The following rules can be enabled in CQA mode:
BD.API.EQNULL - Make sure implementation of Object.equals(Object) properly handles null values
BD.API.EQREFL - Make sure implementation of Object.equals(Object) is reflexive
BD.CO.ITMOD - Do not modify collection while iterating over it
BD.EXCEPT.NP - Avoid NullPointerException
BD.OPT.INEFCOL - Avoid inefficient removal of Collection elements
BD.OPT.INEFMAPRM - Avoid inefficient removal of Map entries
BD.OPT.INEFMAP - Avoid inefficient iteration over Map entries
BD.PB.ARRAYINP - Avoid unvalidated input in array indexes
BD.PB.ARRAY - Avoid accessing arrays out of bounds
BD.PB.BADSHIFT - Avoid incorrect shift operations
BD.PB.CC - Avoid conditions that always evaluate to the same value
BD.PB.DEREF - Do not check for null after dereferencing
BD.PB.EXCEPT - Always catch exceptions
BD.PB.GETPERM - Method getPermission() is supposed to be invoked when user-defined class loaders are applied
BD.PB.INFREC - Avoid infinite recursion
BD.PB.NOTEXPLINIT - Avoid use before explicit initialization
BD.PB.NOTINITCTOR - Avoid use of fields before initialization in constructors and static initializers
BD.PB.PBIOS - Prevent external processes from blocking on input and output streams
BD.PB.POVR - Avoid overwriting method parameters before each use
BD.PB.RECFUN - Methods shall not call themselves, either directly or indirectly
BD.PB.SBONE - Ensure proper usage of StringBuilder/StringBuffer objects
BD.PB.STRNULL - Do not append null value to strings
BD.PB.SWITCH - Avoid switch with unreachable branches
BD.PB.VOVR - Avoid unused values
BD.PB.ZERO - Avoid division by zero
BD.RES.FREE - Do not use resources that have been freed
BD.RES.LEAKS - Ensure resources are deallocated
BD.SECURITY.BUFEXP - Do not expose data wrapped by a buffer to untrusted code
BD.SECURITY.CANPATH - Path should be standardized before validation
BD.SECURITY.CUSTOM - Prevent security vulnerability (custom rule)
BD.SECURITY.EACM - Encapsulate arguments of dangerous methods with a validation method
BD.SECURITY.PRIVIL - Avoid operating on tainted data in privileged blocks
BD.SECURITY.REMTMP - Remove temporary files before termination
BD.SECURITY.SENS - Prevent exposure of sensitive data
BD.SECURITY.SSSD - Safely serialize sensitive data
BD.SECURITY.TDCMD - Protect against Command injection
BD.SECURITY.TDDIG - Protect against Jakarta Digester injection
BD.SECURITY.TDENV - Protect against Environment injection
BD.SECURITY.TDFILES - Protect against File contents injection
BD.SECURITY.TDFNAMES - Protect against File names injection
BD.SECURITY.TDINPUT - Exclude unsanitized user input from format strings
BD.SECURITY.TDJXPATH - Protect against JXPath injection
BD.SECURITY.TDLDAP - Protect against LDAP injection
BD.SECURITY.TDLIB - Protect against Library injection
BD.SECURITY.TDLOG - Protect against log forging
BD.SECURITY.TDNET - Protect against network resource injection
BD.SECURITY.TDRESP - Protect against HTTP response splitting
BD.SECURITY.TDRFL - Protect against Reflection injection
BD.SECURITY.TDSQL - Protect against SQL injection
BD.SECURITY.TDXML - Protect against XML data injection
BD.SECURITY.TDXPATH - Protect against XPath injection
BD.SECURITY.TDXSS - Protect against XSS vulnerabilities
BD.SECURITY.VPPD - Validate all dangerous data
BD.SECURITY.XMLVAL - Validate untrusted XML using schema or DTD before reading
BD.TRS.DIFCS - Variable should be used in context of single critical section
BD.TRS.DLOCK - Avoid double locking
BD.TRS.LOCK - Do not abandon unreleased locks
BD.TRS.ORDER - Do not acquire locks in different order
BD.TRS.TSHL - Do not use blocking methods while holding a lock
BEAN.BLNC - Use appropriate signatures for listener method names in JavaBean classes
BEAN.EQUALS - Override 'Object.equals()' in JavaBean classes
BEAN.JDBC - Do not use JDBC code in JavaBean classes
BEAN.NFM - Define get and set methods for each instance field
BEAN.SERIALIZABLE - Ensure that JavaBean classes implement 'java.io.Serializable'
CDD.DFI - Avoid duplicated field initialization in constructors
CDD.DUPC - Avoid code duplication
CDD.DUPI - Avoid duplicate import statements
CDD.DUPM - Avoid method duplication
CDD.DUPS - Avoid string literal duplication
CDD.DUPT - Avoid class duplication
CODSTA.BP.ABCL - Avoid "break" and/or "continue" with labels
CODSTA.BP.AMRO - Avoid declaring methods that return 'Object'
CODSTA.BP.ARM - Avoid using reflection methods
CODSTA.BP.ARN - Avoid returning "null" for arrays and certain types
CODSTA.BP.AULS - Avoid label statements
CODSTA.BP.AUML - Avoid using multiple loggers, use logging levels instead
CODSTA.BP.AWRT - Avoid using wildcards in method return types
CODSTA.BP.BLK - Provide a '{}' block for conditional statements
CODSTA.BP.BLOCK - Avoid unnecessary nested blocks
CODSTA.BP.CFNF - Declare fields with uppercase character names as "final"
CODSTA.BP.CMUTA - Avoid 'public' or 'protected' constructors for immutable classes
CODSTA.BP.CONTINUE - Do not use "break" and/or "continue" statements
CODSTA.BP.CS - Place constants on the appropriate side of comparisons
CODSTA.BP.DLSF - Declare loggers as "static final" fields
CODSTA.BP.EXIT - Do not call 'System.exit()'
CODSTA.BP.FPF - Declare all formal parameters as "final"
CODSTA.BP.FQNIC - Reference interface constants with their declaring interface names
CODSTA.BP.HTV - Avoid using 'Hashtable' and 'Vector'
CODSTA.BP.IMPTD - Avoid or enforce usage of '*' form of import statements
CODSTA.BP.NRVA - Avoid passing non-reifiable types to varargs methods
CODSTA.BP.NTX - Avoid declaring methods to throw general or unchecked Exception types
CODSTA.BP.OCMA - Ensure overloaded constructors and methods share the same accessibility
CODSTA.BP.PCF - Ensure that a class which has only "private" constructors is declared as "final"
CODSTA.BP.PPAC - Do not define "public" or "protected" members in anonymous classes
CODSTA.EPC.AFP - Do not make assignments to method parameters
CODSTA.EPC.AGBPT - Avoid conversions from parameterized types to raw types
CODSTA.EPC.CLNC - Do not use constructors in the 'clone()' method
CODSTA.EPC.COMT - Avoid using the conditional operator with mismatched numeric types
CODSTA.EPC.IBS - Use "int" instead of "byte" or "short" and "double" instead of "float" for variable declarations
CODSTA.EPC.MSF - Do not use too many non-"final" "static" fields
CODSTA.EPC.NCAC - Do not call an "abstract" method from a constructor in an "abstract" class
CODSTA.EPC.NCE - Do not catch exception types which are too general or are unchecked exceptions
CODSTA.EPC.NCNFC - Do not call methods that might cause unexpected NullPointerExceptions during constructor execution
CODSTA.EPC.OVERLOAD - Use overloading judiciously
CODSTA.EPC.SCLONE - Call 'super.clone()' in all 'clone()' methods
CODSTA.EPC.STA - Avoid using the same type argument for multiple method arguments
CODSTA.EPC.UST - Use 'StringTokenizer' instead of 'indexOf()' and 'substring()' for String parsing
CODSTA.EPC.WSIM - Do not write to static fields from non-static methods
CODSTA.OIM.AMMO - Do not override non "abstract" methods of a parent class with "abstract" methods
CODSTA.OIM.CLONE2 - Use the 'clone()' method only to implement 'Cloneable' interface
CODSTA.OIM.CLONET - Ensure 'clone()' method of non-final Cloneable class declared to throw 'CloneNotSupportedException'
CODSTA.OIM.CLONE - Declare 'clone() throws CloneNotSupportedException' for Cloneable class
CODSTA.OIM.DVOM - Define a "static" 'valueOf()' method for "enum" types which override 'toString()'
CODSTA.OIM.OTOSM - Override 'toString()'
CODSTA.OIM.OVERRIDE - Override 'Object.hashCode()' when you override 'Object.equals()' and vice versa
CODSTA.OIM.OVOTS - Do not override 'toString()' in enum types
CODSTA.ORG.AMOC - Do not have more than one type in each file
CODSTA.ORG.DCI - Define constants in an "interface"
CODSTA.ORG.DINT - Do not make method calls to internal classes from non-internal classes
CODSTA.ORG.FO - Order class elements appropriately
CODSTA.ORG.IMP - Avoid importing specific classes or packages
CODSTA.ORG.OGM - Organize methods by name
CODSTA.ORG.ORCU - Order compilation unit elements appropriately
CODSTA.ORG.ORFIM - Place 'finalize()' methods between "public" and "protected" methods
CODSTA.ORG.ORIMP - Present "import" statements in alphabetical order
CODSTA.ORG.PML - Place the 'main()' method last
CODSTA.ORG.UNDPN - Ensure all types have a non default package name
CODSTA.POD.ACIAP - Avoid constant interface anti-pattern
CODSTA.POD.ASM - Avoid "static" methods when the declaring class is a parameter type
CODSTA.POD.AUVT - Use less specific types to accomplish loose coupling
CODSTA.POD.CHAIN - Use chain constructors in classes with multiple constructors
CODSTA.POD.CIOC - Avoid chains of "instanceof" comparisons
CODSTA.POD.DCTOR - Define a no argument constructor whenever possible
CODSTA.POD.IASM - Do not access static members indirectly
CODSTA.POD.ISACF - Do not define constants in interfaces
CODSTA.POD.SMC - Avoid "switch" statements with too many or too few "case" statements
CODSTA.POD.UET - Use "enum" types instead of a series of "static final" constants
CODSTA.POD.UPT - Enforce or avoid the use of parameterized types
CODSTA.READ.ABUB - Do not rely on automatic boxing and unboxing of primitive types
CODSTA.READ.ACCS - Do not use complicated conditional expressions in control structures
CODSTA.READ.AEFS - Avoid or enforce usage of enhanced "for" loops
CODSTA.READ.AFD - Access and set fields directly in the declaring type instead of using getter and setter methods
CODSTA.READ.AFQN - Do not use fully qualified type names
CODSTA.READ.AIC - Avoid anonymous inner classes
CODSTA.READ.ANL - Avoid using negative logic in if-else statement
CODSTA.READ.ASIS - Avoid static import statements
CODSTA.READ.AUTS - Avoid unnecessary calls to 'toString()'
CODSTA.READ.CCB - Comment the ends of control structures
