors in overriding methods of "java.lang.Object"
PB.CUB.FLVA - Do not assign loop control variables in the body of a "for" loop
PB.CUB.IMC - Ensure overriding methods are not unintended covariants due to parameter type differences
PB.CUB.IMM - Ensure "static" "final" fields are immutable
PB.CUB.ISF - Inspect "private" "static" fields which may have mistakenly been declared "static"
PB.CUB.MAIN - Use the method name 'main()' only for the entry point method
PB.CUB.OE - Avoid suspicious octal escapes
PB.CUB.OSM - Ensure overloaded methods in superclass are overridden when overriding a method in subclass
PB.CUB.OVAM - Avoid overloading varargs methods
PB.CUB.PSFA - Avoid using "public static final" array fields
PB.CUB.RMO - Avoid referencing mutable fields
PB.CUB.SAC - Do not use "char" arrays in "String" concatenations
PB.CUB.SBC - Do not use a "switch" statement with a bad "case"
PB.CUB.SRAD - Specify @Retention for annotation type declarations
PB.CUB.STRCC - Parenthesize complex expressions in 'print()' or 'println()' statements
PB.CUB.TOCTOU - Avoid Time-of-check Time-of-use (TOCTOU) Race Condition
PB.CUB.TOS - Avoid invoking 'toString()' on array variables
PB.CUB.TVOM - Avoid type variable parameters when calling overloaded methods
PB.CUB.UEIC - Do not use '==' or '!=' to compare objects
PB.EAR - Ensure that non-"void" methods have a return value other than empty arrays and "null"
PB.LOGIC.AIL - Avoid infinite loops
PB.LOGIC.AMOI - Avoid using the wrong index variable to access an array or List element
PB.LOGIC.AOBO - Avoid off-by-one errors in loop conditions
PB.LOGIC.AULV - Avoid loop variables which are not used in the condition of the loop
PB.LOGIC.CPI - Do not check whether the result of "String.indexOf()" is positive or non-positive
PB.LOGIC.CRRV - Check the return value of methods which read or skip input
PB.LOGIC.DJNCR - Do not discard the result of a call to "readLine()" after checking that the return value is non-null
PB.LOGIC.EQLC - Use 'getClass()' or "instanceof" within 'equals()' and 'compareTo()' method implementations
PB.LOGIC.EQUS - Do not call 'equals()' methods that always return false
PB.LOGIC.ESO - Avoid calling 'equals()' with same object
PB.LOGIC.FLRC - Avoid infinite recursive method calls
PB.LOGIC.INDEX - Avoid bugs in the usage of loop variables
PB.LOGIC.JI - Do not increment or decrement on the same variable over multiple nested "for" loop statements
PB.LOGIC.LLM - Ensure that the logging level checked matches the level of the called logging method
PB.LOGIC.OAMC - Ensure that the objects used within a loop's condition are properly accessed within the loop's body
PB.LOGIC.OOR - Avoid out of range comparisons
PB.LOGIC.ROM - Make sure that methods are invoked on the correct object
PB.LOGIC.SG - Ensure get/set methods are accessing the correct variables
PB.NAECS - Include a 'case' statement for each constant of an 'enum' type in 'switch' statements
PB.NUM.AIC - Avoid implicit casts from integer data types to floating point data types
PB.NUM.BBDCC - Do not pass floating point values to the 'BigDecimal' constructor
PB.NUM.BSA - Do not use an integer outside the range of [0, 31] as the amount of a shift
PB.NUM.CACO - Avoid using compound assignment operators in cases which may cause overflow
PB.NUM.CLP - Do not cast primitive data types to lower precision
PB.NUM.CMP - Don't use subtraction in this method
PB.NUM.DCF - Do not compare floating point types
PB.NUM.FPLI - Do not use floating point variables as loop indices
PB.NUM.ICO - Avoid calculations which result in overflow or NaN
PB.NUM.IDCD - Do not assign the result of an integer division to a floating point variable
PB.NUM.IMOF - Avoid casting the result of an integer multiplication to "long"
PB.NUM.IOF - Use unsigned right shift instead of division when overflow is possible
PB.NUM.NAN - Avoid comparisons to Double.NaN or Float.NaN
PB.NUM.NIA - Do not initialize array dimensions with negative numbers
PB.NUM.UBD - Do not use "float" and "double" if exact answers are required