CODSTA.READ.CEB - Comment empty blocks
CODSTA.READ.CID - Avoid using increment or decrement operators in nested expressions
CODSTA.READ.CLV - Comment local variables
CODSTA.READ.CTA - Always call 'Collection.toArray()' with an empty constant array argument
CODSTA.READ.CX - Enforce or avoid usage of conditional operators
CODSTA.READ.DOWHILE - Avoid using "do-while" statements
CODSTA.READ.DUN - Do not use too many negation operators '!' in a single method
CODSTA.READ.DVCU - Declare variables as close as possible to where they are used
CODSTA.READ.ECSC - Explicitly call one of the superclass' constructors from all constructors
CODSTA.READ.FF - Declare "private" constant fields "final"
CODSTA.READ.FLV - Declare constant local variables "final"
CODSTA.READ.HBE - Avoid using Hexadecimal binary exponents
CODSTA.READ.LONG - Avoid having a lower-case "l" or the number "1" at the end of a "long" integer constant
CODSTA.READ.MTBS - Minimize "try" block size
CODSTA.READ.MVOS - Do not declare multiple variables in one statement
CODSTA.READ.NEA - Avoid nested assignments or assignments embedded in other expressions
CODSTA.READ.NMUC - Declare never-modified collections as "unmodifiable" for clarity
CODSTA.READ.NSI - Avoid non-static initializers
CODSTA.READ.PCIF - Declare "for" loops with an initializer, conditional, and updater statements
CODSTA.READ.PCTOR - Do not declare "public" constructors in non-public classes
CODSTA.READ.PDBB - Put declarations only at the beginning of blocks
CODSTA.READ.PFL - Enforce use of "for" or "while" loops
CODSTA.READ.SIE - Use 'isEmpty()' for Collections and Maps instead of comparing 'size()' to 0
CODSTA.READ.UATS - Avoid or enforce the use of "this" and "super" expressions
CODSTA.READ.UBL - Avoid create integer values from binary notation using Integer.parseInt() methods
CODSTA.READ.ULIT - Use underscore characters (_) in numerical literal
CODSTA.READ.USN - Avoid literal constants
CODSTA.READ.VDT - Do not declare multiple variables of different types in one statement
CODSTA.READ.VIFS - Limit the number of initialization and update statements in "for" loops
DBC.CPT - Do not include a postcondition saying that "$result!=null" in methods which can return null
DBC.IGM - Provide an '@invariant' contract for all getter methods
DBC.IMNR - Do not invoke a method on a reference that is not guaranteed to be non-null
DBC.IPAN - Include a '@pre != null' tag for each parameter that is dereferenced before being checked for null
DBC.PKGC - Provide an '@invariant' contract for all package-private classes
DBC.PKGMPOST - Provide a '@post' contract for all package-private methods
DBC.PKGMPRE - Provide a '@pre' contract for all package-private methods
DBC.PRIC - Provide an '@invariant' contract for all "private" classes
DBC.PRIMPOST - Provide a '@post' contract for all "private" methods
DBC.PRIMPRE - Provide a '@pre' contract for all "private" methods
DBC.PROC - Provide an '@invariant' contract for all "protected" classes
DBC.PROMPOST - Provide a '@post' contract for all "protected" methods
DBC.PROMPRE - Provide a '@pre' contract for all "protected" methods
DBC.PUBC - Provide an '@invariant' contract for all "public" classes
DBC.PUBMPOST - Provide a '@post' contract for all "public" methods
DBC.PUBMPRE - Provide a '@pre' contract for all "public" methods
DBC.RCC - Avoid rechecking @pre and @post conditions
DBC.SYNTAX - Use correct syntax in the DbC contracts
ECLIPSE.IPMF - Avoid exporting "internal" packages in MANIFEST.MF
ECLIPSE.PCMF - Ensure "Export-Package" and "Provide-Package" match in MANIFEST.MF for Eclipse 3.0 compatibility
ECLIPSE.SMF - Avoid missing "Eclipse-AutoStart" entry in MANIFEST.MF
EJB.ABCS - Do not use Servlet code in EJB classes
EJB.ABFG - Do not use Entity Beans as fine-grained objects
EJB.ACL - Do not access, use, or create a class loader within a bean class
EJB.ADCB - Do not use EJB code in java swing or servlet classes
EJB.AIEBC - Avoid excessive inter-entity bean communication
EJB.AJDBC - Do not use JDBC code inside of EJB classes
EJB.AMSC - Do not access or modify security configuration objects
EJB.AOTO - Avoid one-to-one mapping between session beans and entity beans
EJB.AUS - Do not use sockets in EJBs
EJB.CDP - Declare bean classes "public"
EJB.CNDA - Do not declare bean classes as "abstract"
EJB.CNDF - Do not declare bean classes as "final"
EJB.CRTE - Declare 'ejbCreate()' methods "public", but neither "static" nor "final"
EJB.DPANY - Avoid granting access permission for EJB methods to the 'ANYONE' role
EJB.EJB3.AIA - Avoid ignored or invalid annotations
EJB.EJB3.AISE - Avoid IllegalStateException when using transactions
EJB.EJB3.BMN - Do not start business method names with "ejb"
EJB.EJB3.CMF - Use proper formatting for lifecycle callback methods
EJB.EJB3.CPIM - Call 'InvocationContext.proceed()' from @AroundInvoke methods
EJB.EJB3.EAII - Do not expose @AroundInvoke method in business interface
EJB.EJB3.IDA - Avoid improper use of @Id annotation
EJB.EJB3.IDCS - Ensure @IdClass is Serializable and defines "equals()" and "hashCode()" methods
EJB.EJB3.MDBS - Do not extend other @MessageDriven beans from a @MessageDriven bean
EJB.EJB3.MDML - Ensure @MessageDriven beans specify a MessageListener
EJB.EJB3.MTM - Do not declare multiple "@Timeout" methods
EJB.EJB3.PCUN - Always specify "unitName" with @PersistenceContext
EJB.EJB3.PERMIT - Avoid EJB 3 methods without security annotations
EJB.EJB3.RLI - Do not declare an interface both @Local and @Remote
EJB.EJB3.RMSB - Specify a @Remove method for @Stateful beans
EJB.EJB3.SIVS - Ensure instance variables of @Stateful beans are Serializable
EJB.EJB3.SRBM - Ensure parameters and return type of remote business methods are Serializable
EJB.EJB3.ULI - Access beans through a local interface
EJB.EJBLOAD - Do not call finder methods in the 'ejbLoad()'
EJB.FNDM - Declare finder methods "public" and neither "final" nor "static"
EJB.IECM - Implement one or more 'ejbCreate()' methods in bean classes
EJB.IEPM - Implement one or more 'ejbPostCreate()' methods in EntityBean classes
EJB.JIO - Do not use types from the "java.io" package within bean classes
EJB.LNL - Avoid loading native libraries in a Bean class
EJB.MDBC - Implement a no-argument 'ejbCreate()' method for all Message-driven bean classes
EJB.MEC - Define a matching 'ejbPostCreate()' method for each 'ejbCreate' method in entity bean classes
EJB.MNDF - Do not define 'finalize()' method in bean classes
EJB.MRE - Throw 'java.rmi.RemoteException' in the methods of remote interface and remote home interface
EJB.NFDC - Declare a "public" constructor that takes no parameters in bean classes
EJB.NFS - Declare all "static" fields in EJB bean classes "final"
EJB.PCRTE - Declare 'ejbPostCreate()' "public" and neither "static" nor "final"
EJB.RILH - Do not throw 'java.rmi.RemoteException' in a bean's local interface and local home interface
EJB.RR - Do not declare entity beans as remote
EJB.RTC - Make the return type "void" for SessionBeans or MessageDrivenBeans' 'ejbCreate()' methods
EJB.RTP - Make the return type "void" for the 'ejbPostCreate()' method
EJB.RT - Make finder methods' return type the primary key or a collection of primary keys
EJB.RUH - Reuse EJB homes
EJB.SMSN - Do not set or create a new SecurityManager in EJBs
EJB.STD - Ensure EJB beans include necessary methods and EJB bean and interface classes follow the name format
EJB.TCE - Throw 'javax.ejb.CreateException' in create methods of remote home or local home interfaces
EJB.TFE - Throw 'javax.ejb.FinderException' in finder methods of remote home or local home interfaces
EJB.THISARG - Avoid passing the "this" reference as an argument
EJB.THISRET - Do not return "this"
EJB.THREAD - Avoid starting, stopping, or managing threads in any way in bean classes
EJB.UCIC - Cache reusable JNDI resources to minimize the use of expensive operations
EJB.USF - Use a Session Facade to manage access to entity beans
EJB.UVO - Use Value Objects to reduce the granularity of calls to the server
EXCEPT.AEFC - Do not abuse exceptions as flow control statements
EXCEPT.AIOC - Do not use instanceof in a catch block to check the exception type
EXCEPT.CATO - Catch all "Throwable" objects which may be thrown in the body of certain methods
EXCEPT.CDUPL - Avoid catch clauses with the same content
EXCEPT.CLFIN - Avoid using finally block for closing resource only
EXCEPT.CTE - Always chain thrown exceptions
EXCEPT.EPNFC - Do not throw exceptions from constructors of "public" non-"final" classes
EXCEPT.HCB - Do not hide 'catch' blocks
EXCEPT.IMMEX - Declare all fields of user-defined 'Exception' as "final"
EXCEPT.MTE - Do not declare any thrown exceptions in the 'main()' method
EXCEPT.NCERR - Do not catch the 'java.lang.Error' object
EXCEPT.NCNPE - Do not catch 'NullPointerException'
EXCEPT.NFE - Ensure that the 'parse' methods of the numeric classes do not throw unhandled "NumberFormatExceptions"
EXCEPT.NTERR - Do not throw exception types which are too general or are unchecked exceptions
EXCEPT.NTNPE - Do not throw 'NullPointerException'
EXCEPT.RTERR - Rethrow certain exceptions if they are caught
EXCEPT.TEFEC - Do not throw exceptions from the constructors of exception classes
EXCEPT.TRY - Place "try/catch/finally" blocks outside of loops
EXCEPT.TSCE - Exception messages must meet minimum character requirement
FORMAT.APAREN - Use '()' to separate complex expressions
FORMAT.ASPACE - Ensure proper spacing in array references
FORMAT.ATS - Do not place empty whitespace at the end of a line
FORMAT.BLBC - Put a blank line before each C-style comment
FORMAT.BLCD - Enforce number of blank line(s) before type declarations
FORMAT.BLSIM - Enforce number of blank line(s) to separate "imports" from different packages
FORMAT.CBRACE - Place a closing brace on its own line
FORMAT.CMS - Place a single space character or no space character after type casting
FORMAT.DOT - Do not leave spaces between qualified names and method invocations
FORMAT.DUT - Use spaces instead of tabs (or tabs instead of spaces)
FORMAT.FCB - Enforce the position of '{' brace
FORMAT.FCN - Place the type that has the same name as the file as the first type
FORMAT.IAD - Declare arrays with '[]' brackets after the array type and before the variable name(s)
FORMAT.IND - Enforce number of space(s) for indentation
FORMAT.LL - Limit the maximum length of a line
FORMAT.MO - Enforce the order of annotations and modifiers
FORMAT.MSP - Place a single space character or no space character between a method name and the opening "(" parenthesis
FORMAT.NSAB - Do not place statements on the same line as the '{' opening brace
FORMAT.OSPL - Write one statement per line
FORMAT.SAC - Enforce number of space character(s) after every comma
FORMAT.SAOP - Enforce number of space character(s) on each side of an assignment operator
FORMAT.SAP - Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement
FORMAT.SAS - Enforce number of space character(s) after every semicolon
FORMAT.SAUOP - Enforce number of space character(s) between a prefixed unary operator and its operand
FORMAT.SBOP - Enforce number of space character(s) on each side of a bitwise operator
FORMAT.SBUOP - Enforce number of space character(s) between a postfixed unary operator and its operand
FORMAT.SCOP - Enforce number of space character(s) before and after the "?" conditional operator
FORMAT.SC - Enforce number of space character(s) between a conditional statement and the opening "(" parenthesis
FORMAT.SLOP - Enforce number of space character(s) on each side of a logical operator
FORMAT.SROP - Enforce number of space character(s) on each side of a relational operator
FORMAT.TCOMMA - Avoid or enforce the use of trailing commas in array initializers
FORMAT.TC - Avoid using trailing comments
FORMAT.TE - Use the preferred formatting for conditional expressions
FORMAT.TNL - Make sure all files are terminated with a newline character
FORMAT.U2BL - Enforce number of blank line(s) between major sections
FORMAT.UP - Avoid unnecessary parentheses
GC.AUTP - Do not use unnecessary temporaries when converting primitive types to String
GC.DUD - Avoid using 'Date[]', use 'long[]' instead
GC.FCF - Call 'super.finalize()' from 'finalize()'
GC.FM - Do not use 'finalize()' methods to unregister listeners
GC.GCB - Reuse calls to 'getClipBounds()'
GC.GC - Do not explicitly call 'System.gc()' or 'Runtime.gc()'
GC.IFF - Call 'super.finalize()' in the "finally" block of 'finalize()' methods
GC.MML - Be cautious when calling methods which may cause memory leaks
GC.NCF - Do not call 'finalize()' explicitly
GC.OSTM - Prevent potential memory leaks in ObjectOutputStreams by calling 'reset()'
GC.RCO - Reuse immutable constant objects to conserve memory
GC.STV - Avoid "static" collections or maps; they can grow without bounds
HIBERNATE.CAR - Call 'addClass()' instead of 'addResource()' to add a mapping to a 'Configuration'
HIBERNATE.CHS - Close Hibernate Sessions in "finally" blocks
HIBERNATE.CSF - Close all 'SessionFactory' objects
HIBERNATE.GSIM - Include getter and setter methods and an id field for any object mapped to a column in a database table
HIBERNATE.IDC - Declare a no-argument constructor for Hibernate persistent classes
HIBERNATE.LHII - Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files
HIBERNATE.OHCE - Override the 'equals' and 'hashCode' methods for mapped Hibernate objects
HIBERNATE.PIDS - Declare the setter method for the Hibernate identifier 'private'
HIBERNATE.RBT - Roll back any active transactions in 'catch' blocks
HIBERNATE.SLM - Call 'setLockMode()' before executing a Hibernate Query
HIBERNATE.UGNQ - Use mapped, named HQL queries instead of writing queries in Java code
HIBERNATE.UNP - Use named parameters in HQL queries
HIBERNATE.UPWD - Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files
INIT.AAI - Do not use array initializers
INIT.AULI - Ensure that the "if" check for lazy initialization uses the correct operator
INIT.CLIB - Do not put code other than initialization code in lazy initialization blocks
INIT.DIA - Use diamond to invoke the constructor of a generic class
INIT.IC - Do not use initialization circularities for fields
INIT.LV - Initialize all local variables explicitly at the declaration statement
INIT.NFS - Do not use non-final "static" fields during the initialization
INIT.SFA - Do not initialize "static" "final" variables with non "final" "static" variables
INIT.SF - Use explicit initializations/Do not initialize "static" fields to default values
INIT.SICUI - Do not use a "static" initializer that creates an instance of the current class before all "static final" fields are assigned
INTER.CCL - Provide 'Locale' argument when invoking 'String' conversion methods
INTER.CLO - Do not use single characters with logic operators in an Internationalized environment
INTER.COS - Do not use String concatenation in an Internationalized environment
INTER.CTLC - Do not call 'Character.toLowerCase(char)' or 'Character.toUpperCase(char)' in an internationalized environment
INTER.DTS - Do not call 'toString()' or 'String.valueOf()' on Date objects in an Internationalized environment
INTER.ITT - Isolate translatable text in resource bundles in an Internationalized environment
INTER.NCL - Use "static final" constants for single character literals in an Internationalized environment
INTER.NTS - Do not call 'toString()' or 'String.valueOf()' on numeric values in an Internationalized environment
INTER.PN - Do not call the 'parse' methods of the 'Number' types in an Internationalized environment
INTER.SCT - Do not call 'String.compareTo()' in an Internationalized environment
INTER.SDFL - Provide a 'Locale' argument when instantiating 'SimpleDateFormat' objects
INTER.SEO - Avoid calling methods and constructors which do not allow you to specify a character encoding option
INTER.SE - Do not call 'String.equals()' in an Internationalized environment
INTER.SIO - Do not call 'String.indexOf()' or 'String.lastIndexOf()' in an Internationalized environment
INTER.ST - Do not use 'StringTokenizer' in an Internationalized environment
INTER.TTS - Do not call 'toString()' or 'String.valueOf()' on Time objects in an Internationalized environment
INTER.UNLS - Avoid unnecessary "$NON-NLS" and "NOI18N" comments
JAVADOC.BT - Avoid unsupported '@' tags and other tags that should not be used in Javadoc comments
JAVADOC.CRN - Always include a description of whether or not a method can return null in the Javadoc
JAVADOC.DPMT - Avoid unused Javadoc tags
JAVADOC.ECTF - Enforce custom Javadoc tags for fields
JAVADOC.ECTM - Enforce custom Javadoc tags for methods/annotation member types
JAVADOC.ECTT - Enforce custom Javadoc tags for types
JAVADOC.JNJD - Do not insert non-Javadoc comments between Javadoc comments and declarations
JAVADOC.MAJDT - Use the '@author' Javadoc tag in declaration Javadoc comments
JAVADOC.MDJT - Include a meaningful description in Javadoc tags
JAVADOC.MISFORMAT - Avoid misformatted Javadoc tags
JAVADOC.MRDC - Use the '@return' Javadoc tag in method Javadoc comments
JAVADOC.MVJDT - Use the '@version' tag in type Javadoc comments
JAVADOC.ORDER - Order Javadoc tags appropriately
JAVADOC.PARAM - Use the '@param' Javadoc tag for each parameter of methods
JAVADOC.PJDC - Provide Javadoc comments and descriptions for types
JAVADOC.PJDF - Provide Javadoc comments and descriptions for fields
JAVADOC.PJDM - Provide Javadoc comments and descriptions for methods
JAVADOC.SINGLE - Enforce restraint on number of lines used for Javadoc comments
JAVADOC.SMJT - Use the '@concurrency' Javadoc tag on "synchronized" methods and blocks
JAVADOC.SPELL - Avoid misspelling words in Javadoc comments and string literals
JAVADOC.SRRP - Specify 'RUNTIME' as the retention policy when using the '@Documented' annotation
JAVADOC.THROW - Use the '@throws' or '@exception' Javadoc tag in methods
JAVADOC.TSMJT - Provide a Javadoc comment for 'toString()' methods
JAVADOC.TSOL - Ensure that certain Javadoc tags only span one line
JAVADOC.VMCR - Avoid using the '@return' Javadoc tag on "void" methods
JDBC.BRSA - Ensure index is valid in JDBC method invocation
JDBC.CDBC - Close JDBC connections in "finally" blocks
JDBC.COCO - Close JDBC objects in the correct order
JDBC.DSLV - Reuse data sources for JDBC connections
JDBC.ODBIL - Do not open or close JDBC connections in loops
JDBC.RRWD - Close JDBC resources in "finally" blocks
JDBC.SCSF - Do not store database connection objects in "static" fields
JDBC.UDS - Use javax.sql.DataSource to get the database connection
JDBC.UPSC - Use "PreparedStatements" correctly
JDBC.URSF - Use instance of RowSetFactory to create a RowSet object
JUNIT.AEAT - Use assertEquals instead of assertTrue
JUNIT.AHLOD - Do not hard code the location to data used by a unit test
JUNIT.ANAT - Use assertNull instead of assertTrue when checking null references
JUNIT.ANBA - Avoid negating boolean parameters to assertTrue() or assertFalse()
JUNIT.ASAT - Use assertSame instead of assertTrue when checking reference equality
JUNIT.ASSERT - Include a message string in JUnit assertions
JUNIT.AST - Do not include assertion statements in threads other than the main thread
JUNIT.CBA - Avoid calling 'assert' methods in catch blocks
JUNIT.CSUPER - Call the superclass' 'setUp' and 'tearDown' methods in the 'setUp' and 'tearDown' methods of JUnit test classes
JUNIT.CSUTD - Ensure that 'setUp()' and 'tearDown()' methods are implemented correctly
JUNIT.DIR - Place each test class in the same location as the class that it tests
JUNIT.ETCTA - Avoid extending 'TestCase' in test classes which contain the '@Test' annotation
JUNIT.FAIL - Use the fail() method instead of forcing a failed condition using the assertTrue(false) or assertFalse(true) method
JUNIT.FICB - Do not invoke the 'fail()' method in a 'catch' block in a JUnit test method