PB.NUM.UCM - Avoid passing integer values to 'Math.round()'
PB.OCSF - Ensure that exactly one type has the same name as the file name
PB.PCSF - Ensure that the type that has the same name as the file is declared "public"
PB.PDCL - Place "default" as the last case of the "switch" statement
PB.PDS - Provide "default:" for each "switch" statement
PB.RE.ACTI - Do not add a collection to itself
PB.RE.AMFSL - Avoid modifying fixed-size Collections
PB.RE.AQA - Avoid calling the 'add()' method of a Queue
PB.RE.ASE - Avoid possible ArrayStoreExceptions
PB.RE.CAI - Always check parameters before use in array access
PB.RE.CIOR - Check the return value of calls to 'String.indexOf()' before passing this value to other "String" methods
PB.RE.CTNSE - Ensure 'Iterator.next()' method implementations throw 'NoSuchElementException'
PB.RE.IDRL - Check whether or not "readLine()" returned null before dereferencing the return value
PB.RE.IIAE - Make sure the IllegalArgumentException message matches the code logic
PB.RE.IOSS - Use the "fromIndex" argument of 'indexOf()' when necessary
PB.RE.ISEM - Do not call 'String.equals(constant)' or 'String.equalsIgnoreCase(constant)'
PB.RE.JLAY - Avoid using methods add() from JLayer class
PB.RE.NCMD - Ensure that dereferenced variables match variables which were previously checked for "null"
PB.RE.NXRE - Do not define direct or indirect subclasses of 'RuntimeException'
PB.RE.PNPD - Avoid dereferencing null objects
PB.RE.RCODE - When used HttpURLConnection always check return value from the getResponseCode() methods before call getInputStream()
PB.RE.VRNULL - Avoid methods returning "null" value
PB.TYPO.AECB - Avoid "try", "catch" and "finally" blocks with empty bodies
PB.TYPO.ASI - Avoid assignment within a condition
PB.TYPO.BW - Avoid unnecessary self computation
PB.TYPO.CSI - Ensure that the correct "super" method is invoked
PB.TYPO.DAV - Avoid assigning same variable in the fall-through switch case
PB.TYPO.EB - Avoid control statements with empty bodies
PB.TYPO.IMO - Ensure the overriding method name does not have a typo
PB.TYPO.NAMING - Do not give methods and fields the same name as the enclosing class or each other
PB.TYPO.RSK - Avoid having more than one "getter" or "setter" method for the same field
PB.TYPO.TLS - Ensure "switch" statements do not contain typos
PB.TYPO.UOL - Do not use octal integer literals
PB.TYPO.WT - Ensure that arguments passed to Java wrapper classes do not contain typos
PB.USC.AES - Avoid empty statements
PB.USC.CC - Avoid conditional expressions that always evaluate to a constant value
PB.USC.EC - Avoid empty classes
PB.USC.EPC - Do not define empty "public" constructors in classes with no other constructors
PB.USC.NACC - Avoid classes with no accessible members
PB.USC.NASSIG - Ensure method and constructor return values are used
PB.USC.OI - Avoid increment and decrement statements which have no effect
PB.USC.RTE - Do not catch exceptions only to rethrow them
PB.USC.SAFL - Avoid self assignments/initializations to fields and/or local variables
PB.USC.UIF - Avoid unreachable "else if" and "else" cases
PB.USC.UNARY - Do not use the unary operator '+'
PORT.CTSP - Avoid calling 'Thread.setPriority()'
PORT.DNHCP - Do not hard code an absolute pathname when calling a constructor from the 'File' class
PORT.ENV - Do not use the non-portable 'System.getenv()' method
PORT.EXEC - Do not use 'Runtime.exec()'
PORT.HCNA - Do not hard-code IP addresses and port numbers
PORT.LNSP - Do not hard code '\n' or '\r' as a line separator
PORT.NATV - Do not use user-defined "native" methods
PORT.PEER - Do not use "java.awt.peer.*" interfaces directly
PORT.PSC - Use "File.pathSeparator" or "File.pathSeparatorChar" instead of the corresponding literals
PROPS.BSPV - Avoid adding extra white spaces to the end of property values
PROPS.DUPN - Avoid duplicated property names
PROPS.DUPV - Avoid duplicated property values
PROPS.EMN - Avoid empty property names