JUNIT.ISMTC - Do not implement the 'suite()' method in JUnit test classes
JUNIT.MAIN - Ensure that JUnit classes have a main() allowing them to be executed in isolation
JUNIT.OSIC - Do not use the constructor to set up test cases
JUNIT.OSUM - Override the 'setUp()' method or define a '@Before' method
JUNIT.OTDM - Override the 'tearDown()' method or define an '@After' method
JUNIT.SIA - Ensure JUnit test cases include assertion methods
JUNIT.SIFN - Set all fields which are initialized in the 'setUp()' method to "null" in the 'tearDown()' method
JUNIT.SUITE - Make 'suite()' methods "public" and "static"
JUNIT.TATC - Use '@Test' annotation instead of extending 'TestCase'
JUNIT.TCWNT - Include at least one test method in each 'TestCase' class
JUNIT.TEST - Make sure all methods have at least one JUnit test method
JUNIT.UPJT - Include an appropriate Javadoc tag in the Javadoc for JUnit test methods
JUNIT.UPSS - Use the correct signature for the 'suite()' method in JUnit test classes
METRIC.CBO - Coupling Between Objects
METRIC.CC - McCabe Cyclomatic Complexity
METRIC.CLLOCRIF - Ratio of Comments to Number of Logical Lines in files
METRIC.CLLOCRIM - Ratio of Comments to Number of Logical Lines in methods
METRIC.CLLOCRIT - Ratio of Comments to Number of Logical Lines in types
METRIC.DIF - Nested If Statements
METRIC.ECC - Essential Cyclomatic Complexity
METRIC.FO - Fan Out
METRIC.HDIFM - Halstead Difficulty
METRIC.HEFM - Halstead Effort
METRIC.HICM - Halstead Intelligent Content
METRIC.HLENM - Halstead Program Length
METRIC.HLEVM - Halstead Program Level
METRIC.HNOBM - Halstead Number of Bugs
METRIC.HTTPM - Halstead Time to Program
METRIC.HVOCM - Halstead Program Vocabulary
METRIC.HVOLM - Halstead Program Volume
METRIC.IDOC - Inheritance Depth of Class
METRIC.LCOM - Lack of Cohesion
METRIC.MCC - Modified Cyclomatic Complexity
METRIC.MI - Maintainability Index
METRIC.NBD - Nested Blocks Depth
METRIC.NOBLIF - Number of Blank Lines in Files
METRIC.NOBLIM - Number of Blank Lines in Methods
METRIC.NOBLIT - Number of Blank Lines in Types
METRIC.NOCLIF - Number of Comment Lines in Files
METRIC.NOCLIM - Number of Comment Lines in Methods
METRIC.NOCLIT - Number of Comment Lines in Types
METRIC.NOC - Number of Classes
METRIC.NOF - Number of Files
METRIC.NOLLOCIF - Number of Logical Lines in Files
METRIC.NOLLOCIM - Number of Logical Lines in Methods
METRIC.NOLLOCIT - Number of Logical Lines in Types
METRIC.NOMIT - Number of Methods in Types
METRIC.NOPAR - Number of Parameters of Methods
METRIC.NOPLIF - Number of Physical Lines in Files
METRIC.NOPLIM - Number of Physical Lines in Methods
METRIC.NOPLIT - Number of Physical Lines in Types
METRIC.NOPRIVMIT - Number of Private Members of Types
METRIC.NOPROTMIT - Number of Protected Members of Types
METRIC.NOPUBMIT - Number of Public Members of Types
METRIC.NORET - Number of Returns in Methods
METRIC.NOSLIF - Number of Source Lines in Files
METRIC.NOSLIM - Number of Source Lines in Methods
METRIC.NOSLIT - Number of Source Lines in Types
METRIC.NOT - Number of Types
METRIC.RFC - Response for Class
METRIC.SCC - Strict Cyclomatic Complexity
METRICS.CTNL - DEPRECATED: Number of lines in "class" or "interface"
METRICS.ECLM - DEPRECATED: Number of statement lines in a method
METRICS.ECLT - DEPRECATED: Number of statement lines in a "class" or "interface"
METRICS.ID - DEPRECATED: "class" or "interface" inheritance level
METRICS.NOFT - DEPRECATED: Number of fields
METRICS.NOMCML - DEPRECATED: Number of comment lines in a method
METRICS.NOM - DEPRECATED: Number of methods
METRICS.NOTCML - DEPRECATED: Number of comment lines in a "class" or "interface"
METRICS.NPKGF - DEPRECATED: Number of package-private fields
METRICS.NPKGM - DEPRECATED: Number of package-private methods
METRICS.NPRIF - DEPRECATED: Number of "private" fields
METRICS.NPRIM - DEPRECATED: Number of "private" methods
METRICS.NPROF - DEPRECATED: Number of "protected" fields
METRICS.NPROM - DEPRECATED: Number of "protected" methods
METRICS.NPUBF - DEPRECATED: Number of "public" fields
METRICS.NPUBM - DEPRECATED: Number of "public" methods
METRICS.NSTMT - DEPRECATED: Number of statements in a method
METRICS.PAR - DEPRECATED: Number of parameters
METRICS.PJDC - DEPRECATED: Percentage of Javadoc comments (%)
METRICS.TNLM - DEPRECATED: Number of lines in a method
METRICS.TNMC - DEPRECATED: Number of method calls
METRICS.TRET - DEPRECATED: Number of "return" statements
METRICS.VG - DEPRECATED: Cyclomatic Complexity
METRIC.WMC - Weighted Methods of Class
MOBILE.ACFM - Avoid accessing same fields and methods multiple times
MOBILE.AMA - Avoid using 'getter' and 'setter' methods
MOBILE.ANDROID.AOSM - Always override 'onSaveInstanceState()'
MOBILE.ANDROID.WUP - Make sure that widgets aren't updated too often
MOBILE.APTA - Avoid using array of primtive wrapper objects
MOBILE.AUEF - Avoid using enhanced "for" loop to walk through a "java.lang.Iterable" object
MOBILE.AUI - Avoid declaring "interface" types
MOBILE.DARRAY - Avoid multiple dimension arrays
MOBILE.ENUM - Avoid using enums
MOBILE.FLOATER - Avoid using floats
MOBILE.J2ME.ACII - Do not use anonymous classes as interface implementors
MOBILE.J2ME.ARLL - Do not use an array length in a loop condition expression
MOBILE.J2ME.CIPA - Avoid constant initializations of primitive arrays that exceed a certain size
MOBILE.J2ME.EAOF - Do not access a field excessively
MOBILE.J2ME.EURP - Ensure methods use return parameters instead of returning new objects
MOBILE.J2ME.OOME - Catch 'OutOfMemoryError' for large array allocations
NAMING.ANNS - Follow class name conventions defined for annotations
NAMING.CVN - Use conventional variable names
NAMING.DJLO - Do not declare types with the same name as types in the Java platform
NAMING.DSN - Avoid using dollar signs in names
NAMING.ECN - Ensure class names reflect classes which they extend
NAMING.EXTENDS - Follow class name conventions defined for base classes
NAMING.GETA - Follow a naming convention for getter methods
NAMING.GETB - Follow a naming convention for "boolean" getter methods
NAMING.ID - Avoid using potential Java keywords as identifiers
NAMING.IFV - Use all uppercase letters for the names of fields in an "interface"
NAMING.IMPLS - Follow class name conventions defined for implemented interfaces
NAMING.IRB - Use 'is...' only for naming methods that return a "boolean"
NAMING.LLI - Follow limits for the lengths of type, method, field, parameter, and variable names
NAMING.NACL - Use a naming convention for "abstract" classes
NAMING.NAC - Use a naming convention for array and collection variables
NAMING.NA - Use a naming convention for annotations
NAMING.NCL - Use a naming convention for classes
NAMING.NENUM - Use a naming convention for enum type declarations
NAMING.NE - Use a naming convention for exceptions
NAMING.NFL - Use a naming convention for "final" local variables
NAMING.NIF - Use a naming convention for non-"static" fields
NAMING.NITF - Use a naming convention for interfaces
NAMING.NLV - Use a naming convention for local variables
NAMING.NMP - Use a naming convention for method parameters
NAMING.NM - Use a naming convention for non-"static" methods
NAMING.NPH - Use a naming convention for type parameters
NAMING.NSF - Use a naming convention for non-"final" "static" fields
NAMING.NSM - Use a naming convention for "static" methods
NAMING.NTEST - Use a naming convention for JUnit test classes
NAMING.PKG - Use a naming convention for "package" names
NAMING.RPKG - Do not use a package name that is reserved by Sun
NAMING.SETA - Follow a naming convention for setter methods
NAMING.SINGLETON - Use a naming convention for singleton classes
NAMING.THAC - Use a naming convention for tag handlers and associated classes
NAMING.UHN - Use Hungarian notation for variables
NAMING.USF - Do not use lowercase letters in "final" "static" field names
NAMING.UUVN - Do not use variable names which differ only in case
OOP.ACECC - Do not extend concrete classes in "abstract" classes
OOP.ACST - Avoid casts to types which are more specific than necessary
OOP.AF - Avoid "public"/"protected"/package-private fields
OOP.AHF - Do not hide inherited fields
OOP.AHSM - Do not hide inherited "static" member methods
OOP.AOA - Add the "@Override" annotation to overriding methods
OOP.AOCM - Always override certain methods when extending certain types
OOP.ASFI - Redeclare a class with only "abstract" methods and "static final" fields as an "interface"
OOP.AUASI - Do not implement or extend annotations
OOP.AUO - Do not use an object to access "static" fields or methods
OOP.CIMOM - Do not declare a method in an interface which conflicts with a 'protected' method of 'Object'
OOP.CQS - Ensure methods are either a command(change state) or a query(get state)
OOP.HIF - Do not hide fields and local variables declared in enclosing scopes
OOP.HMF - Do not give method local variables and parameters the same name as class fields
OOP.ICIF - Avoid inner classes in interfaces
OOP.IDOM - Avoid declaring methods inherited from class "Object" in an interface
OOP.IIAC - Avoid implementing interfaces only to access constants
OOP.IIN - Implement interface methods non-trivially or declare them "abstract"
OOP.INSOF - Use "instanceof" only on interfaces
OOP.LEVEL - Avoid more than two levels of nested inner classes
OOP.MFP - Give "finalize()" methods "protected" access
OOP.MI - Avoid interfaces with no fields or methods (marker interfaces)
OOP.MUCOP - Provide mutable classes with copy functionality
OOP.NAM - Avoid "abstract" classes without "abstract" methods
OOP.NOMA - Declare methods in "abstract" classes with empty bodies "abstract"
OOP.NPAC - Do not declare "public" or package-private constructors in "abstract" classes
OOP.OPM - Do not override an instance "private" method
OOP.PIFC - Do not use "protected" access for members of "final" classes