PROPS.EMV - Avoid empty property values
PROPS.EQOP - Always use the '=' operator
PROPS.FM - Follow the limit for number of property entries
PROPS.HCLS - Avoid hard-coded line separators in property values
PROPS.IARG - Avoid misusing arguments in property values
PROPS.ICK - Avoid incomplete property entries
PROPS.IVCC - Avoid misusing the line continuation character '\'
PROPS.MENTRY - Avoid unmatched property entries in resources with different locales
PROPS.MLN - Avoid splitting property names into multiple lines
PROPS.NAME - Use a naming convention for property names
PROPS.PLAIN - Password information should not be included in properties file in plaintext
PROPS.SPELL - Avoid misspelling words in comments and property values
PROPS.TENTRY - Ensure that property entries are localized correctly
SECURITY.BV.ACL - Do not access the class loader in a web component
SECURITY.BV.ADT - Inspect usage of 'Date', 'Time' objects and 'System.currentTimeMillis()' method invocations
SECURITY.BV.AUG - Inspect usage of 'getName()' from 'java.lang.Class' object
SECURITY.BV.CQRO - Use "read-only" AccessMode for Castor queries
SECURITY.BV.DSSM - Do not set custom security managers outside of the 'main' method
SECURITY.BV.ENFL - Ensure all sensitive method invocations are logged
SECURITY.BV.NSF - Do not call 'Socket.setSocketImplFactory()' or 'URL.setURLStreamHandlerFactory()' in a web component
SECURITY.BV.PCFM - Wrap "privileged" method invocations in "final" methods
SECURITY.BV.PCPM - Wrap "privileged" method invocations in "private" methods
SECURITY.BV.PDLC - Avoid using dynamically loaded classes in "privileged" code blocks
SECURITY.BV.SYSP - Do not access or set System properties
SECURITY.DRC.THR - Do not use threads in web components
SECURITY.EAB.ACWC - Avoid calling specified methods from web components and EJBs
SECURITY.EAB.AWT - Do not use AWT classes in Web components
SECURITY.EAB.CBA - Do not pass byte arrays to ObjectOutputStream in the 'writeObject()' method
SECURITY.EAB.CMP - Do not compare Class objects by name
SECURITY.EAB.CPCL - Enforce returning a defensive copy in 'clone()' methods
SECURITY.EAB.JVM - Do not stop the JVM in a web component
SECURITY.EAB.LDP - Limit the number of "AccessController.doPrivileged" calls per class
SECURITY.EAB.MPT - Do not pass user-given mutable objects directly to certain types
SECURITY.EAB.OROM - Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes
SECURITY.EAB.PCL - Limit the number of lines in "privileged" code blocks
SECURITY.EAB.SF - Do not declare "static" fields in web components
SECURITY.EAB.SIS - Do not change the input streams of 'java.lang.System' in a web component
SECURITY.EAB.SMO - Do not store user-given mutable objects directly into variables
SECURITY.EAB.SPFF - Inspect 'static' fields which may have intended to be declared 'static final'
SECURITY.ESD.ACW - Avoid writing to Consoles
SECURITY.ESD.CONSEN - Do not log confidential or sensitive information
SECURITY.ESD.CSD - Clear sensitive data after use
SECURITY.ESD.PEO - Do not pass exception messages into output in order to prevent the application from leaking sensitive information
SECURITY.ESD.PLC - Avoid storing sensitive data in plaintext in a cookie
SECURITY.ESD.RA - Avoid methods that might expose internal representations by returning arrays or other mutable fields
SECURITY.ESD.SDM - Store sensitive data in mutable objects
SECURITY.ESD.SIF - Inspect instance fields of serializable objects to make sure they will not expose sensitive information
SECURITY.ESD.SIO - Avoid calling print methods of 'System.err' or 'System.out'
SECURITY.ESD.SNFD - Do not expose data with a 'FileNotFound' exception
SECURITY.ESD.SPI - Do not interrogate or modify security policy information in a web component
SECURITY.ESD.TFP - Declare "transient" fields "private"
SECURITY.ESD.TSPF - Avoid "transient" fields in serialPersistentFields array
SECURITY.ESD.UPCT - Use 'post' instead of 'get' for credential transfers