OOP.PMPC - Ensure 'public' classes have at least one 'public' or 'protected' member
OOP.PSDF - Do not declare "private" or "static" methods as "final"
OOP.RI - Do not declare a class as implementing an interface if a superclass already implements that interface
OOP.RSFC - Avoid referencing a class' subclasses from itself
OOP.SNGL - Use a naming convention for singleton classes
OOP.SVHM - Specify which version of potentially ambiguous methods you wish to call for method calls in inner classes
OOP.THRECL - Use getContextClassLoader() instead of getClassLoader()
OPT.AAM - Change non-"private" members to "private" in anonymous classes
OPT.AAS - Use abbreviated assignment operators
OPT.ACDO - Do not use the 'new String(String)' constructor
OPT.AGC - Do not get the 'Class' object through new object instantiation
OPT.ANIPW - Avoid new instantiations of primitive wrapper objects, whose values are cached
OPT.AUMO - Avoid unnecessary Map operations
OPT.BR - Simplify "boolean" returns
OPT.CCR - Close all "java.io.Closeable" resources in a "finally" block
OPT.CEIL - Avoid putting constant expressions inside loops
OPT.CEL - Do not call methods in loop condition statements
OPT.CIO - Close input and output resources in "finally" blocks
OPT.CLL - Check the logging level before calling potentially expensive logging operations
OPT.CPTS - Do not convert a value to a String by concatenating the empty String
OPT.CRSG - Avoid duplicate calls to the "get" methods of "ResultSet"
OPT.CRWD - Close resources as early as possible
OPT.CTLV - Do not use a "private" field that is accessed in only one method; change it to a local variable
OPT.DIC - Define initial capacities for 'ArrayList', 'HashMap', 'HashSet', 'Hashtable', 'Vector' and 'WeakHashMap'
OPT.EES - Use 'String.length() == 0' instead of 'String.equals("")'
OPT.EIC - Use 'equalsIgnoreCase()' instead of calls to 'toLowerCase()' or 'toUpperCase()'
OPT.EOIL - Avoid calling expensive operations in the body of a loop
OPT.ICDPC - When calling "Math.ceil()", do not pass in an integer that has been cast to a floating point type
OPT.ICGA - Avoid accessing members which will require synthetic accessor methods
OPT.ILUG - Do not iterate through Lists using the 'get()' method
OPT.IRB - Use 'System.arraycopy()' instead of using a loop to copy arrays
OPT.ISC - Do not instantiate a class which contains only static fields and methods
OPT.LIOL - Move invariants outside of loops wherever possible
OPT.LOOP - Do not instantiate variables in a loop body
OPT.MAF - Make getter and setter methods for instance fields "final"
OPT.MUNC - Avoid unnecessary comparisons to "null"
OPT.NCIO - Avoid 'null' check before 'instanceof'
OPT.NIVND - Use the 'nextInt()' method to generate a random integer
OPT.NIW - Avoid creating new instances of BigInteger and BigDecimal
OPT.NSF - Declare "final" fields with a known compile time value as "static"
OPT.PCTS - Use 'charAt()' instead of 'startsWith()' for one character comparisons
OPT.PRIM - Do not instantiate the wrapper classes for primitive types
OPT.SBL - Avoid converting StringBuffer or StringBuilder to String to check length
OPT.SBS - Use 'StringBuilder' instead of 'StringBuffer' when synchronization is not required
OPT.SB - Specify an initial 'StringBuffer' capacity
OPT.SDLS - Avoid using synchronized data structures for local variables
OPT.SI - Declare member classes "static" if possible
OPT.SRA - Avoid using 'String.replaceAll()' with literal values
OPT.STCA - Do not call ''String.toCharArray()'' unnecessarily
OPT.STRBUF - Simplify methods that return strings that are always concatenated
OPT.STR - Use single quotes instead of double quotes for single character string concatenation
OPT.STS - Avoid unnecessary calls to 'String' methods
OPT.SWIF - Avoid use of if statements if they can be replaced with switch statements
OPT.SYN - Do not call a synchronized method inside of a loop
OPT.TOARRAY - Use collection size for target array in 'toArray()'
OPT.UEQ - Do not compare boolean variables with "true"
OPT.UISO - Avoid unnecessary "instanceof" evaluations
OPT.UMATH - Do not call the methods from 'java.lang.Math' if the result is a constant which can be easily determined
OPT.UNC - Avoid unnecessary casting
OPT.USB - Use 'StringBuffer' instead of 'String' when concatenating strings
OPT.USCL - Avoid questionable uses of non-short-circuit logic
OPT.USC - Use 'String' instead of 'StringBuffer' for constant strings
OPT.USV - Use 'stack' variables whenever possible
PB.API.AECC - Avoid extending certain classes (custom rule)
PB.API.APPG - Avoid 'put, 'putAll' and 'get' methods of 'java.util.Properties' objects
PB.API.APT - Avoid using certain packages or types
PB.API.CMMT - Ensure that the types passed to "Collection" and "Map" methods match the types in those data structures
PB.API.DANNOT - Add the "@Deprecated" annotation to the declarations of deprecated members
PB.API.DNCSS - Do not call 'setSize()' in 'ComponentListener.componentResized()'
PB.API.DPRAPI - Do not use deprecated APIs
PB.API.ECMC - Do not extend "Collection" and "Map" classes
PB.API.EHM - Do not extend 'java.util.HashMap' or 'java.util.Hashtable'
PB.API.EJF - Do not create an empty JarFile entry or an empty ZipFile entry
PB.API.EQNL - Avoid calling 'equals(null)'
PB.API.HNCN - Do not call the 'next' method from the 'hasNext' method of an Iterator
PB.API.IUMS - Do not use "URL" objects in "Collections" or "Maps"
PB.API.KOEH - Ensure that all types which are used as keys in Sets and Maps override the 'equals()' and 'hashCode()' methods
PB.API.MASP - Assign "protected" accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes
PB.API.MOHK - Avoid using objects with dangerous implementations of 'equals()' or 'hashCode()' as keys in hashed data structures
PB.API.NDC - Do not define direct or indirect subclasses of 'Error' and 'Throwable'
PB.API.OF - Do not overload the 'finalize()' method
PB.API.REP - Avoid using "." as a regular expression in 'String.replaceAll()' and 'String.replaceFirst()'
PB.API.SBCC - Do not pass a 'char' to the 'StringBuffer(int)' constructor
PB.API.UNI - Avoid improper casting of the results of the 'next' methods in the 'java.util.Random' class
PB.API.URL - Avoid using the 'equals()' and 'hashCode()' methods of "java.net.URL"
PB.API.VAFS - Ensure the correct number of arguments for varargs methods with format strings
PB.API.VENDOR - Update values which may be using to compare with vendor properties
PB.CLOSE - Unrestricted lock resource
PB.CUB.ADE - Avoid dangling "else" statements
PB.CUB.AIPQ - Avoid using 'iterator()' with PriorityQueue and PriorityBlockingQueue
PB.CUB.AMCO - Avoid using multiple '!' or '~' unary operators
PB.CUB.APAM - Avoid passing arrays as arguments to methods that take non-array parameters
PB.CUB.ARCF - Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block
PB.CUB.ATSF - Do not exit "finally" blocks abruptly
PB.CUB.AWP - Avoid confusing assignments to constructor arguments
PB.CUB.CILB - Do not put code other than logging code inside logging blocks
PB.CUB.CNVC - Avoid improper concatenation of characters with numbers
PB.CUB.CTOR - Do not call non-"final", non-"static" and non-"private" methods from constructors
PB.CUB.CWRITE - Avoid usage of File.canWrite() method because it may returns true even if directory is not writable
PB.CUB.DCP - Do not use the "+" string concatenation operator to concatenate numbers; use it only to add numbers
PB.CUB.EBI - Avoid erroneously placing statements outside blocks
PB.CUB.EOOM - Avoid errors in overriding methods of "java.lang.Object"
PB.CUB.FLVA - Do not assign loop control variables in the body of a "for" loop
PB.CUB.IMC - Ensure overriding methods are not unintended covariants due to parameter type differences
PB.CUB.IMM - Ensure "static" "final" fields are immutable
PB.CUB.ISF - Inspect "private" "static" fields which may have mistakenly been declared "static"
PB.CUB.MAIN - Use the method name 'main()' only for the entry point method
PB.CUB.OE - Avoid suspicious octal escapes
PB.CUB.OSM - Ensure overloaded methods in superclass are overridden when overriding a method in subclass
PB.CUB.OVAM - Avoid overloading varargs methods
PB.CUB.PSFA - Avoid using "public static final" array fields
PB.CUB.RMO - Avoid referencing mutable fields
PB.CUB.SAC - Do not use "char" arrays in "String" concatenations
PB.CUB.SBC - Do not use a "switch" statement with a bad "case"
PB.CUB.SRAD - Specify @Retention for annotation type declarations
PB.CUB.STRCC - Parenthesize complex expressions in 'print()' or 'println()' statements
PB.CUB.TOCTOU - Avoid Time-of-check Time-of-use (TOCTOU) Race Condition
PB.CUB.TOS - Avoid invoking 'toString()' on array variables
PB.CUB.TVOM - Avoid type variable parameters when calling overloaded methods
PB.CUB.UEIC - Do not use '==' or '!=' to compare objects
PB.EAR - Ensure that non-"void" methods have a return value other than empty arrays and "null"
PB.LOGIC.AIL - Avoid infinite loops
PB.LOGIC.AMOI - Avoid using the wrong index variable to access an array or List element
PB.LOGIC.AOBO - Avoid off-by-one errors in loop conditions
PB.LOGIC.AULV - Avoid loop variables which are not used in the condition of the loop
PB.LOGIC.CPI - Do not check whether the result of "String.indexOf()" is positive or non-positive
PB.LOGIC.CRRV - Check the return value of methods which read or skip input
PB.LOGIC.DJNCR - Do not discard the result of a call to "readLine()" after checking that the return value is non-null
PB.LOGIC.EQLC - Use 'getClass()' or "instanceof" within 'equals()' and 'compareTo()' method implementations
PB.LOGIC.EQUS - Do not call 'equals()' methods that always return false
PB.LOGIC.ESO - Avoid calling 'equals()' with same object
PB.LOGIC.FLRC - Avoid infinite recursive method calls
PB.LOGIC.INDEX - Avoid bugs in the usage of loop variables
PB.LOGIC.JI - Do not increment or decrement on the same variable over multiple nested "for" loop statements