SECURITY.IBA.AEAF - Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm'
SECURITY.IBA.ATF - Avoid temporary files
SECURITY.IBA.AUSS - Avoid using "SELECT *" in SQL queries
SECURITY.IBA.CDBV - Canonicalize all data before validation
SECURITY.IBA.CSVFV - Always call 'super.validate()' from validation methods in 'ActionForm' classes
SECURITY.IBA.EDPM - Encapsulate constructor arguments with a validation function
SECURITY.IBA.NATIW - Use wrapper methods to secure native methods
SECURITY.IBA.UPS - Use 'prepareCall' or 'prepareStatement' instead of 'createStatement'
SECURITY.IBA.VRD - Encapsulate all redirect and forward URLs with a validation function
SECURITY.IBA.XPIJ - Avoid XPath injection when evaluating XPath queries
SECURITY.UEC.ADS - Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files
SECURITY.UEC.AELQ - Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files
SECURITY.UEC.DSL - Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files
SECURITY.UEC.DSR - Avoid defining multiple security roles with the same name in 'web.xml' files
SECURITY.UEC.EDAR - Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files
SECURITY.UEC.FMCD - Ensure that each filter mapped in a 'web.xml' file has a corresponding definition
SECURITY.UEC.HTTPS - Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files
SECURITY.UEC.ISOS - Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files
SECURITY.UEC.LCA - Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files
SECURITY.UEC.PCCF - Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files
SECURITY.UEC.PTPT - Avoid using plain text passwords in Axis 'wsdd' files
SECURITY.UEC.PWDPROP - Ensure that passwords are not stored as plaintext and are sufficiently long
SECURITY.UEC.PWDXML - Ensure that passwords are not stored as plaintext and are sufficiently long
SECURITY.UEC.RAJ - Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files
SECURITY.UEC.REST - Ensure that "REST" is disabled in 'axis2.xml' configuration files
SECURITY.UEC.SDAR - Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files
SECURITY.UEC.SEP - Always specify error pages in web.xml
SECURITY.UEC.SLID - Ensure Session-ID Length is sufficient
SECURITY.UEC.SMM - Avoid using the SOAP Monitor module
SECURITY.UEC.SRCD - Ensure that each security role referenced in a 'web.xml' file has a corresponding definition
SECURITY.UEC.TDAR - Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files
SECURITY.UEC.UDC - Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files
SECURITY.UEC.UTAX - Avoid using plain text passwords in Axis2 configuration files
SECURITY.UEC.WCMC - Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCMI - Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCMT - Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCMWS - Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCPWD - Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCUTS - Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WELC - Ensure all web content directories have a "welcome file"
SECURITY.UEC.WMC - Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WMI - Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WMT - Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WMWS - Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WPWD - Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WSS - Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files
SECURITY.UEC.WUTS - Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEHL.LGE - Ensure all exceptions are either logged with a standard logger or rethrown
SECURITY.WSC.ACDP - Avoid using anonymous "privileged" classes when invoking "AccessController.doPrivileged()"
SECURITY.WSC.ACPST - Do not call the 'printStackTrace()' method of "Throwable" objects
SECURITY.WSC.AHCA - Avoid hard-coding the arguments to certain methods
SECURITY.WSC.AMA - Avoid constructors and overriding methods which are more accessible than those of their super classes
SECURITY.WSC.APIBS - Inspect usage of standard API calls that bypass security