PB.LOGIC.LLM - Ensure that the logging level checked matches the level of the called logging method
PB.LOGIC.OAMC - Ensure that the objects used within a loop's condition are properly accessed within the loop's body
PB.LOGIC.OOR - Avoid out of range comparisons
PB.LOGIC.ROM - Make sure that methods are invoked on the correct object
PB.LOGIC.SG - Ensure get/set methods are accessing the correct variables
PB.NAECS - Include a 'case' statement for each constant of an 'enum' type in 'switch' statements
PB.NUM.AIC - Avoid implicit casts from integer data types to floating point data types
PB.NUM.BBDCC - Do not pass floating point values to the 'BigDecimal' constructor
PB.NUM.BSA - Do not use an integer outside the range of [0, 31] as the amount of a shift
PB.NUM.CACO - Avoid using compound assignment operators in cases which may cause overflow
PB.NUM.CLP - Do not cast primitive data types to lower precision
PB.NUM.CMP - Don't use subtraction in this method
PB.NUM.DCF - Do not compare floating point types
PB.NUM.FPLI - Do not use floating point variables as loop indices
PB.NUM.ICO - Avoid calculations which result in overflow or NaN
PB.NUM.IDCD - Do not assign the result of an integer division to a floating point variable
PB.NUM.IMOF - Avoid casting the result of an integer multiplication to "long"
PB.NUM.IOF - Use unsigned right shift instead of division when overflow is possible
PB.NUM.NAN - Avoid comparisons to Double.NaN or Float.NaN
PB.NUM.NIA - Do not initialize array dimensions with negative numbers
PB.NUM.UBD - Do not use "float" and "double" if exact answers are required
PB.NUM.UCM - Avoid passing integer values to 'Math.round()'
PB.OCSF - Ensure that exactly one type has the same name as the file name
PB.PCSF - Ensure that the type that has the same name as the file is declared "public"
PB.PDCL - Place "default" as the last case of the "switch" statement
PB.PDS - Provide "default:" for each "switch" statement
PB.RE.ACTI - Do not add a collection to itself
PB.RE.AMFSL - Avoid modifying fixed-size Collections
PB.RE.AQA - Avoid calling the 'add()' method of a Queue
PB.RE.ASE - Avoid possible ArrayStoreExceptions
PB.RE.CAI - Always check parameters before use in array access
PB.RE.CIOR - Check the return value of calls to 'String.indexOf()' before passing this value to other "String" methods
PB.RE.CTNSE - Ensure 'Iterator.next()' method implementations throw 'NoSuchElementException'
PB.RE.IDRL - Check whether or not "readLine()" returned null before dereferencing the return value
PB.RE.IIAE - Make sure the IllegalArgumentException message matches the code logic
PB.RE.IOSS - Use the "fromIndex" argument of 'indexOf()' when necessary
PB.RE.ISEM - Do not call 'String.equals(constant)' or 'String.equalsIgnoreCase(constant)'
PB.RE.JLAY - Avoid using methods add() from JLayer class
PB.RE.NCMD - Ensure that dereferenced variables match variables which were previously checked for "null"
PB.RE.NXRE - Do not define direct or indirect subclasses of 'RuntimeException'
PB.RE.PNPD - Avoid dereferencing null objects
PB.RE.RCODE - When used HttpURLConnection always check return value from the getResponseCode() methods before call getInputStream()
PB.RE.VRNULL - Avoid methods returning "null" value
PB.TYPO.AECB - Avoid "try", "catch" and "finally" blocks with empty bodies
PB.TYPO.ASI - Avoid assignment within a condition
PB.TYPO.BW - Avoid unnecessary self computation
PB.TYPO.CSI - Ensure that the correct "super" method is invoked
PB.TYPO.DAV - Avoid assigning same variable in the fall-through switch case
PB.TYPO.EB - Avoid control statements with empty bodies
PB.TYPO.IMO - Ensure the overriding method name does not have a typo
PB.TYPO.NAMING - Do not give methods and fields the same name as the enclosing class or each other
PB.TYPO.RSK - Avoid having more than one "getter" or "setter" method for the same field
PB.TYPO.TLS - Ensure "switch" statements do not contain typos
PB.TYPO.UOL - Do not use octal integer literals
PB.TYPO.WT - Ensure that arguments passed to Java wrapper classes do not contain typos
PB.USC.AES - Avoid empty statements
PB.USC.CC - Avoid conditional expressions that always evaluate to a constant value
PB.USC.EC - Avoid empty classes
PB.USC.EPC - Do not define empty "public" constructors in classes with no other constructors
PB.USC.NACC - Avoid classes with no accessible members
PB.USC.NASSIG - Ensure method and constructor return values are used
PB.USC.OI - Avoid increment and decrement statements which have no effect
PB.USC.RTE - Do not catch exceptions only to rethrow them
PB.USC.SAFL - Avoid self assignments/initializations to fields and/or local variables
PB.USC.UIF - Avoid unreachable "else if" and "else" cases
PB.USC.UNARY - Do not use the unary operator '+'
PORT.CTSP - Avoid calling 'Thread.setPriority()'
PORT.DNHCP - Do not hard code an absolute pathname when calling a constructor from the 'File' class
PORT.ENV - Do not use the non-portable 'System.getenv()' method
PORT.EXEC - Do not use 'Runtime.exec()'
PORT.HCNA - Do not hard-code IP addresses and port numbers
PORT.LNSP - Do not hard code '\n' or '\r' as a line separator
PORT.NATV - Do not use user-defined "native" methods
PORT.PEER - Do not use "java.awt.peer.*" interfaces directly
PORT.PSC - Use "File.pathSeparator" or "File.pathSeparatorChar" instead of the corresponding literals
PROPS.BSPV - Avoid adding extra white spaces to the end of property values
PROPS.DUPN - Avoid duplicated property names
PROPS.DUPV - Avoid duplicated property values
PROPS.EMN - Avoid empty property names
PROPS.EMV - Avoid empty property values
PROPS.EQOP - Always use the '=' operator
PROPS.FM - Follow the limit for number of property entries
PROPS.HCLS - Avoid hard-coded line separators in property values
PROPS.IARG - Avoid misusing arguments in property values
PROPS.ICK - Avoid incomplete property entries
PROPS.IVCC - Avoid misusing the line continuation character '\'
PROPS.MENTRY - Avoid unmatched property entries in resources with different locales
PROPS.MLN - Avoid splitting property names into multiple lines
PROPS.NAME - Use a naming convention for property names
PROPS.PLAIN - Password information should not be included in properties file in plaintext
PROPS.SPELL - Avoid misspelling words in comments and property values
PROPS.TENTRY - Ensure that property entries are localized correctly
SECURITY.BV.ACL - Do not access the class loader in a web component
SECURITY.BV.ADT - Inspect usage of 'Date', 'Time' objects and 'System.currentTimeMillis()' method invocations
SECURITY.BV.AUG - Inspect usage of 'getName()' from 'java.lang.Class' object
SECURITY.BV.CQRO - Use "read-only" AccessMode for Castor queries
SECURITY.BV.DSSM - Do not set custom security managers outside of the 'main' method
SECURITY.BV.ENFL - Ensure all sensitive method invocations are logged
SECURITY.BV.NSF - Do not call 'Socket.setSocketImplFactory()' or 'URL.setURLStreamHandlerFactory()' in a web component
SECURITY.BV.PCFM - Wrap "privileged" method invocations in "final" methods
SECURITY.BV.PCPM - Wrap "privileged" method invocations in "private" methods
SECURITY.BV.PDLC - Avoid using dynamically loaded classes in "privileged" code blocks
SECURITY.BV.SYSP - Do not access or set System properties
SECURITY.DRC.THR - Do not use threads in web components
SECURITY.EAB.ACWC - Avoid calling specified methods from web components and EJBs
SECURITY.EAB.AWT - Do not use AWT classes in Web components
SECURITY.EAB.CBA - Do not pass byte arrays to ObjectOutputStream in the 'writeObject()' method
SECURITY.EAB.CMP - Do not compare Class objects by name
SECURITY.EAB.CPCL - Enforce returning a defensive copy in 'clone()' methods
SECURITY.EAB.JVM - Do not stop the JVM in a web component
SECURITY.EAB.LDP - Limit the number of "AccessController.doPrivileged" calls per class
SECURITY.EAB.MPT - Do not pass user-given mutable objects directly to certain types
SECURITY.EAB.OROM - Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes
SECURITY.EAB.PCL - Limit the number of lines in "privileged" code blocks
SECURITY.EAB.SF - Do not declare "static" fields in web components
SECURITY.EAB.SIS - Do not change the input streams of 'java.lang.System' in a web component
SECURITY.EAB.SMO - Do not store user-given mutable objects directly into variables
SECURITY.EAB.SPFF - Inspect 'static' fields which may have intended to be declared 'static final'
SECURITY.ESD.ACW - Avoid writing to Consoles
SECURITY.ESD.CONSEN - Do not log confidential or sensitive information
SECURITY.ESD.CSD - Clear sensitive data after use
SECURITY.ESD.PEO - Do not pass exception messages into output in order to prevent the application from leaking sensitive information
SECURITY.ESD.PLC - Avoid storing sensitive data in plaintext in a cookie
SECURITY.ESD.RA - Avoid methods that might expose internal representations by returning arrays or other mutable fields
SECURITY.ESD.SDM - Store sensitive data in mutable objects
SECURITY.ESD.SIF - Inspect instance fields of serializable objects to make sure they will not expose sensitive information
SECURITY.ESD.SIO - Avoid calling print methods of 'System.err' or 'System.out'
SECURITY.ESD.SNFD - Do not expose data with a 'FileNotFound' exception
SECURITY.ESD.SPI - Do not interrogate or modify security policy information in a web component
SECURITY.ESD.TFP - Declare "transient" fields "private"
SECURITY.ESD.TSPF - Avoid "transient" fields in serialPersistentFields array
SECURITY.ESD.UPCT - Use 'post' instead of 'get' for credential transfers
SECURITY.IBA.AEAF - Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm'
SECURITY.IBA.ATF - Avoid temporary files
SECURITY.IBA.AUSS - Avoid using "SELECT *" in SQL queries
SECURITY.IBA.CDBV - Canonicalize all data before validation
SECURITY.IBA.CSVFV - Always call 'super.validate()' from validation methods in 'ActionForm' classes
SECURITY.IBA.EDPM - Encapsulate constructor arguments with a validation function
SECURITY.IBA.NATIW - Use wrapper methods to secure native methods
SECURITY.IBA.UPS - Use 'prepareCall' or 'prepareStatement' instead of 'createStatement'
SECURITY.IBA.VRD - Encapsulate all redirect and forward URLs with a validation function
SECURITY.IBA.XPIJ - Avoid XPath injection when evaluating XPath queries
SECURITY.UEC.ADS - Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files
SECURITY.UEC.AELQ - Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files
SECURITY.UEC.DSL - Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files
SECURITY.UEC.DSR - Avoid defining multiple security roles with the same name in 'web.xml' files
SECURITY.UEC.EDAR - Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files
SECURITY.UEC.FMCD - Ensure that each filter mapped in a 'web.xml' file has a corresponding definition
SECURITY.UEC.HTTPS - Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files
SECURITY.UEC.ISOS - Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files
SECURITY.UEC.LCA - Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files
SECURITY.UEC.PCCF - Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files
SECURITY.UEC.PTPT - Avoid using plain text passwords in Axis 'wsdd' files
SECURITY.UEC.PWDPROP - Ensure that passwords are not stored as plaintext and are sufficiently long
SECURITY.UEC.PWDXML - Ensure that passwords are not stored as plaintext and are sufficiently long
SECURITY.UEC.RAJ - Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files
SECURITY.UEC.REST - Ensure that "REST" is disabled in 'axis2.xml' configuration files
SECURITY.UEC.SDAR - Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files
SECURITY.UEC.SEP - Always specify error pages in web.xml
SECURITY.UEC.SLID - Ensure Session-ID Length is sufficient
SECURITY.UEC.SMM - Avoid using the SOAP Monitor module
SECURITY.UEC.SRCD - Ensure that each security role referenced in a 'web.xml' file has a corresponding definition
SECURITY.UEC.TDAR - Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files
SECURITY.UEC.UDC - Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files
SECURITY.UEC.UTAX - Avoid using plain text passwords in Axis2 configuration files
SECURITY.UEC.WCMC - Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCMI - Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCMT - Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCMWS - Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCPWD - Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WCUTS - Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files
SECURITY.UEC.WELC - Ensure all web content directories have a "welcome file"
SECURITY.UEC.WMC - Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WMI - Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WMT - Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WMWS - Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WPWD - Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEC.WSS - Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files
SECURITY.UEC.WUTS - Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files
SECURITY.UEHL.LGE - Ensure all exceptions are either logged with a standard logger or rethrown
SECURITY.WSC.ACDP - Avoid using anonymous "privileged" classes when invoking "AccessController.doPrivileged()"
SECURITY.WSC.ACPST - Do not call the 'printStackTrace()' method of "Throwable" objects
SECURITY.WSC.AHCA - Avoid hard-coding the arguments to certain methods
SECURITY.WSC.AMA - Avoid constructors and overriding methods which are more accessible than those of their super classes
SECURITY.WSC.APIBS - Inspect usage of standard API calls that bypass security
SECURITY.WSC.ARXML - Avoid turning raw text into xml
SECURITY.WSC.ASAPI - Inspect usage of scripting API
SECURITY.WSC.AUIC - Do not use inner classes
SECURITY.WSC.BP - Allow only certain providers to be specified for the 'Security.addProvider()' method
SECURITY.WSC.CACM - Keep all access control methods centralized to enforce consistency
SECURITY.WSC.CAM - Keep all authentication methods centralized to enforce consistency
SECURITY.WSC.CAP - Always clone array parameters which are stored to fields
SECURITY.WSC.CFM - Only call "final" methods from specified code blocks in non-"final" classes
SECURITY.WSC.CIFC - Only "clone()" instances of "final" classes
SECURITY.WSC.CKTS - Avoid using cryptographic keys which are too short
SECURITY.WSC.CLI - Inspect instantiations of 'ClassLoader' objects
SECURITY.WSC.CLONE - Make your 'clone()' method "final" for security
SECURITY.WSC.CLO - Do not override any 'ClassLoader' method except 'findClass()'
SECURITY.WSC.CL - Do not define custom class loaders
SECURITY.WSC.CMO - Do not pass mutable objects to 'ObjectOutputStream' in the 'writeObject()' method
SECURITY.WSC.DCSM - Do not define custom 'SecurityManager's
SECURITY.WSC.DNSL - Avoid DNS lookups for decision making
SECURITY.WSC.DSER - Make your classes nondeserializeable
SECURITY.WSC.ENPP - Ensure arguments passed to certain methods come from predefined methods list
SECURITY.WSC.FIMU - Make immutable classes final
SECURITY.WSC.FXMLP - Ensure that Secure Processing is used
SECURITY.WSC.HCCK - Avoid using hard-coded cryptographic keys
SECURITY.WSC.HCCS - Avoid passing hardcoded usernames/passwords/URLs to database connection methods
SECURITY.WSC.ICA - Avoid using insecure algorithms for cryptography
SECURITY.WSC.INIVF - Make immutable classes final
SECURITY.WSC.INNER - Make all member classes "private"
SECURITY.WSC.ISL - Always call 'HttpSession.invalidate()' before 'LoginContext.login()'
SECURITY.WSC.IVR - Avoid non-random "byte[]" when using IvParameterSpec
SECURITY.WSC.MCNC - Make your classes noncloneable
SECURITY.WSC.PACC - Call access control methods to enforce consistency
SECURITY.WSC.PAC - Call authentication methods to enforce consistency
SECURITY.WSC.PAF - Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final"
SECURITY.WSC.PBPSF - Declare subclasses of 'Permission' and 'BasicPermission' "final"
SECURITY.WSC.PPF - Do not allow password fields to be autocompleted
SECURITY.WSC.PPKG - Ensure that all Permissions, PrivilegedActions, and PrivilegedActionExceptions are declared in the same package
SECURITY.WSC.PRMF - Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final"
SECURITY.WSC.PSFC - Do not declare fields as "public" "static" "final" 'Collection' or 'Map' objects
SECURITY.WSC.RDM - Inspect 'Random' objects or 'Math.random()' methods that could indicate areas where malicious code has been placed
SECURITY.WSC.SCF - Enforce 'SecurityManager' checks before setting or getting fields
SECURITY.WSC.SCLONE - Enforce 'SecurityManager' checks in methods of 'Cloneable' classes
SECURITY.WSC.SCSER - Enforce 'SecurityManager' checks in methods of 'Serializable' classes
SECURITY.WSC.SCSM - Ensure 'SecurityManager' check in constructor of "public" non-"final" sensitive type
SECURITY.WSC.SER - Make your classes nonserializeable
SECURITY.WSC.SL - Avoid string literals except in constant declarations and calls to System.out or System.err's 'print' or 'println' methods
SECURITY.WSC.SMSTR - Ensure 'SecurityManager' checks before 'Socket' transfers or retrievals
SECURITY.WSC.SRD - Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()'
SECURITY.WSC.SSM - Ensure that an appropriate security manager is set
SECURITY.WSC.SSP - Do not call 'System.setProperty()' in a web component
SECURITY.WSC.SS - Do not use sockets in web components
SECURITY.WSC.STREP - Use library methods for string replacements of special characters in HTML and XML
SECURITY.WSC.UMAIN - Avoid 'main()' methods because they may allow unauthorized access to classes
SECURITY.WSC.UOSC - Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies
SECURITY.WSC.USC - Use the SSL-enabled version of classes when possible
SECURITY.WSC.UWM - Use wrapper methods instead of calling dangerous or problematic methods directly (custom rule)
SECURITY.WSC.VJFS - Always verify JarFile signatures
SECURITY.WSC.ZOIS - Inspect usage of scripting API
SERIAL.DUID - Create a 'serialVersionUID' for all 'Serializable' classes
SERIAL.ENNAC - Avoid classes that implement 'Externalizable' but do not define a no-argument constructor
SERIAL.EZEE - Implement Externalizable instead of Serializable
SERIAL.FT - Avoid declaring "transient" fields in non-serializable classes
SERIAL.IRX - Avoid re-initializing fields in the 'readExternal()' method of 'Externalizable' classes
SERIAL.MRWD - Ensure the return type of 'readResolve()' and 'writeReplace()' methods are 'java.lang.Object'
SERIAL.NSFSC - Ensure Serializable classes are correct
SERIAL.OC - Ensure outer class is serializable if its inner class is serializable
SERIAL.ROWO - Ensure that the 'readObject()' and 'writeObject()' methods have the correct signature
SERIAL.RRSC - Define a "readResolve" method for all instances of Serializable types
SERIAL.RWAF - Ensure that all fields are assigned by the 'readObject()' method and written by the 'writeObject()' method
SERIAL.SCBNP - Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents
SERIAL.SNNAC - Avoid serializable classes that extend a superclass without a zero-argument constructor
SERIAL.SNSO - Do not store non-serializable objects as HttpSession attributes
SERIAL.SPF - Declare 'serialPersistentFields' "private static final"
SERIAL.SRLZ - Do not declare SerialVersionUID in classes that do not implement Serializable
SERIAL.SROS - Do not declare the 'readObject()' method as "synchronized"
SERVLET.AJDBC - Do not use JDBC code in Servlet classes
SERVLET.BINS - Do not use 'java.beans.Beans.instantiate()'
SERVLET.CETS - Catch all exceptions which may be thrown within Servlet methods
SERVLET.DSN - Avoid multiple '<servlet>' elements with the same '<servlet-name>' in a 'web.xml' file
SERVLET.IF - Do not define instance fields in Servlet classes