SECURITY.WSC.ARXML - Avoid turning raw text into xml
SECURITY.WSC.ASAPI - Inspect usage of scripting API
SECURITY.WSC.AUIC - Do not use inner classes
SECURITY.WSC.BP - Allow only certain providers to be specified for the 'Security.addProvider()' method
SECURITY.WSC.CACM - Keep all access control methods centralized to enforce consistency
SECURITY.WSC.CAM - Keep all authentication methods centralized to enforce consistency
SECURITY.WSC.CAP - Always clone array parameters which are stored to fields
SECURITY.WSC.CFM - Only call "final" methods from specified code blocks in non-"final" classes
SECURITY.WSC.CIFC - Only "clone()" instances of "final" classes
SECURITY.WSC.CKTS - Avoid using cryptographic keys which are too short
SECURITY.WSC.CLI - Inspect instantiations of 'ClassLoader' objects
SECURITY.WSC.CLONE - Make your 'clone()' method "final" for security
SECURITY.WSC.CLO - Do not override any 'ClassLoader' method except 'findClass()'
SECURITY.WSC.CL - Do not define custom class loaders
SECURITY.WSC.CMO - Do not pass mutable objects to 'ObjectOutputStream' in the 'writeObject()' method
SECURITY.WSC.DCSM - Do not define custom 'SecurityManager's
SECURITY.WSC.DNSL - Avoid DNS lookups for decision making
SECURITY.WSC.DSER - Make your classes nondeserializeable
SECURITY.WSC.ENPP - Ensure arguments passed to certain methods come from predefined methods list
SECURITY.WSC.FIMU - Make immutable classes final
SECURITY.WSC.FXMLP - Ensure that Secure Processing is used
SECURITY.WSC.HCCK - Avoid using hard-coded cryptographic keys
SECURITY.WSC.HCCS - Avoid passing hardcoded usernames/passwords/URLs to database connection methods
SECURITY.WSC.ICA - Avoid using insecure algorithms for cryptography
SECURITY.WSC.INIVF - Make immutable classes final
SECURITY.WSC.INNER - Make all member classes "private"
SECURITY.WSC.ISL - Always call 'HttpSession.invalidate()' before 'LoginContext.login()'
SECURITY.WSC.IVR - Avoid non-random "byte[]" when using IvParameterSpec
SECURITY.WSC.MCNC - Make your classes noncloneable
SECURITY.WSC.PACC - Call access control methods to enforce consistency
SECURITY.WSC.PAC - Call authentication methods to enforce consistency
SECURITY.WSC.PAF - Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final"
SECURITY.WSC.PBPSF - Declare subclasses of 'Permission' and 'BasicPermission' "final"
SECURITY.WSC.PPF - Do not allow password fields to be autocompleted
SECURITY.WSC.PPKG - Ensure that all Permissions, PrivilegedActions, and PrivilegedActionExceptions are declared in the same package
SECURITY.WSC.PRMF - Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final"
SECURITY.WSC.PSFC - Do not declare fields as "public" "static" "final" 'Collection' or 'Map' objects
SECURITY.WSC.RDM - Inspect 'Random' objects or 'Math.random()' methods that could indicate areas where malicious code has been placed
SECURITY.WSC.SCF - Enforce 'SecurityManager' checks before setting or getting fields
SECURITY.WSC.SCLONE - Enforce 'SecurityManager' checks in methods of 'Cloneable' classes
SECURITY.WSC.SCSER - Enforce 'SecurityManager' checks in methods of 'Serializable' classes
SECURITY.WSC.SCSM - Ensure 'SecurityManager' check in constructor of "public" non-"final" sensitive type
SECURITY.WSC.SER - Make your classes nonserializeable
SECURITY.WSC.SL - Avoid string literals except in constant declarations and calls to System.out or System.err's 'print' or 'println' methods
SECURITY.WSC.SMSTR - Ensure 'SecurityManager' checks before 'Socket' transfers or retrievals
SECURITY.WSC.SRD - Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()'
SECURITY.WSC.SSM - Ensure that an appropriate security manager is set
SECURITY.WSC.SSP - Do not call 'System.setProperty()' in a web component
SECURITY.WSC.SS - Do not use sockets in web components
SECURITY.WSC.STREP - Use library methods for string replacements of special characters in HTML and XML
SECURITY.WSC.UMAIN - Avoid 'main()' methods because they may allow unauthorized access to classes
SECURITY.WSC.UOSC - Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies
SECURITY.WSC.USC - Use the SSL-enabled version of classes when possible
SECURITY.WSC.UWM - Use wrapper methods instead of calling dangerous or problematic methods directly (custom rule)
SECURITY.WSC.VJFS - Always verify JarFile signatures
SECURITY.WSC.ZOIS - Inspect usage of scripting API
SERIAL.DUID - Create a 'serialVersionUID' for all 'Serializable' classes
SERIAL.ENNAC - Avoid classes that implement 'Externalizable' but do not define a no-argument constructor
SERIAL.EZEE - Implement Externalizable instead of Serializable
SERIAL.FT - Avoid declaring "transient" fields in non-serializable classes
SERIAL.IRX - Avoid re-initializing fields in the 'readExternal()' method of 'Externalizable' classes
SERIAL.MRWD - Ensure the return type of 'readResolve()' and 'writeReplace()' methods are 'java.lang.Object'
SERIAL.NSFSC - Ensure Serializable classes are correct
SERIAL.OC - Ensure outer class is serializable if its inner class is serializable
SERIAL.ROWO - Ensure that the 'readObject()' and 'writeObject()' methods have the correct signature
SERIAL.RRSC - Define a "readResolve" method for all instances of Serializable types
SERIAL.RWAF - Ensure that all fields are assigned by the 'readObject()' method and written by the 'writeObject()' method
SERIAL.SCBNP - Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents
SERIAL.SNNAC - Avoid serializable classes that extend a superclass without a zero-argument constructor
SERIAL.SNSO - Do not store non-serializable objects as HttpSession attributes
SERIAL.SPF - Declare 'serialPersistentFields' "private static final"
SERIAL.SRLZ - Do not declare SerialVersionUID in classes that do not implement Serializable
SERIAL.SROS - Do not declare the 'readObject()' method as "synchronized"
SERVLET.AJDBC - Do not use JDBC code in Servlet classes
SERVLET.BINS - Do not use 'java.beans.Beans.instantiate()'
SERVLET.CETS - Catch all exceptions which may be thrown within Servlet methods
SERVLET.DSN - Avoid multiple '<servlet>' elements with the same '<servlet-name>' in a 'web.xml' file
SERVLET.IF - Do not define instance fields in Servlet classes
SERVLET.LML - Avoid using collections without size limit in servlets
SERVLET.MDC - Declare a "public" constructor that takes no parameters
SERVLET.NMS - Follow a limit for the number of mappings for each servlet in a 'web.xml' file
SERVLET.NSIS - Do not create static variables in a servlet
SERVLET.NSSS - Do not use static variables in servlets without synchronization
SERVLET.SCM - Ensure that all servlets have a corresponding mapping in 'web.xml' files
SERVLET.SDTD - Specify an appropriate schema or DTD file for 'web.xml' files
SERVLET.SOP - Minimize usage of System.out and System.err in Servlets
SERVLET.SSN - Ensure that all '<servlet>' elements contain a single non-empty '<servlet-name>' element in 'web.xml' files
SERVLET.STM - Do not use 'SingleThreadModel' in Servlet classes
SERVLET.SYN - Minimize synchronization in Servlets
SERVLET.UCO - Use a Context Object to manage HTTP request parameters
SPRING.ACARG - Avoid constructor injection
SPRING.ATCFG - Follow configuration class conventions
SPRING.DESC - Use ''description'' tag in configuration file headers
SPRING.IDNAME - Avoid using ''name'' and ''id'' simultaneously
SPRING.IMPORTSRES - Avoid using relative ''../'' path reference to parent files
SPRING.JDBCTEMPLATE - Avoid using native JDBC
SPRING.LOCAL - Use ''local'' property attribute in local scope
SPRING.PREFTYPE - Prefer ''type'' over ''index'' for constructor argument matching
SPRING.PROPLIMIT - Follow convention for bean properties
SPRING.SPRNAM - Use naming conventions for spring beans
SPRING.USEID - Use ids as bean identifiers
STRUTS.ACDA - Avoid accessing a database from Action Classes
STRUTS.ACJC - Avoid accessing a JSP page from Action Classes
STRUTS.AIV - Specify an @input attribute if '<action>' element has validation in 'struts-config.xml' files
STRUTS.AMFB - Specify a '<form-bean>' for each named '<action>' element in 'struts-config.xml' files
STRUTS.APSN - Avoid @prefix, @suffix, and @attribute for unnamed '<action>' elements in 'struts-config.xml'
STRUTS.ARP - Avoid using relative paths for attributes in 'struts-config.xml' files
STRUTS.DFV - Avoid duplicated forms in the 'validation.xml'
STRUTS.DLGF - Avoid local and global forwards with the same name in 'struts-config.xml' files
STRUTS.EV - Ensure validators are enabled in the 'struts-config.xml'
STRUTS.FIELDS - Provide an appropriate getter and setter method for each field in a form bean
STRUTS.FORM - Include only getter and setter methods in form beans
STRUTS.FWD - Specify a non-empty name and path for each '<forward>' element in 'struts-config.xml' files
STRUTS.IACM - Avoid calling methods of Action Classes
STRUTS.INST - Do not declare instance variables in Struts Action classes
STRUTS.MFBSN - Avoid defining multiple form beans with the same name in 'struts-config.xml' files
STRUTS.MLFF - Specify a valid 'maxlength' value for each form field in Struts validation files
STRUTS.MLVP - Use the 'minlength' validator for password fields in 'validation.xml'
STRUTS.NTFB - Specify a name and type for each form bean in 'struts-config.xml' files
STRUTS.PFS - Ensure that the @path attribute of '<action>' and '<forward>' elements begins with '/' in 'struts-config.xml' files
STRUTS.PLUGIN - Ensure Plugins are added in the 'struts-config.xml'
STRUTS.PMAC - Avoid public methods in Action Classes
STRUTS.PTE - Specify a non-empty path and type for each '<exception>' element in 'struts-config.xml' files
STRUTS.RSS - Ensure that the 'scope' attribute is set to either "request" or "session" for actions and exceptions in 'struts-config.xml' files
STRUTS.SCDTD - Use a Struts DTD for validation in 'struts-config.xml' files
STRUTS.STRUTS2.S2DAFV - Avoid duplicated field validators
STRUTS.STRUTS2.S2DVF - Avoid duplicated validation files
STRUTS.STRUTS2.S2DV - Avoid duplicated validators
STRUTS.STRUTS2.S2NA - Ensure each validation file has a corresponding Action
STRUTS.TAFP - Specify a valid 'type' attribute for each '<form-property>' element in 'struts-config.xml' files
STRUTS.VPI - Enable the Struts Validator plug-in in all 'struts-config.xml' files
TRS.AIL - Do not use Atomic variables when always accessed in synchronized manner
TRS.ANF - Do not use 'notify()'; use 'notifyAll()' instead so that all waiting threads will be notified
TRS.ATI - Avoid accidental use of "Thread.interrupted()"
TRS.AUTG - Do not use variables of the unsafe type 'java.lang.ThreadGroup'
TRS.AUTY - Do not use 'Thread.yield()' because it may behave differently under different Virtual Machines
TRS.CDF - Avoid invoking methods using "static" 'Calendar', 'DateFormat', or 'SimpleDateFormat'
TRS.CHM - Use ConcurrentHashMap instead of Hashtable and "synchronizedMap" wrapped HashMap when possible
TRS.CIET - Do not catch InterruptedException except in classes extending Thread
TRS.CLQ - Use ConcurrentLinkedQueue instead of Vector and synchronizedList when possible
TRS.CMA - Avoid compound synchronized collection accesses which violate atomicity
TRS.CSFS - Do not cause deadlocks by calling a "synchronized" method from a "synchronized" method
TRS.CSTART - Do not call the "start" method of threads from inside a constructor
TRS.CTRE - Do not let "this" reference escape during construction
TRS.DCL - Avoid unsafe implementations of the "double-checked locking" pattern
TRS.DOPQ - Do not use DiscardOldestPolicy with PriorityBlockingQueue
TRS.GSD - Do not use "getState" except for debugging purposes
TRS.IASF - Inspect accesses to "static" fields which may require synchronization
TRS.ILI - Make lazy initializations thread-safe
TRS.IMSE - Do not catch 'IllegalMonitorStateException' since this exception likely indicates a design flaw
TRS.IRET - Implement Runnable instead of extending Thread
TRS.IRUN - Do not call the 'run()' method directly on classes extending 'java.lang.Thread' or implementing 'java.lang.Runnable'
TRS.LORD - Ensure that nested locks are ordered correctly
TRS.MRAV - Access related Atomic variables in a synchronized block
TRS.MRUN - Give subclasses of Thread a 'run()' method so they can run as separate threads
TRS.NAME - Ensure threads are named
TRS.NSM - Use "synchronized" blocks instead of making the whole method declaration "synchronized"
TRS.NSYN - Ensure 'wait()', 'notify()' and 'notifyAll()' are invoked on an object that is clearly synchronized in its enclosing method scope
TRS.OSNS - Avoid overriding synchronized methods with non-synchronized methods
TRS.RLF - Release Locks in a "finally" block
TRS.RUN - Use synchronization on methods that implement 'Runnable.run()'
TRS.SCS - Do not synchronize on constant Strings
TRS.SNSM - Do not mix "static" and non-"static" "synchronized" methods
TRS.SOL - Do not perform synchronization using the "synchronized" keyword on implementations of "java.util.concurrent.locks.Lock"
TRS.SOPF - Do not synchronize on "public" fields since doing so may cause deadlocks
TRS.SOUF - Do not synchronize on non-"final" fields since doing so makes it difficult to guarantee mutual exclusion
TRS.SSCI - Manually synchronize on 'synchronized' collections when iterating over them
TRS.SSDF - Synchronize access to "static" SimpleDataFormats
TRS.SSUG - Make the get method for a field synchronized if the set method is synchronized
TRS.STR - Do not perform synchronization nor call semaphore methods on an Object's 'this' reference
TRS.THRD - Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime'
TRS.TSHL - Do not call 'Thread.sleep()' while holding a lock since doing so can cause poor performance and deadlocks
TRS.UACS - Avoid unsynchronized accesses of "Collections.synchronized" wrapped Collections
TRS.UCM - Use unsynchronized Collections/Maps only when safe
TRS.USL - Use the same locking object to access variables
TRS.UT - Do not start a thread without specifying a 'run()' method
TRS.UWIL - Call 'wait()' and 'await()' only inside a loop that tests the liveness condition
TRS.UWNA - Use 'wait()' and 'notifyAll()' instead of polling loops
TRS.WOC - Use the correct method calls on "java.util.concurrent.locks.Condition" objects
TRS.WOS - Do not make the "writeObject()" method synchronized if no other method is synchronized
UC.AAI - Avoid unnecessary modifiers in an "interface"
UC.ACC - Remove commented out Java code
UC.AEEO - Ensure that classes do not explicitly extend 'java.lang.Object'
UC.AESTAT - Avoid empty static and non-static initializers
UC.AMAMI - Do not override "abstract" methods of a parent class with "abstract" methods
UC.ARTD - Avoid redundant throw clauses
UC.AUL - Avoid unused labels
UC.AURCO - Avoid collection objects that are never read
UC.AURV - Avoid local variables that are never read
UC.BCMP - Avoid unnecessary "boolean" comparisons
UC.DIEB - Avoid duplicate code in 'if' branches
UC.DIL - Do not explicitly "import" the java.lang.* "package"
UC.EF - Avoid empty 'finalize()' methods
UC.FCSF - Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method
UC.FMFC - Avoid redundant "final" keywords in method declarations in "final" classes
UC.PF - Avoid unused "private" fields
UC.PIMPORT - Do not import classes from the package that contains the current class
UC.PM - Avoid unused "private" methods
UC.RSKE - Avoid redundant 'static' keywords in enum type declarations
UC.SNE - Avoid empty "synchronized" statements
UC.SO - Avoid methods that only call the overridden implementation (superclass implementation)
UC.UCATCH - Use a caught exception in the "catch" block
UC.UCIF - Avoid unnecessary 'if' statements
UC.UES - Avoid unnecessary "else" statements
UC.UIMPORT - Avoid unused "import" statements
UC.UPC - Avoid unused "private" classes or interfaces
UC.UP - Avoid unused parameters
UC.VR - Avoid unnecessary "return" statement at the end of "void" methods
XML.DLTH - Avoid debug levels which are too high in Tomcat's 'server.xml'
XML.WF - Ensure that XML files are well-formatted