SERVLET.LML - Avoid using collections without size limit in servlets
SERVLET.MDC - Declare a "public" constructor that takes no parameters
SERVLET.NMS - Follow a limit for the number of mappings for each servlet in a 'web.xml' file
SERVLET.NSIS - Do not create static variables in a servlet
SERVLET.NSSS - Do not use static variables in servlets without synchronization
SERVLET.SCM - Ensure that all servlets have a corresponding mapping in 'web.xml' files
SERVLET.SDTD - Specify an appropriate schema or DTD file for 'web.xml' files
SERVLET.SOP - Minimize usage of System.out and System.err in Servlets
SERVLET.SSN - Ensure that all '<servlet>' elements contain a single non-empty '<servlet-name>' element in 'web.xml' files
SERVLET.STM - Do not use 'SingleThreadModel' in Servlet classes
SERVLET.SYN - Minimize synchronization in Servlets
SERVLET.UCO - Use a Context Object to manage HTTP request parameters
SPRING.ACARG - Avoid constructor injection
SPRING.ATCFG - Follow configuration class conventions
SPRING.DESC - Use ''description'' tag in configuration file headers
SPRING.IDNAME - Avoid using ''name'' and ''id'' simultaneously
SPRING.IMPORTSRES - Avoid using relative ''../'' path reference to parent files
SPRING.JDBCTEMPLATE - Avoid using native JDBC
SPRING.LOCAL - Use ''local'' property attribute in local scope
SPRING.PREFTYPE - Prefer ''type'' over ''index'' for constructor argument matching
SPRING.PROPLIMIT - Follow convention for bean properties
SPRING.SPRNAM - Use naming conventions for spring beans
SPRING.USEID - Use ids as bean identifiers
STRUTS.ACDA - Avoid accessing a database from Action Classes
STRUTS.ACJC - Avoid accessing a JSP page from Action Classes
STRUTS.AIV - Specify an @input attribute if '<action>' element has validation in 'struts-config.xml' files
STRUTS.AMFB - Specify a '<form-bean>' for each named '<action>' element in 'struts-config.xml' files
STRUTS.APSN - Avoid @prefix, @suffix, and @attribute for unnamed '<action>' elements in 'struts-config.xml'
STRUTS.ARP - Avoid using relative paths for attributes in 'struts-config.xml' files
STRUTS.DFV - Avoid duplicated forms in the 'validation.xml'
STRUTS.DLGF - Avoid local and global forwards with the same name in 'struts-config.xml' files
STRUTS.EV - Ensure validators are enabled in the 'struts-config.xml'
STRUTS.FIELDS - Provide an appropriate getter and setter method for each field in a form bean
STRUTS.FORM - Include only getter and setter methods in form beans
STRUTS.FWD - Specify a non-empty name and path for each '<forward>' element in 'struts-config.xml' files
STRUTS.IACM - Avoid calling methods of Action Classes
STRUTS.INST - Do not declare instance variables in Struts Action classes
STRUTS.MFBSN - Avoid defining multiple form beans with the same name in 'struts-config.xml' files
STRUTS.MLFF - Specify a valid 'maxlength' value for each form field in Struts validation files
STRUTS.MLVP - Use the 'minlength' validator for password fields in 'validation.xml'
STRUTS.NTFB - Specify a name and type for each form bean in 'struts-config.xml' files
STRUTS.PFS - Ensure that the @path attribute of '<action>' and '<forward>' elements begins with '/' in 'struts-config.xml' files
STRUTS.PLUGIN - Ensure Plugins are added in the 'struts-config.xml'
STRUTS.PMAC - Avoid public methods in Action Classes
STRUTS.PTE - Specify a non-empty path and type for each '<exception>' element in 'struts-config.xml' files
STRUTS.RSS - Ensure that the 'scope' attribute is set to either "request" or "session" for actions and exceptions in 'struts-config.xml' files
STRUTS.SCDTD - Use a Struts DTD for validation in 'struts-config.xml' files
STRUTS.STRUTS2.S2DAFV - Avoid duplicated field validators
STRUTS.STRUTS2.S2DVF - Avoid duplicated validation files
STRUTS.STRUTS2.S2DV - Avoid duplicated validators
STRUTS.STRUTS2.S2NA - Ensure each validation file has a corresponding Action
STRUTS.TAFP - Specify a valid 'type' attribute for each '<form-property>' element in 'struts-config.xml' files
STRUTS.VPI - Enable the Struts Validator plug-in in all 'struts-config.xml' files
TRS.AIL - Do not use Atomic variables when always accessed in synchronized manner
TRS.ANF - Do not use 'notify()'; use 'notifyAll()' instead so that all waiting threads will be notified
TRS.ATI - Avoid accidental use of "Thread.interrupted()"
TRS.AUTG - Do not use variables of the unsafe type 'java.lang.ThreadGroup'
TRS.AUTY - Do not use 'Thread.yield()' because it may behave differently under different Virtual Machines
TRS.CDF - Avoid invoking methods using "static" 'Calendar', 'DateFormat', or 'SimpleDateFormat'
TRS.CHM - Use ConcurrentHashMap instead of Hashtable and "synchronizedMap" wrapped HashMap when possible
TRS.CIET - Do not catch InterruptedException except in classes extending Thread
TRS.CLQ - Use ConcurrentLinkedQueue instead of Vector and synchronizedList when possible
TRS.CMA - Avoid compound synchronized collection accesses which violate atomicity
TRS.CSFS - Do not cause deadlocks by calling a "synchronized" method from a "synchronized" method
TRS.CSTART - Do not call the "start" method of threads from inside a constructor
TRS.CTRE - Do not let "this" reference escape during construction
TRS.DCL - Avoid unsafe implementations of the "double-checked locking" pattern
TRS.DOPQ - Do not use DiscardOldestPolicy with PriorityBlockingQueue
TRS.GSD - Do not use "getState" except for debugging purposes
TRS.IASF - Inspect accesses to "static" fields which may require synchronization
TRS.ILI - Make lazy initializations thread-safe
TRS.IMSE - Do not catch 'IllegalMonitorStateException' since this exception likely indicates a design flaw
TRS.IRET - Implement Runnable instead of extending Thread
TRS.IRUN - Do not call the 'run()' method directly on classes extending 'java.lang.Thread' or implementing 'java.lang.Runnable'
TRS.LORD - Ensure that nested locks are ordered correctly
TRS.MRAV - Access related Atomic variables in a synchronized block
TRS.MRUN - Give subclasses of Thread a 'run()' method so they can run as separate threads
TRS.NAME - Ensure threads are named
TRS.NSM - Use "synchronized" blocks instead of making the whole method declaration "synchronized"
TRS.NSYN - Ensure 'wait()', 'notify()' and 'notifyAll()' are invoked on an object that is clearly synchronized in its enclosing method scope
TRS.OSNS - Avoid overriding synchronized methods with non-synchronized methods
TRS.RLF - Release Locks in a "finally" block
TRS.RUN - Use synchronization on methods that implement 'Runnable.run()'
TRS.SCS - Do not synchronize on constant Strings
TRS.SNSM - Do not mix "static" and non-"static" "synchronized" methods
TRS.SOL - Do not perform synchronization using the "synchronized" keyword on implementations of "java.util.concurrent.locks.Lock"
TRS.SOPF - Do not synchronize on "public" fields since doing so may cause deadlocks
TRS.SOUF - Do not synchronize on non-"final" fields since doing so makes it difficult to guarantee mutual exclusion
TRS.SSCI - Manually synchronize on 'synchronized' collections when iterating over them
TRS.SSDF - Synchronize access to "static" SimpleDataFormats
TRS.SSUG - Make the get method for a field synchronized if the set method is synchronized
TRS.STR - Do not perform synchronization nor call semaphore methods on an Object's 'this' reference
TRS.THRD - Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime'
TRS.TSHL - Do not call 'Thread.sleep()' while holding a lock since doing so can cause poor performance and deadlocks
TRS.UACS - Avoid unsynchronized accesses of "Collections.synchronized" wrapped Collections
TRS.UCM - Use unsynchronized Collections/Maps only when safe
TRS.USL - Use the same locking object to access variables
TRS.UT - Do not start a thread without specifying a 'run()' method
TRS.UWIL - Call 'wait()' and 'await()' only inside a loop that tests the liveness condition
TRS.UWNA - Use 'wait()' and 'notifyAll()' instead of polling loops
TRS.WOC - Use the correct method calls on "java.util.concurrent.locks.Condition" objects
TRS.WOS - Do not make the "writeObject()" method synchronized if no other method is synchronized
UC.AAI - Avoid unnecessary modifiers in an "interface"
UC.ACC - Remove commented out Java code
UC.AEEO - Ensure that classes do not explicitly extend 'java.lang.Object'
UC.AESTAT - Avoid empty static and non-static initializers
UC.AMAMI - Do not override "abstract" methods of a parent class with "abstract" methods
UC.ARTD - Avoid redundant throw clauses
UC.AUL - Avoid unused labels
UC.AURCO - Avoid collection objects that are never read
UC.AURV - Avoid local variables that are never read
UC.BCMP - Avoid unnecessary "boolean" comparisons
UC.DIEB - Avoid duplicate code in 'if' branches
UC.DIL - Do not explicitly "import" the java.lang.* "package"
UC.EF - Avoid empty 'finalize()' methods
UC.FCSF - Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method
UC.FMFC - Avoid redundant "final" keywords in method declarations in "final" classes
UC.PF - Avoid unused "private" fields
UC.PIMPORT - Do not import classes from the package that contains the current class
UC.PM - Avoid unused "private" methods
UC.RSKE - Avoid redundant 'static' keywords in enum type declarations
UC.SNE - Avoid empty "synchronized" statements
UC.SO - Avoid methods that only call the overridden implementation (superclass implementation)
UC.UCATCH - Use a caught exception in the "catch" block
UC.UCIF - Avoid unnecessary 'if' statements
UC.UES - Avoid unnecessary "else" statements
UC.UIMPORT - Avoid unused "import" statements
UC.UPC - Avoid unused "private" classes or interfaces
UC.UP - Avoid unused parameters
UC.VR - Avoid unnecessary "return" statement at the end of "void" methods
XML.DLTH - Avoid debug levels which are too high in Tomcat's 'server.xml'
XML.WF - Ensure that XML files are well-formatted
30 Comments
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous