BD.API.EQNULL - Make sure implementation of Object.equals(Object) properly handles null values BD.API.EQREFL - Make sure implementation of Object.equals(Object) is reflexive BD.CO.ITMOD - Do not modify collection while iterating over it BD.EXCEPT.NP - Avoid NullPointerException BD.OPT.INEFCOL - Avoid inefficient removal of Collection elements BD.OPT.INEFMAPRM - Avoid inefficient removal of Map entries BD.OPT.INEFMAP - Avoid inefficient iteration over Map entries BD.PB.ARRAYINP - Avoid unvalidated input in array indexes BD.PB.ARRAY - Avoid accessing arrays out of bounds BD.PB.BADSHIFT - Avoid incorrect shift operations BD.PB.CC - Avoid conditions that always evaluate to the same value BD.PB.DEREF - Do not check for null after dereferencing BD.PB.EXCEPT - Always catch exceptions BD.PB.GETPERM - Method getPermission() is supposed to be invoked when user-defined class loaders are applied BD.PB.INFREC - Avoid infinite recursion BD.PB.NOTEXPLINIT - Avoid use before explicit initialization BD.PB.NOTINITCTOR - Avoid use of fields before initialization in constructors and static initializers BD.PB.PBIOS - Prevent external processes from blocking on input and output streams BD.PB.POVR - Avoid overwriting method parameters before each use BD.PB.RECFUN - Methods shall not call themselves, either directly or indirectly BD.PB.SBONE - Ensure proper usage of StringBuilder/StringBuffer objects BD.PB.STRNULL - Do not append null value to strings BD.PB.SWITCH - Avoid switch with unreachable branches BD.PB.VOVR - Avoid unused values BD.PB.ZERO - Avoid division by zero BD.RES.FREE - Do not use resources that have been freed BD.RES.LEAKS - Ensure resources are deallocated BD.SECURITY.BUFEXP - Do not expose data wrapped by a buffer to untrusted code BD.SECURITY.CANPATH - Path should be standardized before validation BD.SECURITY.CUSTOM - Prevent security vulnerability (custom rule) BD.SECURITY.EACM - Encapsulate arguments of dangerous methods with a validation method BD.SECURITY.PRIVIL - Avoid operating on tainted data in privileged blocks BD.SECURITY.REMTMP - Remove temporary files before termination BD.SECURITY.SENS - Prevent exposure of sensitive data BD.SECURITY.SSSD - Safely serialize sensitive data BD.SECURITY.TDCMD - Protect against Command injection BD.SECURITY.TDDIG - Protect against Jakarta Digester injection BD.SECURITY.TDENV - Protect against Environment injection BD.SECURITY.TDFILES - Protect against File contents injection BD.SECURITY.TDFNAMES - Protect against File names injection BD.SECURITY.TDINPUT - Exclude unsanitized user input from format strings BD.SECURITY.TDJXPATH - Protect against JXPath injection BD.SECURITY.TDLDAP - Protect against LDAP injection BD.SECURITY.TDLIB - Protect against Library injection BD.SECURITY.TDLOG - Protect against log forging BD.SECURITY.TDNET - Protect against network resource injection BD.SECURITY.TDRESP - Protect against HTTP response splitting BD.SECURITY.TDRFL - Protect against Reflection injection BD.SECURITY.TDSQL - Protect against SQL injection BD.SECURITY.TDXML - Protect against XML data injection BD.SECURITY.TDXPATH - Protect against XPath injection BD.SECURITY.TDXSS - Protect against XSS vulnerabilities BD.SECURITY.VPPD - Validate all dangerous data BD.SECURITY.XMLVAL - Validate untrusted XML using schema or DTD before reading BD.TRS.DIFCS - Variable should be used in context of single critical section BD.TRS.DLOCK - Avoid double locking BD.TRS.LOCK - Do not abandon unreleased locks BD.TRS.ORDER - Do not acquire locks in different order BD.TRS.TSHL - Do not use blocking methods while holding a lock BEAN.BLNC - Use appropriate signatures for listener method names in JavaBean classes BEAN.EQUALS - Override 'Object.equals()' in JavaBean classes BEAN.JDBC - Do not use JDBC code in JavaBean classes BEAN.NFM - Define get and set methods for each instance field BEAN.SERIALIZABLE - Ensure that JavaBean classes implement 'java.io.Serializable' CDD.DFI - Avoid duplicated field initialization in constructors CDD.DUPC - Avoid code duplication CDD.DUPI - Avoid duplicate import statements CDD.DUPM - Avoid method duplication CDD.DUPS - Avoid string literal duplication CDD.DUPT - Avoid class duplication CODSTA.BP.ABCL - Avoid "break" and/or "continue" with labels CODSTA.BP.AMRO - Avoid declaring methods that return 'Object' CODSTA.BP.ARM - Avoid using reflection methods CODSTA.BP.ARN - Avoid returning "null" for arrays and certain types CODSTA.BP.AULS - Avoid label statements CODSTA.BP.AUML - Avoid using multiple loggers, use logging levels instead CODSTA.BP.AWRT - Avoid using wildcards in method return types CODSTA.BP.BLK - Provide a '{}' block for conditional statements CODSTA.BP.BLOCK - Avoid unnecessary nested blocks CODSTA.BP.CFNF - Declare fields with uppercase character names as "final" CODSTA.BP.CMUTA - Avoid 'public' or 'protected' constructors for immutable classes CODSTA.BP.CONTINUE - Do not use "break" and/or "continue" statements CODSTA.BP.CS - Place constants on the appropriate side of comparisons CODSTA.BP.DLSF - Declare loggers as "static final" fields CODSTA.BP.EXIT - Do not call 'System.exit()' CODSTA.BP.FPF - Declare all formal parameters as "final" CODSTA.BP.FQNIC - Reference interface constants with their declaring interface names CODSTA.BP.HTV - Avoid using 'Hashtable' and 'Vector' CODSTA.BP.IMPTD - Avoid or enforce usage of '*' form of import statements CODSTA.BP.NRVA - Avoid passing non-reifiable types to varargs methods CODSTA.BP.NTX - Avoid declaring methods to throw general or unchecked Exception types CODSTA.BP.OCMA - Ensure overloaded constructors and methods share the same accessibility CODSTA.BP.PCF - Ensure that a class which has only "private" constructors is declared as "final" CODSTA.BP.PPAC - Do not define "public" or "protected" members in anonymous classes CODSTA.EPC.AFP - Do not make assignments to method parameters CODSTA.EPC.AGBPT - Avoid conversions from parameterized types to raw types CODSTA.EPC.CLNC - Do not use constructors in the 'clone()' method CODSTA.EPC.COMT - Avoid using the conditional operator with mismatched numeric types CODSTA.EPC.IBS - Use "int" instead of "byte" or "short" and "double" instead of "float" for variable declarations CODSTA.EPC.MSF - Do not use too many non-"final" "static" fields CODSTA.EPC.NCAC - Do not call an "abstract" method from a constructor in an "abstract" class CODSTA.EPC.NCE - Do not catch exception types which are too general or are unchecked exceptions CODSTA.EPC.NCNFC - Do not call methods that might cause unexpected NullPointerExceptions during constructor execution CODSTA.EPC.OVERLOAD - Use overloading judiciously CODSTA.EPC.SCLONE - Call 'super.clone()' in all 'clone()' methods CODSTA.EPC.STA - Avoid using the same type argument for multiple method arguments CODSTA.EPC.UST - Use 'StringTokenizer' instead of 'indexOf()' and 'substring()' for String parsing CODSTA.EPC.WSIM - Do not write to static fields from non-static methods CODSTA.OIM.AMMO - Do not override non "abstract" methods of a parent class with "abstract" methods CODSTA.OIM.CLONE2 - Use the 'clone()' method only to implement 'Cloneable' interface CODSTA.OIM.CLONET - Ensure 'clone()' method of non-final Cloneable class declared to throw 'CloneNotSupportedException' CODSTA.OIM.CLONE - Declare 'clone() throws CloneNotSupportedException' for Cloneable class CODSTA.OIM.DVOM - Define a "static" 'valueOf()' method for "enum" types which override 'toString()' CODSTA.OIM.OTOSM - Override 'toString()' CODSTA.OIM.OVERRIDE - Override 'Object.hashCode()' when you override 'Object.equals()' and vice versa CODSTA.OIM.OVOTS - Do not override 'toString()' in enum types CODSTA.ORG.AMOC - Do not have more than one type in each file CODSTA.ORG.DCI - Define constants in an "interface" CODSTA.ORG.DINT - Do not make method calls to internal classes from non-internal classes CODSTA.ORG.FO - Order class elements appropriately CODSTA.ORG.IMP - Avoid importing specific classes or packages CODSTA.ORG.OGM - Organize methods by name CODSTA.ORG.ORCU - Order compilation unit elements appropriately CODSTA.ORG.ORFIM - Place 'finalize()' methods between "public" and "protected" methods CODSTA.ORG.ORIMP - Present "import" statements in alphabetical order CODSTA.ORG.PML - Place the 'main()' method last CODSTA.ORG.UNDPN - Ensure all types have a non default package name CODSTA.POD.ACIAP - Avoid constant interface anti-pattern CODSTA.POD.ASM - Avoid "static" methods when the declaring class is a parameter type CODSTA.POD.AUVT - Use less specific types to accomplish loose coupling CODSTA.POD.CHAIN - Use chain constructors in classes with multiple constructors CODSTA.POD.CIOC - Avoid chains of "instanceof" comparisons CODSTA.POD.DCTOR - Define a no argument constructor whenever possible CODSTA.POD.IASM - Do not access static members indirectly CODSTA.POD.ISACF - Do not define constants in interfaces CODSTA.POD.SMC - Avoid "switch" statements with too many or too few "case" statements CODSTA.POD.UET - Use "enum" types instead of a series of "static final" constants CODSTA.POD.UPT - Enforce or avoid the use of parameterized types CODSTA.READ.ABUB - Do not rely on automatic boxing and unboxing of primitive types CODSTA.READ.ACCS - Do not use complicated conditional expressions in control structures CODSTA.READ.AEFS - Avoid or enforce usage of enhanced "for" loops CODSTA.READ.AFD - Access and set fields directly in the declaring type instead of using getter and setter methods CODSTA.READ.AFQN - Do not use fully qualified type names CODSTA.READ.AIC - Avoid anonymous inner classes CODSTA.READ.ANL - Avoid using negative logic in if-else statement CODSTA.READ.ASIS - Avoid static import statements CODSTA.READ.AUTS - Avoid unnecessary calls to 'toString()' CODSTA.READ.CCB - Comment the ends of control structures CODSTA.READ.CEB - Comment empty blocks CODSTA.READ.CID - Avoid using increment or decrement operators in nested expressions CODSTA.READ.CLV - Comment local variables CODSTA.READ.CTA - Always call 'Collection.toArray()' with an empty constant array argument CODSTA.READ.CX - Enforce or avoid usage of conditional operators CODSTA.READ.DOWHILE - Avoid using "do-while" statements CODSTA.READ.DUN - Do not use too many negation operators '!' in a single method CODSTA.READ.DVCU - Declare variables as close as possible to where they are used CODSTA.READ.ECSC - Explicitly call one of the superclass' constructors from all constructors CODSTA.READ.FF - Declare "private" constant fields "final" CODSTA.READ.FLV - Declare constant local variables "final" CODSTA.READ.HBE - Avoid using Hexadecimal binary exponents CODSTA.READ.LONG - Avoid having a lower-case "l" or the number "1" at the end of a "long" integer constant CODSTA.READ.MTBS - Minimize "try" block size CODSTA.READ.MVOS - Do not declare multiple variables in one statement CODSTA.READ.NEA - Avoid nested assignments or assignments embedded in other expressions CODSTA.READ.NMUC - Declare never-modified collections as "unmodifiable" for clarity CODSTA.READ.NSI - Avoid non-static initializers CODSTA.READ.PCIF - Declare "for" loops with an initializer, conditional, and updater statements CODSTA.READ.PCTOR - Do not declare "public" constructors in non-public classes CODSTA.READ.PDBB - Put declarations only at the beginning of blocks CODSTA.READ.PFL - Enforce use of "for" or "while" loops CODSTA.READ.SIE - Use 'isEmpty()' for Collections and Maps instead of comparing 'size()' to 0 CODSTA.READ.UATS - Avoid or enforce the use of "this" and "super" expressions CODSTA.READ.UBL - Avoid create integer values from binary notation using Integer.parseInt() methods CODSTA.READ.ULIT - Use underscore characters (_) in numerical literal CODSTA.READ.USN - Avoid literal constants CODSTA.READ.VDT - Do not declare multiple variables of different types in one statement CODSTA.READ.VIFS - Limit the number of initialization and update statements in "for" loops DBC.CPT - Do not include a postcondition saying that "$result!=null" in methods which can return null DBC.IGM - Provide an '@invariant' contract for all getter methods DBC.IMNR - Do not invoke a method on a reference that is not guaranteed to be non-null DBC.IPAN - Include a '@pre != null' tag for each parameter that is dereferenced before being checked for null DBC.PKGC - Provide an '@invariant' contract for all package-private classes DBC.PKGMPOST - Provide a '@post' contract for all package-private methods DBC.PKGMPRE - Provide a '@pre' contract for all package-private methods DBC.PRIC - Provide an '@invariant' contract for all "private" classes DBC.PRIMPOST - Provide a '@post' contract for all "private" methods DBC.PRIMPRE - Provide a '@pre' contract for all "private" methods DBC.PROC - Provide an '@invariant' contract for all "protected" classes DBC.PROMPOST - Provide a '@post' contract for all "protected" methods DBC.PROMPRE - Provide a '@pre' contract for all "protected" methods DBC.PUBC - Provide an '@invariant' contract for all "public" classes DBC.PUBMPOST - Provide a '@post' contract for all "public" methods DBC.PUBMPRE - Provide a '@pre' contract for all "public" methods DBC.RCC - Avoid rechecking @pre and @post conditions DBC.SYNTAX - Use correct syntax in the DbC contracts ECLIPSE.IPMF - Avoid exporting "internal" packages in MANIFEST.MF ECLIPSE.PCMF - Ensure "Export-Package" and "Provide-Package" match in MANIFEST.MF for Eclipse 3.0 compatibility ECLIPSE.SMF - Avoid missing "Eclipse-AutoStart" entry in MANIFEST.MF EJB.ABCS - Do not use Servlet code in EJB classes EJB.ABFG - Do not use Entity Beans as fine-grained objects EJB.ACL - Do not access, use, or create a class loader within a bean class EJB.ADCB - Do not use EJB code in java swing or servlet classes EJB.AIEBC - Avoid excessive inter-entity bean communication EJB.AJDBC - Do not use JDBC code inside of EJB classes EJB.AMSC - Do not access or modify security configuration objects EJB.AOTO - Avoid one-to-one mapping between session beans and entity beans EJB.AUS - Do not use sockets in EJBs EJB.CDP - Declare bean classes "public" EJB.CNDA - Do not declare bean classes as "abstract" EJB.CNDF - Do not declare bean classes as "final" EJB.CRTE - Declare 'ejbCreate()' methods "public", but neither "static" nor "final" EJB.DPANY - Avoid granting access permission for EJB methods to the 'ANYONE' role EJB.EJB3.AIA - Avoid ignored or invalid annotations EJB.EJB3.AISE - Avoid IllegalStateException when using transactions EJB.EJB3.BMN - Do not start business method names with "ejb" EJB.EJB3.CMF - Use proper formatting for lifecycle callback methods EJB.EJB3.CPIM - Call 'InvocationContext.proceed()' from @AroundInvoke methods EJB.EJB3.EAII - Do not expose @AroundInvoke method in business interface EJB.EJB3.IDA - Avoid improper use of @Id annotation EJB.EJB3.IDCS - Ensure @IdClass is Serializable and defines "equals()" and "hashCode()" methods EJB.EJB3.MDBS - Do not extend other @MessageDriven beans from a @MessageDriven bean EJB.EJB3.MDML - Ensure @MessageDriven beans specify a MessageListener EJB.EJB3.MTM - Do not declare multiple "@Timeout" methods EJB.EJB3.PCUN - Always specify "unitName" with @PersistenceContext EJB.EJB3.PERMIT - Avoid EJB 3 methods without security annotations EJB.EJB3.RLI - Do not declare an interface both @Local and @Remote EJB.EJB3.RMSB - Specify a @Remove method for @Stateful beans EJB.EJB3.SIVS - Ensure instance variables of @Stateful beans are Serializable EJB.EJB3.SRBM - Ensure parameters and return type of remote business methods are Serializable EJB.EJB3.ULI - Access beans through a local interface EJB.EJBLOAD - Do not call finder methods in the 'ejbLoad()' EJB.FNDM - Declare finder methods "public" and neither "final" nor "static" EJB.IECM - Implement one or more 'ejbCreate()' methods in bean classes EJB.IEPM - Implement one or more 'ejbPostCreate()' methods in EntityBean classes EJB.JIO - Do not use types from the "java.io" package within bean classes EJB.LNL - Avoid loading native libraries in a Bean class EJB.MDBC - Implement a no-argument 'ejbCreate()' method for all Message-driven bean classes EJB.MEC - Define a matching 'ejbPostCreate()' method for each 'ejbCreate' method in entity bean classes EJB.MNDF - Do not define 'finalize()' method in bean classes EJB.MRE - Throw 'java.rmi.RemoteException' in the methods of remote interface and remote home interface EJB.NFDC - Declare a "public" constructor that takes no parameters in bean classes EJB.NFS - Declare all "static" fields in EJB bean classes "final" EJB.PCRTE - Declare 'ejbPostCreate()' "public" and neither "static" nor "final" EJB.RILH - Do not throw 'java.rmi.RemoteException' in a bean's local interface and local home interface EJB.RR - Do not declare entity beans as remote EJB.RTC - Make the return type "void" for SessionBeans or MessageDrivenBeans' 'ejbCreate()' methods EJB.RTP - Make the return type "void" for the 'ejbPostCreate()' method EJB.RT - Make finder methods' return type the primary key or a collection of primary keys EJB.RUH - Reuse EJB homes EJB.SMSN - Do not set or create a new SecurityManager in EJBs EJB.STD - Ensure EJB beans include necessary methods and EJB bean and interface classes follow the name format EJB.TCE - Throw 'javax.ejb.CreateException' in create methods of remote home or local home interfaces EJB.TFE - Throw 'javax.ejb.FinderException' in finder methods of remote home or local home interfaces EJB.THISARG - Avoid passing the "this" reference as an argument EJB.THISRET - Do not return "this" EJB.THREAD - Avoid starting, stopping, or managing threads in any way in bean classes EJB.UCIC - Cache reusable JNDI resources to minimize the use of expensive operations EJB.USF - Use a Session Facade to manage access to entity beans EJB.UVO - Use Value Objects to reduce the granularity of calls to the server EXCEPT.AEFC - Do not abuse exceptions as flow control statements EXCEPT.AIOC - Do not use instanceof in a catch block to check the exception type EXCEPT.CATO - Catch all "Throwable" objects which may be thrown in the body of certain methods EXCEPT.CDUPL - Avoid catch clauses with the same content EXCEPT.CLFIN - Avoid using finally block for closing resource only EXCEPT.CTE - Always chain thrown exceptions EXCEPT.EPNFC - Do not throw exceptions from constructors of "public" non-"final" classes EXCEPT.HCB - Do not hide 'catch' blocks EXCEPT.IMMEX - Declare all fields of user-defined 'Exception' as "final" EXCEPT.MTE - Do not declare any thrown exceptions in the 'main()' method EXCEPT.NCERR - Do not catch the 'java.lang.Error' object EXCEPT.NCNPE - Do not catch 'NullPointerException' EXCEPT.NFE - Ensure that the 'parse' methods of the numeric classes do not throw unhandled "NumberFormatExceptions" EXCEPT.NTERR - Do not throw exception types which are too general or are unchecked exceptions EXCEPT.NTNPE - Do not throw 'NullPointerException' EXCEPT.RTERR - Rethrow certain exceptions if they are caught EXCEPT.TEFEC - Do not throw exceptions from the constructors of exception classes EXCEPT.TRY - Place "try/catch/finally" blocks outside of loops EXCEPT.TSCE - Exception messages must meet minimum character requirement FORMAT.APAREN - Use '()' to separate complex expressions FORMAT.ASPACE - Ensure proper spacing in array references FORMAT.ATS - Do not place empty whitespace at the end of a line FORMAT.BLBC - Put a blank line before each C-style comment FORMAT.BLCD - Enforce number of blank line(s) before type declarations FORMAT.BLSIM - Enforce number of blank line(s) to separate "imports" from different packages FORMAT.CBRACE - Place a closing brace on its own line FORMAT.CMS - Place a single space character or no space character after type casting FORMAT.DOT - Do not leave spaces between qualified names and method invocations FORMAT.DUT - Use spaces instead of tabs (or tabs instead of spaces) FORMAT.FCB - Enforce the position of '{' brace FORMAT.FCN - Place the type that has the same name as the file as the first type FORMAT.IAD - Declare arrays with '[]' brackets after the array type and before the variable name(s) FORMAT.IND - Enforce number of space(s) for indentation FORMAT.LL - Limit the maximum length of a line FORMAT.MO - Enforce the order of annotations and modifiers FORMAT.MSP - Place a single space character or no space character between a method name and the opening "(" parenthesis FORMAT.NSAB - Do not place statements on the same line as the '{' opening brace FORMAT.OSPL - Write one statement per line FORMAT.SAC - Enforce number of space character(s) after every comma FORMAT.SAOP - Enforce number of space character(s) on each side of an assignment operator FORMAT.SAP - Enforce number of space character(s) after the opening parenthesis "(" of a conditional statement FORMAT.SAS - Enforce number of space character(s) after every semicolon FORMAT.SAUOP - Enforce number of space character(s) between a prefixed unary operator and its operand FORMAT.SBOP - Enforce number of space character(s) on each side of a bitwise operator FORMAT.SBUOP - Enforce number of space character(s) between a postfixed unary operator and its operand FORMAT.SCOP - Enforce number of space character(s) before and after the "?" conditional operator FORMAT.SC - Enforce number of space character(s) between a conditional statement and the opening "(" parenthesis FORMAT.SLOP - Enforce number of space character(s) on each side of a logical operator FORMAT.SROP - Enforce number of space character(s) on each side of a relational operator FORMAT.TCOMMA - Avoid or enforce the use of trailing commas in array initializers FORMAT.TC - Avoid using trailing comments FORMAT.TE - Use the preferred formatting for conditional expressions FORMAT.TNL - Make sure all files are terminated with a newline character FORMAT.U2BL - Enforce number of blank line(s) between major sections FORMAT.UP - Avoid unnecessary parentheses GC.AUTP - Do not use unnecessary temporaries when converting primitive types to String GC.DUD - Avoid using 'Date[]', use 'long[]' instead GC.FCF - Call 'super.finalize()' from 'finalize()' GC.FM - Do not use 'finalize()' methods to unregister listeners GC.GCB - Reuse calls to 'getClipBounds()' GC.GC - Do not explicitly call 'System.gc()' or 'Runtime.gc()' GC.IFF - Call 'super.finalize()' in the "finally" block of 'finalize()' methods GC.MML - Be cautious when calling methods which may cause memory leaks GC.NCF - Do not call 'finalize()' explicitly GC.OSTM - Prevent potential memory leaks in ObjectOutputStreams by calling 'reset()' GC.RCO - Reuse immutable constant objects to conserve memory GC.STV - Avoid "static" collections or maps; they can grow without bounds HIBERNATE.CAR - Call 'addClass()' instead of 'addResource()' to add a mapping to a 'Configuration' HIBERNATE.CHS - Close Hibernate Sessions in "finally" blocks HIBERNATE.CSF - Close all 'SessionFactory' objects HIBERNATE.GSIM - Include getter and setter methods and an id field for any object mapped to a column in a database table HIBERNATE.IDC - Declare a no-argument constructor for Hibernate persistent classes HIBERNATE.LHII - Avoid logging sensitive Hibernate-related information at the 'info' level in 'log4j.properties' files HIBERNATE.OHCE - Override the 'equals' and 'hashCode' methods for mapped Hibernate objects HIBERNATE.PIDS - Declare the setter method for the Hibernate identifier 'private' HIBERNATE.RBT - Roll back any active transactions in 'catch' blocks HIBERNATE.SLM - Call 'setLockMode()' before executing a Hibernate Query HIBERNATE.UGNQ - Use mapped, named HQL queries instead of writing queries in Java code HIBERNATE.UNP - Use named parameters in HQL queries HIBERNATE.UPWD - Avoid storing unencrypted Hibernate usernames and passwords in 'web.xml' files INIT.AAI - Do not use array initializers INIT.AULI - Ensure that the "if" check for lazy initialization uses the correct operator INIT.CLIB - Do not put code other than initialization code in lazy initialization blocks INIT.DIA - Use diamond to invoke the constructor of a generic class INIT.IC - Do not use initialization circularities for fields INIT.LV - Initialize all local variables explicitly at the declaration statement INIT.NFS - Do not use non-final "static" fields during the initialization INIT.SFA - Do not initialize "static" "final" variables with non "final" "static" variables INIT.SF - Use explicit initializations/Do not initialize "static" fields to default values INIT.SICUI - Do not use a "static" initializer that creates an instance of the current class before all "static final" fields are assigned INTER.CCL - Provide 'Locale' argument when invoking 'String' conversion methods INTER.CLO - Do not use single characters with logic operators in an Internationalized environment INTER.COS - Do not use String concatenation in an Internationalized environment INTER.CTLC - Do not call 'Character.toLowerCase(char)' or 'Character.toUpperCase(char)' in an internationalized environment INTER.DTS - Do not call 'toString()' or 'String.valueOf()' on Date objects in an Internationalized environment INTER.ITT - Isolate translatable text in resource bundles in an Internationalized environment INTER.NCL - Use "static final" constants for single character literals in an Internationalized environment INTER.NTS - Do not call 'toString()' or 'String.valueOf()' on numeric values in an Internationalized environment INTER.PN - Do not call the 'parse' methods of the 'Number' types in an Internationalized environment INTER.SCT - Do not call 'String.compareTo()' in an Internationalized environment INTER.SDFL - Provide a 'Locale' argument when instantiating 'SimpleDateFormat' objects INTER.SEO - Avoid calling methods and constructors which do not allow you to specify a character encoding option INTER.SE - Do not call 'String.equals()' in an Internationalized environment INTER.SIO - Do not call 'String.indexOf()' or 'String.lastIndexOf()' in an Internationalized environment INTER.ST - Do not use 'StringTokenizer' in an Internationalized environment INTER.TTS - Do not call 'toString()' or 'String.valueOf()' on Time objects in an Internationalized environment INTER.UNLS - Avoid unnecessary "$NON-NLS" and "NOI18N" comments JAVADOC.BT - Avoid unsupported '@' tags and other tags that should not be used in Javadoc comments JAVADOC.CRN - Always include a description of whether or not a method can return null in the Javadoc JAVADOC.DPMT - Avoid unused Javadoc tags JAVADOC.ECTF - Enforce custom Javadoc tags for fields JAVADOC.ECTM - Enforce custom Javadoc tags for methods/annotation member types JAVADOC.ECTT - Enforce custom Javadoc tags for types JAVADOC.JNJD - Do not insert non-Javadoc comments between Javadoc comments and declarations JAVADOC.MAJDT - Use the '@author' Javadoc tag in declaration Javadoc comments JAVADOC.MDJT - Include a meaningful description in Javadoc tags JAVADOC.MISFORMAT - Avoid misformatted Javadoc tags JAVADOC.MRDC - Use the '@return' Javadoc tag in method Javadoc comments JAVADOC.MVJDT - Use the '@version' tag in type Javadoc comments JAVADOC.ORDER - Order Javadoc tags appropriately JAVADOC.PARAM - Use the '@param' Javadoc tag for each parameter of methods JAVADOC.PJDC - Provide Javadoc comments and descriptions for types JAVADOC.PJDF - Provide Javadoc comments and descriptions for fields JAVADOC.PJDM - Provide Javadoc comments and descriptions for methods JAVADOC.SINGLE - Enforce restraint on number of lines used for Javadoc comments JAVADOC.SMJT - Use the '@concurrency' Javadoc tag on "synchronized" methods and blocks JAVADOC.SPELL - Avoid misspelling words in Javadoc comments and string literals JAVADOC.SRRP - Specify 'RUNTIME' as the retention policy when using the '@Documented' annotation JAVADOC.THROW - Use the '@throws' or '@exception' Javadoc tag in methods JAVADOC.TSMJT - Provide a Javadoc comment for 'toString()' methods JAVADOC.TSOL - Ensure that certain Javadoc tags only span one line JAVADOC.VMCR - Avoid using the '@return' Javadoc tag on "void" methods JDBC.BRSA - Ensure index is valid in JDBC method invocation JDBC.CDBC - Close JDBC connections in "finally" blocks JDBC.COCO - Close JDBC objects in the correct order JDBC.DSLV - Reuse data sources for JDBC connections JDBC.ODBIL - Do not open or close JDBC connections in loops JDBC.RRWD - Close JDBC resources in "finally" blocks JDBC.SCSF - Do not store database connection objects in "static" fields JDBC.UDS - Use javax.sql.DataSource to get the database connection JDBC.UPSC - Use "PreparedStatements" correctly JDBC.URSF - Use instance of RowSetFactory to create a RowSet object JUNIT.AEAT - Use assertEquals instead of assertTrue JUNIT.AHLOD - Do not hard code the location to data used by a unit test JUNIT.ANAT - Use assertNull instead of assertTrue when checking null references JUNIT.ANBA - Avoid negating boolean parameters to assertTrue() or assertFalse() JUNIT.ASAT - Use assertSame instead of assertTrue when checking reference equality JUNIT.ASSERT - Include a message string in JUnit assertions JUNIT.AST - Do not include assertion statements in threads other than the main thread JUNIT.CBA - Avoid calling 'assert' methods in catch blocks JUNIT.CSUPER - Call the superclass' 'setUp' and 'tearDown' methods in the 'setUp' and 'tearDown' methods of JUnit test classes JUNIT.CSUTD - Ensure that 'setUp()' and 'tearDown()' methods are implemented correctly JUNIT.DIR - Place each test class in the same location as the class that it tests JUNIT.ETCTA - Avoid extending 'TestCase' in test classes which contain the '@Test' annotation JUNIT.FAIL - Use the fail() method instead of forcing a failed condition using the assertTrue(false) or assertFalse(true) method JUNIT.FICB - Do not invoke the 'fail()' method in a 'catch' block in a JUnit test method JUNIT.ISMTC - Do not implement the 'suite()' method in JUnit test classes JUNIT.MAIN - Ensure that JUnit classes have a main() allowing them to be executed in isolation JUNIT.OSIC - Do not use the constructor to set up test cases JUNIT.OSUM - Override the 'setUp()' method or define a '@Before' method JUNIT.OTDM - Override the 'tearDown()' method or define an '@After' method JUNIT.SIA - Ensure JUnit test cases include assertion methods JUNIT.SIFN - Set all fields which are initialized in the 'setUp()' method to "null" in the 'tearDown()' method JUNIT.SUITE - Make 'suite()' methods "public" and "static" JUNIT.TATC - Use '@Test' annotation instead of extending 'TestCase' JUNIT.TCWNT - Include at least one test method in each 'TestCase' class JUNIT.TEST - Make sure all methods have at least one JUnit test method JUNIT.UPJT - Include an appropriate Javadoc tag in the Javadoc for JUnit test methods JUNIT.UPSS - Use the correct signature for the 'suite()' method in JUnit test classes METRIC.CBO - Coupling Between Objects METRIC.CC - McCabe Cyclomatic Complexity METRIC.CLLOCRIF - Ratio of Comments to Number of Logical Lines in files METRIC.CLLOCRIM - Ratio of Comments to Number of Logical Lines in methods METRIC.CLLOCRIT - Ratio of Comments to Number of Logical Lines in types METRIC.DIF - Nested If Statements METRIC.ECC - Essential Cyclomatic Complexity METRIC.FO - Fan Out METRIC.HDIFM - Halstead Difficulty METRIC.HEFM - Halstead Effort METRIC.HICM - Halstead Intelligent Content METRIC.HLENM - Halstead Program Length METRIC.HLEVM - Halstead Program Level METRIC.HNOBM - Halstead Number of Bugs METRIC.HTTPM - Halstead Time to Program METRIC.HVOCM - Halstead Program Vocabulary METRIC.HVOLM - Halstead Program Volume METRIC.IDOC - Inheritance Depth of Class METRIC.LCOM - Lack of Cohesion METRIC.MCC - Modified Cyclomatic Complexity METRIC.MI - Maintainability Index METRIC.NBD - Nested Blocks Depth METRIC.NOBLIF - Number of Blank Lines in Files METRIC.NOBLIM - Number of Blank Lines in Methods METRIC.NOBLIT - Number of Blank Lines in Types METRIC.NOCLIF - Number of Comment Lines in Files METRIC.NOCLIM - Number of Comment Lines in Methods METRIC.NOCLIT - Number of Comment Lines in Types METRIC.NOC - Number of Classes METRIC.NOF - Number of Files METRIC.NOLLOCIF - Number of Logical Lines in Files METRIC.NOLLOCIM - Number of Logical Lines in Methods METRIC.NOLLOCIT - Number of Logical Lines in Types METRIC.NOMIT - Number of Methods in Types METRIC.NOPAR - Number of Parameters of Methods METRIC.NOPLIF - Number of Physical Lines in Files METRIC.NOPLIM - Number of Physical Lines in Methods METRIC.NOPLIT - Number of Physical Lines in Types METRIC.NOPRIVMIT - Number of Private Members of Types METRIC.NOPROTMIT - Number of Protected Members of Types METRIC.NOPUBMIT - Number of Public Members of Types METRIC.NORET - Number of Returns in Methods METRIC.NOSLIF - Number of Source Lines in Files METRIC.NOSLIM - Number of Source Lines in Methods METRIC.NOSLIT - Number of Source Lines in Types METRIC.NOT - Number of Types METRIC.RFC - Response for Class METRIC.SCC - Strict Cyclomatic Complexity METRICS.CTNL - DEPRECATED: Number of lines in "class" or "interface" METRICS.ECLM - DEPRECATED: Number of statement lines in a method METRICS.ECLT - DEPRECATED: Number of statement lines in a "class" or "interface" METRICS.ID - DEPRECATED: "class" or "interface" inheritance level METRICS.NOFT - DEPRECATED: Number of fields METRICS.NOMCML - DEPRECATED: Number of comment lines in a method METRICS.NOM - DEPRECATED: Number of methods METRICS.NOTCML - DEPRECATED: Number of comment lines in a "class" or "interface" METRICS.NPKGF - DEPRECATED: Number of package-private fields METRICS.NPKGM - DEPRECATED: Number of package-private methods METRICS.NPRIF - DEPRECATED: Number of "private" fields METRICS.NPRIM - DEPRECATED: Number of "private" methods METRICS.NPROF - DEPRECATED: Number of "protected" fields METRICS.NPROM - DEPRECATED: Number of "protected" methods METRICS.NPUBF - DEPRECATED: Number of "public" fields METRICS.NPUBM - DEPRECATED: Number of "public" methods METRICS.NSTMT - DEPRECATED: Number of statements in a method METRICS.PAR - DEPRECATED: Number of parameters METRICS.PJDC - DEPRECATED: Percentage of Javadoc comments (%) METRICS.TNLM - DEPRECATED: Number of lines in a method METRICS.TNMC - DEPRECATED: Number of method calls METRICS.TRET - DEPRECATED: Number of "return" statements METRICS.VG - DEPRECATED: Cyclomatic Complexity METRIC.WMC - Weighted Methods of Class MOBILE.ACFM - Avoid accessing same fields and methods multiple times MOBILE.AMA - Avoid using 'getter' and 'setter' methods MOBILE.ANDROID.AOSM - Always override 'onSaveInstanceState()' MOBILE.ANDROID.WUP - Make sure that widgets aren't updated too often MOBILE.APTA - Avoid using array of primtive wrapper objects MOBILE.AUEF - Avoid using enhanced "for" loop to walk through a "java.lang.Iterable" object MOBILE.AUI - Avoid declaring "interface" types MOBILE.DARRAY - Avoid multiple dimension arrays MOBILE.ENUM - Avoid using enums MOBILE.FLOATER - Avoid using floats MOBILE.J2ME.ACII - Do not use anonymous classes as interface implementors MOBILE.J2ME.ARLL - Do not use an array length in a loop condition expression MOBILE.J2ME.CIPA - Avoid constant initializations of primitive arrays that exceed a certain size MOBILE.J2ME.EAOF - Do not access a field excessively MOBILE.J2ME.EURP - Ensure methods use return parameters instead of returning new objects MOBILE.J2ME.OOME - Catch 'OutOfMemoryError' for large array allocations NAMING.ANNS - Follow class name conventions defined for annotations NAMING.CVN - Use conventional variable names NAMING.DJLO - Do not declare types with the same name as types in the Java platform NAMING.DSN - Avoid using dollar signs in names NAMING.ECN - Ensure class names reflect classes which they extend NAMING.EXTENDS - Follow class name conventions defined for base classes NAMING.GETA - Follow a naming convention for getter methods NAMING.GETB - Follow a naming convention for "boolean" getter methods NAMING.ID - Avoid using potential Java keywords as identifiers NAMING.IFV - Use all uppercase letters for the names of fields in an "interface" NAMING.IMPLS - Follow class name conventions defined for implemented interfaces NAMING.IRB - Use 'is...' only for naming methods that return a "boolean" NAMING.LLI - Follow limits for the lengths of type, method, field, parameter, and variable names NAMING.NACL - Use a naming convention for "abstract" classes NAMING.NAC - Use a naming convention for array and collection variables NAMING.NA - Use a naming convention for annotations NAMING.NCL - Use a naming convention for classes NAMING.NENUM - Use a naming convention for enum type declarations NAMING.NE - Use a naming convention for exceptions NAMING.NFL - Use a naming convention for "final" local variables NAMING.NIF - Use a naming convention for non-"static" fields NAMING.NITF - Use a naming convention for interfaces NAMING.NLV - Use a naming convention for local variables NAMING.NMP - Use a naming convention for method parameters NAMING.NM - Use a naming convention for non-"static" methods NAMING.NPH - Use a naming convention for type parameters NAMING.NSF - Use a naming convention for non-"final" "static" fields NAMING.NSM - Use a naming convention for "static" methods NAMING.NTEST - Use a naming convention for JUnit test classes NAMING.PKG - Use a naming convention for "package" names NAMING.RPKG - Do not use a package name that is reserved by Sun NAMING.SETA - Follow a naming convention for setter methods NAMING.SINGLETON - Use a naming convention for singleton classes NAMING.THAC - Use a naming convention for tag handlers and associated classes NAMING.UHN - Use Hungarian notation for variables NAMING.USF - Do not use lowercase letters in "final" "static" field names NAMING.UUVN - Do not use variable names which differ only in case OOP.ACECC - Do not extend concrete classes in "abstract" classes OOP.ACST - Avoid casts to types which are more specific than necessary OOP.AF - Avoid "public"/"protected"/package-private fields OOP.AHF - Do not hide inherited fields OOP.AHSM - Do not hide inherited "static" member methods OOP.AOA - Add the "@Override" annotation to overriding methods OOP.AOCM - Always override certain methods when extending certain types OOP.ASFI - Redeclare a class with only "abstract" methods and "static final" fields as an "interface" OOP.AUASI - Do not implement or extend annotations OOP.AUO - Do not use an object to access "static" fields or methods OOP.CIMOM - Do not declare a method in an interface which conflicts with a 'protected' method of 'Object' OOP.CQS - Ensure methods are either a command(change state) or a query(get state) OOP.HIF - Do not hide fields and local variables declared in enclosing scopes OOP.HMF - Do not give method local variables and parameters the same name as class fields OOP.ICIF - Avoid inner classes in interfaces OOP.IDOM - Avoid declaring methods inherited from class "Object" in an interface OOP.IIAC - Avoid implementing interfaces only to access constants OOP.IIN - Implement interface methods non-trivially or declare them "abstract" OOP.INSOF - Use "instanceof" only on interfaces OOP.LEVEL - Avoid more than two levels of nested inner classes OOP.MFP - Give "finalize()" methods "protected" access OOP.MI - Avoid interfaces with no fields or methods (marker interfaces) OOP.MUCOP - Provide mutable classes with copy functionality OOP.NAM - Avoid "abstract" classes without "abstract" methods OOP.NOMA - Declare methods in "abstract" classes with empty bodies "abstract" OOP.NPAC - Do not declare "public" or package-private constructors in "abstract" classes OOP.OPM - Do not override an instance "private" method OOP.PIFC - Do not use "protected" access for members of "final" classes OOP.PMPC - Ensure 'public' classes have at least one 'public' or 'protected' member OOP.PSDF - Do not declare "private" or "static" methods as "final" OOP.RI - Do not declare a class as implementing an interface if a superclass already implements that interface OOP.RSFC - Avoid referencing a class' subclasses from itself OOP.SNGL - Use a naming convention for singleton classes OOP.SVHM - Specify which version of potentially ambiguous methods you wish to call for method calls in inner classes OOP.THRECL - Use getContextClassLoader() instead of getClassLoader() OPT.AAM - Change non-"private" members to "private" in anonymous classes OPT.AAS - Use abbreviated assignment operators OPT.ACDO - Do not use the 'new String(String)' constructor OPT.AGC - Do not get the 'Class' object through new object instantiation OPT.ANIPW - Avoid new instantiations of primitive wrapper objects, whose values are cached OPT.AUMO - Avoid unnecessary Map operations OPT.BR - Simplify "boolean" returns OPT.CCR - Close all "java.io.Closeable" resources in a "finally" block OPT.CEIL - Avoid putting constant expressions inside loops OPT.CEL - Do not call methods in loop condition statements OPT.CIO - Close input and output resources in "finally" blocks OPT.CLL - Check the logging level before calling potentially expensive logging operations OPT.CPTS - Do not convert a value to a String by concatenating the empty String OPT.CRSG - Avoid duplicate calls to the "get" methods of "ResultSet" OPT.CRWD - Close resources as early as possible OPT.CTLV - Do not use a "private" field that is accessed in only one method; change it to a local variable OPT.DIC - Define initial capacities for 'ArrayList', 'HashMap', 'HashSet', 'Hashtable', 'Vector' and 'WeakHashMap' OPT.EES - Use 'String.length() == 0' instead of 'String.equals("")' OPT.EIC - Use 'equalsIgnoreCase()' instead of calls to 'toLowerCase()' or 'toUpperCase()' OPT.EOIL - Avoid calling expensive operations in the body of a loop OPT.ICDPC - When calling "Math.ceil()", do not pass in an integer that has been cast to a floating point type OPT.ICGA - Avoid accessing members which will require synthetic accessor methods OPT.ILUG - Do not iterate through Lists using the 'get()' method OPT.IRB - Use 'System.arraycopy()' instead of using a loop to copy arrays OPT.ISC - Do not instantiate a class which contains only static fields and methods OPT.LIOL - Move invariants outside of loops wherever possible OPT.LOOP - Do not instantiate variables in a loop body OPT.MAF - Make getter and setter methods for instance fields "final" OPT.MUNC - Avoid unnecessary comparisons to "null" OPT.NCIO - Avoid 'null' check before 'instanceof' OPT.NIVND - Use the 'nextInt()' method to generate a random integer OPT.NIW - Avoid creating new instances of BigInteger and BigDecimal OPT.NSF - Declare "final" fields with a known compile time value as "static" OPT.PCTS - Use 'charAt()' instead of 'startsWith()' for one character comparisons OPT.PRIM - Do not instantiate the wrapper classes for primitive types OPT.SBL - Avoid converting StringBuffer or StringBuilder to String to check length OPT.SBS - Use 'StringBuilder' instead of 'StringBuffer' when synchronization is not required OPT.SB - Specify an initial 'StringBuffer' capacity OPT.SDLS - Avoid using synchronized data structures for local variables OPT.SI - Declare member classes "static" if possible OPT.SRA - Avoid using 'String.replaceAll()' with literal values OPT.STCA - Do not call ''String.toCharArray()'' unnecessarily OPT.STRBUF - Simplify methods that return strings that are always concatenated OPT.STR - Use single quotes instead of double quotes for single character string concatenation OPT.STS - Avoid unnecessary calls to 'String' methods OPT.SWIF - Avoid use of if statements if they can be replaced with switch statements OPT.SYN - Do not call a synchronized method inside of a loop OPT.TOARRAY - Use collection size for target array in 'toArray()' OPT.UEQ - Do not compare boolean variables with "true" OPT.UISO - Avoid unnecessary "instanceof" evaluations OPT.UMATH - Do not call the methods from 'java.lang.Math' if the result is a constant which can be easily determined OPT.UNC - Avoid unnecessary casting OPT.USB - Use 'StringBuffer' instead of 'String' when concatenating strings OPT.USCL - Avoid questionable uses of non-short-circuit logic OPT.USC - Use 'String' instead of 'StringBuffer' for constant strings OPT.USV - Use 'stack' variables whenever possible PB.API.AECC - Avoid extending certain classes (custom rule) PB.API.APPG - Avoid 'put, 'putAll' and 'get' methods of 'java.util.Properties' objects PB.API.APT - Avoid using certain packages or types PB.API.CMMT - Ensure that the types passed to "Collection" and "Map" methods match the types in those data structures PB.API.DANNOT - Add the "@Deprecated" annotation to the declarations of deprecated members PB.API.DNCSS - Do not call 'setSize()' in 'ComponentListener.componentResized()' PB.API.DPRAPI - Do not use deprecated APIs PB.API.ECMC - Do not extend "Collection" and "Map" classes PB.API.EHM - Do not extend 'java.util.HashMap' or 'java.util.Hashtable' PB.API.EJF - Do not create an empty JarFile entry or an empty ZipFile entry PB.API.EQNL - Avoid calling 'equals(null)' PB.API.HNCN - Do not call the 'next' method from the 'hasNext' method of an Iterator PB.API.IUMS - Do not use "URL" objects in "Collections" or "Maps" PB.API.KOEH - Ensure that all types which are used as keys in Sets and Maps override the 'equals()' and 'hashCode()' methods PB.API.MASP - Assign "protected" accessibility to 'readResolve()' and 'writeReplace()' methods in serializable classes PB.API.MOHK - Avoid using objects with dangerous implementations of 'equals()' or 'hashCode()' as keys in hashed data structures PB.API.NDC - Do not define direct or indirect subclasses of 'Error' and 'Throwable' PB.API.OF - Do not overload the 'finalize()' method PB.API.REP - Avoid using "." as a regular expression in 'String.replaceAll()' and 'String.replaceFirst()' PB.API.SBCC - Do not pass a 'char' to the 'StringBuffer(int)' constructor PB.API.UNI - Avoid improper casting of the results of the 'next' methods in the 'java.util.Random' class PB.API.URL - Avoid using the 'equals()' and 'hashCode()' methods of "java.net.URL" PB.API.VAFS - Ensure the correct number of arguments for varargs methods with format strings PB.API.VENDOR - Update values which may be using to compare with vendor properties PB.CLOSE - Unrestricted lock resource PB.CUB.ADE - Avoid dangling "else" statements PB.CUB.AIPQ - Avoid using 'iterator()' with PriorityQueue and PriorityBlockingQueue PB.CUB.AMCO - Avoid using multiple '!' or '~' unary operators PB.CUB.APAM - Avoid passing arrays as arguments to methods that take non-array parameters PB.CUB.ARCF - Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block PB.CUB.ATSF - Do not exit "finally" blocks abruptly PB.CUB.AWP - Avoid confusing assignments to constructor arguments PB.CUB.CILB - Do not put code other than logging code inside logging blocks PB.CUB.CNVC - Avoid improper concatenation of characters with numbers PB.CUB.CTOR - Do not call non-"final", non-"static" and non-"private" methods from constructors PB.CUB.CWRITE - Avoid usage of File.canWrite() method because it may returns true even if directory is not writable PB.CUB.DCP - Do not use the "+" string concatenation operator to concatenate numbers; use it only to add numbers PB.CUB.EBI - Avoid erroneously placing statements outside blocks PB.CUB.EOOM - Avoid errors in overriding methods of "java.lang.Object" PB.CUB.FLVA - Do not assign loop control variables in the body of a "for" loop PB.CUB.IMC - Ensure overriding methods are not unintended covariants due to parameter type differences PB.CUB.IMM - Ensure "static" "final" fields are immutable PB.CUB.ISF - Inspect "private" "static" fields which may have mistakenly been declared "static" PB.CUB.MAIN - Use the method name 'main()' only for the entry point method PB.CUB.OE - Avoid suspicious octal escapes PB.CUB.OSM - Ensure overloaded methods in superclass are overridden when overriding a method in subclass PB.CUB.OVAM - Avoid overloading varargs methods PB.CUB.PSFA - Avoid using "public static final" array fields PB.CUB.RMO - Avoid referencing mutable fields PB.CUB.SAC - Do not use "char" arrays in "String" concatenations PB.CUB.SBC - Do not use a "switch" statement with a bad "case" PB.CUB.SRAD - Specify @Retention for annotation type declarations PB.CUB.STRCC - Parenthesize complex expressions in 'print()' or 'println()' statements PB.CUB.TOCTOU - Avoid Time-of-check Time-of-use (TOCTOU) Race Condition PB.CUB.TOS - Avoid invoking 'toString()' on array variables PB.CUB.TVOM - Avoid type variable parameters when calling overloaded methods PB.CUB.UEIC - Do not use '==' or '!=' to compare objects PB.EAR - Ensure that non-"void" methods have a return value other than empty arrays and "null" PB.LOGIC.AIL - Avoid infinite loops PB.LOGIC.AMOI - Avoid using the wrong index variable to access an array or List element PB.LOGIC.AOBO - Avoid off-by-one errors in loop conditions PB.LOGIC.AULV - Avoid loop variables which are not used in the condition of the loop PB.LOGIC.CPI - Do not check whether the result of "String.indexOf()" is positive or non-positive PB.LOGIC.CRRV - Check the return value of methods which read or skip input PB.LOGIC.DJNCR - Do not discard the result of a call to "readLine()" after checking that the return value is non-null PB.LOGIC.EQLC - Use 'getClass()' or "instanceof" within 'equals()' and 'compareTo()' method implementations PB.LOGIC.EQUS - Do not call 'equals()' methods that always return false PB.LOGIC.ESO - Avoid calling 'equals()' with same object PB.LOGIC.FLRC - Avoid infinite recursive method calls PB.LOGIC.INDEX - Avoid bugs in the usage of loop variables PB.LOGIC.JI - Do not increment or decrement on the same variable over multiple nested "for" loop statements PB.LOGIC.LLM - Ensure that the logging level checked matches the level of the called logging method PB.LOGIC.OAMC - Ensure that the objects used within a loop's condition are properly accessed within the loop's body PB.LOGIC.OOR - Avoid out of range comparisons PB.LOGIC.ROM - Make sure that methods are invoked on the correct object PB.LOGIC.SG - Ensure get/set methods are accessing the correct variables PB.NAECS - Include a 'case' statement for each constant of an 'enum' type in 'switch' statements PB.NUM.AIC - Avoid implicit casts from integer data types to floating point data types PB.NUM.BBDCC - Do not pass floating point values to the 'BigDecimal' constructor PB.NUM.BSA - Do not use an integer outside the range of [0, 31] as the amount of a shift PB.NUM.CACO - Avoid using compound assignment operators in cases which may cause overflow PB.NUM.CLP - Do not cast primitive data types to lower precision PB.NUM.CMP - Don't use subtraction in this method PB.NUM.DCF - Do not compare floating point types PB.NUM.FPLI - Do not use floating point variables as loop indices PB.NUM.ICO - Avoid calculations which result in overflow or NaN PB.NUM.IDCD - Do not assign the result of an integer division to a floating point variable PB.NUM.IMOF - Avoid casting the result of an integer multiplication to "long" PB.NUM.IOF - Use unsigned right shift instead of division when overflow is possible PB.NUM.NAN - Avoid comparisons to Double.NaN or Float.NaN PB.NUM.NIA - Do not initialize array dimensions with negative numbers PB.NUM.UBD - Do not use "float" and "double" if exact answers are required PB.NUM.UCM - Avoid passing integer values to 'Math.round()' PB.OCSF - Ensure that exactly one type has the same name as the file name PB.PCSF - Ensure that the type that has the same name as the file is declared "public" PB.PDCL - Place "default" as the last case of the "switch" statement PB.PDS - Provide "default:" for each "switch" statement PB.RE.ACTI - Do not add a collection to itself PB.RE.AMFSL - Avoid modifying fixed-size Collections PB.RE.AQA - Avoid calling the 'add()' method of a Queue PB.RE.ASE - Avoid possible ArrayStoreExceptions PB.RE.CAI - Always check parameters before use in array access PB.RE.CIOR - Check the return value of calls to 'String.indexOf()' before passing this value to other "String" methods PB.RE.CTNSE - Ensure 'Iterator.next()' method implementations throw 'NoSuchElementException' PB.RE.IDRL - Check whether or not "readLine()" returned null before dereferencing the return value PB.RE.IIAE - Make sure the IllegalArgumentException message matches the code logic PB.RE.IOSS - Use the "fromIndex" argument of 'indexOf()' when necessary PB.RE.ISEM - Do not call 'String.equals(constant)' or 'String.equalsIgnoreCase(constant)' PB.RE.JLAY - Avoid using methods add() from JLayer class PB.RE.NCMD - Ensure that dereferenced variables match variables which were previously checked for "null" PB.RE.NXRE - Do not define direct or indirect subclasses of 'RuntimeException' PB.RE.PNPD - Avoid dereferencing null objects PB.RE.RCODE - When used HttpURLConnection always check return value from the getResponseCode() methods before call getInputStream() PB.RE.VRNULL - Avoid methods returning "null" value PB.TYPO.AECB - Avoid "try", "catch" and "finally" blocks with empty bodies PB.TYPO.ASI - Avoid assignment within a condition PB.TYPO.BW - Avoid unnecessary self computation PB.TYPO.CSI - Ensure that the correct "super" method is invoked PB.TYPO.DAV - Avoid assigning same variable in the fall-through switch case PB.TYPO.EB - Avoid control statements with empty bodies PB.TYPO.IMO - Ensure the overriding method name does not have a typo PB.TYPO.NAMING - Do not give methods and fields the same name as the enclosing class or each other PB.TYPO.RSK - Avoid having more than one "getter" or "setter" method for the same field PB.TYPO.TLS - Ensure "switch" statements do not contain typos PB.TYPO.UOL - Do not use octal integer literals PB.TYPO.WT - Ensure that arguments passed to Java wrapper classes do not contain typos PB.USC.AES - Avoid empty statements PB.USC.CC - Avoid conditional expressions that always evaluate to a constant value PB.USC.EC - Avoid empty classes PB.USC.EPC - Do not define empty "public" constructors in classes with no other constructors PB.USC.NACC - Avoid classes with no accessible members PB.USC.NASSIG - Ensure method and constructor return values are used PB.USC.OI - Avoid increment and decrement statements which have no effect PB.USC.RTE - Do not catch exceptions only to rethrow them PB.USC.SAFL - Avoid self assignments/initializations to fields and/or local variables PB.USC.UIF - Avoid unreachable "else if" and "else" cases PB.USC.UNARY - Do not use the unary operator '+' PORT.CTSP - Avoid calling 'Thread.setPriority()' PORT.DNHCP - Do not hard code an absolute pathname when calling a constructor from the 'File' class PORT.ENV - Do not use the non-portable 'System.getenv()' method PORT.EXEC - Do not use 'Runtime.exec()' PORT.HCNA - Do not hard-code IP addresses and port numbers PORT.LNSP - Do not hard code '\n' or '\r' as a line separator PORT.NATV - Do not use user-defined "native" methods PORT.PEER - Do not use "java.awt.peer.*" interfaces directly PORT.PSC - Use "File.pathSeparator" or "File.pathSeparatorChar" instead of the corresponding literals PROPS.BSPV - Avoid adding extra white spaces to the end of property values PROPS.DUPN - Avoid duplicated property names PROPS.DUPV - Avoid duplicated property values PROPS.EMN - Avoid empty property names PROPS.EMV - Avoid empty property values PROPS.EQOP - Always use the '=' operator PROPS.FM - Follow the limit for number of property entries PROPS.HCLS - Avoid hard-coded line separators in property values PROPS.IARG - Avoid misusing arguments in property values PROPS.ICK - Avoid incomplete property entries PROPS.IVCC - Avoid misusing the line continuation character '\' PROPS.MENTRY - Avoid unmatched property entries in resources with different locales PROPS.MLN - Avoid splitting property names into multiple lines PROPS.NAME - Use a naming convention for property names PROPS.PLAIN - Password information should not be included in properties file in plaintext PROPS.SPELL - Avoid misspelling words in comments and property values PROPS.TENTRY - Ensure that property entries are localized correctly SECURITY.BV.ACL - Do not access the class loader in a web component SECURITY.BV.ADT - Inspect usage of 'Date', 'Time' objects and 'System.currentTimeMillis()' method invocations SECURITY.BV.AUG - Inspect usage of 'getName()' from 'java.lang.Class' object SECURITY.BV.CQRO - Use "read-only" AccessMode for Castor queries SECURITY.BV.DSSM - Do not set custom security managers outside of the 'main' method SECURITY.BV.ENFL - Ensure all sensitive method invocations are logged SECURITY.BV.NSF - Do not call 'Socket.setSocketImplFactory()' or 'URL.setURLStreamHandlerFactory()' in a web component SECURITY.BV.PCFM - Wrap "privileged" method invocations in "final" methods SECURITY.BV.PCPM - Wrap "privileged" method invocations in "private" methods SECURITY.BV.PDLC - Avoid using dynamically loaded classes in "privileged" code blocks SECURITY.BV.SYSP - Do not access or set System properties SECURITY.DRC.THR - Do not use threads in web components SECURITY.EAB.ACWC - Avoid calling specified methods from web components and EJBs SECURITY.EAB.AWT - Do not use AWT classes in Web components SECURITY.EAB.CBA - Do not pass byte arrays to ObjectOutputStream in the 'writeObject()' method SECURITY.EAB.CMP - Do not compare Class objects by name SECURITY.EAB.CPCL - Enforce returning a defensive copy in 'clone()' methods SECURITY.EAB.JVM - Do not stop the JVM in a web component SECURITY.EAB.LDP - Limit the number of "AccessController.doPrivileged" calls per class SECURITY.EAB.MPT - Do not pass user-given mutable objects directly to certain types SECURITY.EAB.OROM - Implement 'readObject()' and 'writeObject()' for all 'Serializable' classes SECURITY.EAB.PCL - Limit the number of lines in "privileged" code blocks SECURITY.EAB.SF - Do not declare "static" fields in web components SECURITY.EAB.SIS - Do not change the input streams of 'java.lang.System' in a web component SECURITY.EAB.SMO - Do not store user-given mutable objects directly into variables SECURITY.EAB.SPFF - Inspect 'static' fields which may have intended to be declared 'static final' SECURITY.ESD.ACW - Avoid writing to Consoles SECURITY.ESD.CONSEN - Do not log confidential or sensitive information SECURITY.ESD.CSD - Clear sensitive data after use SECURITY.ESD.PEO - Do not pass exception messages into output in order to prevent the application from leaking sensitive information SECURITY.ESD.PLC - Avoid storing sensitive data in plaintext in a cookie SECURITY.ESD.RA - Avoid methods that might expose internal representations by returning arrays or other mutable fields SECURITY.ESD.SDM - Store sensitive data in mutable objects SECURITY.ESD.SIF - Inspect instance fields of serializable objects to make sure they will not expose sensitive information SECURITY.ESD.SIO - Avoid calling print methods of 'System.err' or 'System.out' SECURITY.ESD.SNFD - Do not expose data with a 'FileNotFound' exception SECURITY.ESD.SPI - Do not interrogate or modify security policy information in a web component SECURITY.ESD.TFP - Declare "transient" fields "private" SECURITY.ESD.TSPF - Avoid "transient" fields in serialPersistentFields array array SECURITY.ESD.UPCT - Use 'post' instead of 'get' for credential transfers SECURITY.IBA.AEAF - Do not extend from the Struts classes 'ActionForm' and 'DynaActionForm' SECURITY.IBA.ATF - Avoid temporary files SECURITY.IBA.AUSS - Avoid using "SELECT *" in SQL queries SECURITY.IBA.CDBV - Canonicalize all data before validation SECURITY.IBA.CSVFV - Always call 'super.validate()' from validation methods in 'ActionForm' classes SECURITY.IBA.EDPM - Encapsulate constructor arguments with a validation function SECURITY.IBA.NATIW - Use wrapper methods to secure native methods SECURITY.IBA.UPS - Use 'prepareCall' or 'prepareStatement' instead of 'createStatement' SECURITY.IBA.VRD - Encapsulate all redirect and forward URLs with a validation function SECURITY.IBA.XPIJ - Avoid XPath injection when evaluating XPath queries SECURITY.UEC.ADS - Ensure that 'axis.development.system' is set to "false" in Axis 'server-config.wsdd' files SECURITY.UEC.AELQ - Ensure that 'axis.enableListQuery' is set to "false" in Axis 'server-config.wsdd' files SECURITY.UEC.DSL - Ensure that 'axis.disableServiceList' is set to "true" in Axis 'server-config.wsdd' files SECURITY.UEC.DSR - Avoid defining multiple security roles with the same name in 'web.xml' files SECURITY.UEC.EDAR - Ensure that the 'Encrypt' directive is specified for each 'items' tag in Axis2 configuration files SECURITY.UEC.FMCD - Ensure that each filter mapped in a 'web.xml' file has a corresponding definition SECURITY.UEC.HTTPS - Use 'https' instead of 'http' for the 'transportReceiver' and 'transportSender' in 'axis2.xml' configuration files SECURITY.UEC.ISOS - Ensure that 'InflowSecurity' and 'OutflowSecurity' parameters are specified in Axis2 configuration files SECURITY.UEC.LCA - Include an appropriate '<login-config>' element to specify the type of authentication to be performed in 'web.xml' files SECURITY.UEC.PCCF - Avoid storing usernames and passwords in plain text in Castor 'jdo-conf.xml' files SECURITY.UEC.PTPT - Avoid using plain text passwords in Axis 'wsdd' files SECURITY.UEC.PWDPROP - Ensure that passwords are not stored as plaintext and are sufficiently long SECURITY.UEC.PWDXML - Ensure that passwords are not stored as plaintext and are sufficiently long SECURITY.UEC.RAJ - Restrict access to JSPs in 'web.xml' files by including a security constraint for '*.jsp' files SECURITY.UEC.REST - Ensure that "REST" is disabled in 'axis2.xml' configuration files SECURITY.UEC.SDAR - Ensure that the 'Signature' directive is specified for each 'items' tag in Axis2 configuration files SECURITY.UEC.SEP - Always specify error pages in web.xml SECURITY.UEC.SLID - Ensure Session-ID Length is sufficient SECURITY.UEC.SMM - Avoid using the SOAP Monitor module SECURITY.UEC.SRCD - Ensure that each security role referenced in a 'web.xml' file has a corresponding definition SECURITY.UEC.TDAR - Ensure that the 'Timestamp' directive is specified for each 'items' tag in Axis2 configuration files SECURITY.UEC.UDC - Ensure that all constrained resources are protected with a '<user-data-constraint>' element in 'web.xml' files SECURITY.UEC.UTAX - Avoid using plain text passwords in Axis2 configuration files SECURITY.UEC.WCMC - Ensure SOAP messages are encrypted in WebSphere 'ibm-webservicesclient-ext.xmi' files SECURITY.UEC.WCMI - Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservicesclient-ext.xmi' files SECURITY.UEC.WCMT - Avoid misconfiguring timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files SECURITY.UEC.WCMWS - Ensure WS-Security is enabled in WebSphere 'ibm-webservicesclient-ext.xmi' files SECURITY.UEC.WCPWD - Avoid unencrypted passwords in WebSphere 'ibm-webservicesclient-ext.xmi' files SECURITY.UEC.WCUTS - Avoid unsigned timestamps in WebSphere 'ibm-webservicesclient-ext.xmi' files SECURITY.UEC.WELC - Ensure all web content directories have a "welcome file" SECURITY.UEC.WMC - Ensure SOAP messages are encrypted in WebSphere 'ibm-webservices-ext.xmi' files SECURITY.UEC.WMI - Ensure SOAP messages are digitally signed in WebSphere 'ibm-webservices-ext.xmi' files SECURITY.UEC.WMT - Avoid misconfiguring timestamps in WebSphere 'ibm-webservices-ext.xmi' files SECURITY.UEC.WMWS - Ensure WS-Security is enabled in WebSphere 'ibm-webservices-ext.xmi' files SECURITY.UEC.WPWD - Avoid unencrypted passwords in WebSphere 'ibm-webservices-ext.xmi' files SECURITY.UEC.WSS - Ensure that the Rampart WS-Security module is enabled in Axis2 configuration files SECURITY.UEC.WUTS - Avoid unsigned timestamps in WebSphere 'ibm-webservices-ext.xmi' files SECURITY.UEHL.LGE - Ensure all exceptions are either logged with a standard logger or rethrown SECURITY.WSC.ACDP - Avoid using anonymous "privileged" classes when invoking "AccessController.doPrivileged()" SECURITY.WSC.ACPST - Do not call the 'printStackTrace()' method of "Throwable" objects SECURITY.WSC.AHCA - Avoid hard-coding the arguments to certain methods SECURITY.WSC.AMA - Avoid constructors and overriding methods which are more accessible than those of their super classes SECURITY.WSC.APIBS - Inspect usage of standard API calls that bypass security SECURITY.WSC.ARXML - Avoid turning raw text into xml SECURITY.WSC.ASAPI - Inspect usage of scripting API SECURITY.WSC.AUIC - Do not use inner classes SECURITY.WSC.BP - Allow only certain providers to be specified for the 'Security.addProvider()' method SECURITY.WSC.CACM - Keep all access control methods centralized to enforce consistency SECURITY.WSC.CAM - Keep all authentication methods centralized to enforce consistency SECURITY.WSC.CAP - Always clone array parameters which are stored to fields SECURITY.WSC.CFM - Only call "final" methods from specified code blocks in non-"final" classes SECURITY.WSC.CIFC - Only "clone()" instances of "final" classes SECURITY.WSC.CKTS - Avoid using cryptographic keys which are too short SECURITY.WSC.CLI - Inspect instantiations of 'ClassLoader' objects SECURITY.WSC.CLONE - Make your 'clone()' method "final" for security SECURITY.WSC.CLO - Do not override any 'ClassLoader' method except 'findClass()' SECURITY.WSC.CL - Do not define custom class loaders SECURITY.WSC.CMO - Do not pass mutable objects to 'ObjectOutputStream' in the 'writeObject()' method SECURITY.WSC.DCSM - Do not define custom 'SecurityManager's SECURITY.WSC.DNSL - Avoid DNS lookups for decision making SECURITY.WSC.DSER - Make your classes nondeserializeable SECURITY.WSC.ENPP - Ensure arguments passed to certain methods come from predefined methods list SECURITY.WSC.FIMU - Make immutable classes final SECURITY.WSC.FXMLP - Ensure that Secure Processing is used SECURITY.WSC.HCCK - Avoid using hard-coded cryptographic keys SECURITY.WSC.HCCS - Avoid passing hardcoded usernames/passwords/URLs to database connection methods SECURITY.WSC.ICA - Avoid using insecure algorithms for cryptography SECURITY.WSC.INIVF - Make immutable classes final SECURITY.WSC.INNER - Make all member classes "private" SECURITY.WSC.ISL - Always call 'HttpSession.invalidate()' before 'LoginContext.login()' SECURITY.WSC.IVR - Avoid non-random "byte[]" when using IvParameterSpec SECURITY.WSC.MCNC - Make your classes noncloneable SECURITY.WSC.PACC - Call access control methods to enforce consistency SECURITY.WSC.PAC - Call authentication methods to enforce consistency SECURITY.WSC.PAF - Declare subclasses of 'PrivilegedAction', 'PrivilegedExceptionAction', and 'PrivilegedActionException' "final" SECURITY.WSC.PBPSF - Declare subclasses of 'Permission' and 'BasicPermission' "final" SECURITY.WSC.PPF - Do not allow password fields to be autocompleted SECURITY.WSC.PPKG - Ensure that all Permissions, PrivilegedActions, and PrivilegedActionExceptions are declared in the same package SECURITY.WSC.PRMF - Declare the 'run()' method of 'PrivilegedAction' and 'PrivilegedExceptionAction' implementations "final" SECURITY.WSC.PSFC - Do not declare fields as "public" "static" "final" 'Collection' or 'Map' objects SECURITY.WSC.RDM - Inspect 'Random' objects or 'Math.random()' methods that could indicate areas where malicious code has been placed SECURITY.WSC.SCF - Enforce 'SecurityManager' checks before setting or getting fields SECURITY.WSC.SCLONE - Enforce 'SecurityManager' checks in methods of 'Cloneable' classes SECURITY.WSC.SCSER - Enforce 'SecurityManager' checks in methods of 'Serializable' classes SECURITY.WSC.SCSM - Ensure 'SecurityManager' check in constructor of "public" non-"final" sensitive type SECURITY.WSC.SER - Make your classes nonserializeable SECURITY.WSC.SL - Avoid string literals except in constant declarations and calls to System.out or System.err's 'print' or 'println' methods SECURITY.WSC.SMSTR - Ensure 'SecurityManager' checks before 'Socket' transfers or retrievals SECURITY.WSC.SRD - Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' SECURITY.WSC.SSM - Ensure that an appropriate security manager is set SECURITY.WSC.SSP - Do not call 'System.setProperty()' in a web component SECURITY.WSC.SS - Do not use sockets in web components SECURITY.WSC.STREP - Use library methods for string replacements of special characters in HTML and XML SECURITY.WSC.UMAIN - Avoid 'main()' methods because they may allow unauthorized access to classes SECURITY.WSC.UOSC - Use the ''getSecure()'' and ''setSecure()'' methods to enforce the use of secure cookies SECURITY.WSC.USC - Use the SSL-enabled version of classes when possible SECURITY.WSC.UWM - Use wrapper methods instead of calling dangerous or problematic methods directly (custom rule) SECURITY.WSC.VJFS - Always verify JarFile signatures SECURITY.WSC.ZOIS - Inspect usage of scripting API SERIAL.DUID - Create a 'serialVersionUID' for all 'Serializable' classes SERIAL.ENNAC - Avoid classes that implement 'Externalizable' but do not define a no-argument constructor SERIAL.EZEE - Implement Externalizable instead of Serializable SERIAL.FT - Avoid declaring "transient" fields in non-serializable classes SERIAL.IRX - Avoid re-initializing fields in the 'readExternal()' method of 'Externalizable' classes SERIAL.MRWD - Ensure the return type of 'readResolve()' and 'writeReplace()' methods are 'java.lang.Object' SERIAL.NSFSC - Ensure Serializable classes are correct SERIAL.OC - Ensure outer class is serializable if its inner class is serializable SERIAL.ROWO - Ensure that the 'readObject()' and 'writeObject()' methods have the correct signature SERIAL.RRSC - Define a "readResolve" method for all instances of Serializable types SERIAL.RWAF - Ensure that all fields are assigned by the 'readObject()' method and written by the 'writeObject()' method SERIAL.SCBNP - Always declare writeObject and readObject methods for Serializable subclasses of non-Serializable parents SERIAL.SNNAC - Avoid serializable classes that extend a superclass without a zero-argument constructor SERIAL.SNSO - Do not store non-serializable objects as HttpSession attributes SERIAL.SPF - Declare 'serialPersistentFields' "private static final" SERIAL.SRLZ - Do not declare SerialVersionUID in classes that do not implement Serializable SERIAL.SROS - Do not declare the 'readObject()' method as "synchronized" SERVLET.AJDBC - Do not use JDBC code in Servlet classes SERVLET.BINS - Do not use 'java.beans.Beans.instantiate()' SERVLET.CETS - Catch all exceptions which may be thrown within Servlet methods SERVLET.DSN - Avoid multiple '<servlet>' elements with the same '<servlet-name>' in a 'web.xml' file SERVLET.IF - Do not define instance fields in Servlet classes SERVLET.LML - Avoid using collections without size limit in servlets SERVLET.MDC - Declare a "public" constructor that takes no parameters SERVLET.NMS - Follow a limit for the number of mappings for each servlet in a 'web.xml' file SERVLET.NSIS - Do not create static variables in a servlet SERVLET.NSSS - Do not use static variables in servlets without synchronization SERVLET.SCM - Ensure that all servlets have a corresponding mapping in 'web.xml' files SERVLET.SDTD - Specify an appropriate schema or DTD file for 'web.xml' files SERVLET.SOP - Minimize usage of System.out and System.err in Servlets SERVLET.SSN - Ensure that all '<servlet>' elements contain a single non-empty '<servlet-name>' element in 'web.xml' files SERVLET.STM - Do not use 'SingleThreadModel' in Servlet classes SERVLET.SYN - Minimize synchronization in Servlets SERVLET.UCO - Use a Context Object to manage HTTP request parameters SPRING.ACARG - Avoid constructor injection SPRING.ATCFG - Follow configuration class conventions SPRING.DESC - Use ''description'' tag in configuration file headers SPRING.IDNAME - Avoid using ''name'' and ''id'' simultaneously SPRING.IMPORTSRES - Avoid using relative ''../'' path reference to parent files SPRING.JDBCTEMPLATE - Avoid using native JDBC SPRING.LOCAL - Use ''local'' property attribute in local scope SPRING.PREFTYPE - Prefer ''type'' over ''index'' for constructor argument matching SPRING.PROPLIMIT - Follow convention for bean properties SPRING.SPRNAM - Use naming conventions for spring beans SPRING.USEID - Use ids as bean identifiers STRUTS.ACDA - Avoid accessing a database from Action Classes STRUTS.ACJC - Avoid accessing a JSP page from Action Classes STRUTS.AIV - Specify an @input attribute if '<action>' element has validation in 'struts-config.xml' files STRUTS.AMFB - Specify a '<form-bean>' for each named '<action>' element in 'struts-config.xml' files STRUTS.APSN - Avoid @prefix, @suffix, and @attribute for unnamed '<action>' elements in 'struts-config.xml' STRUTS.ARP - Avoid using relative paths for attributes in 'struts-config.xml' files STRUTS.DFV - Avoid duplicated forms in the 'validation.xml' STRUTS.DLGF - Avoid local and global forwards with the same name in 'struts-config.xml' files STRUTS.EV - Ensure validators are enabled in the 'struts-config.xml' STRUTS.FIELDS - Provide an appropriate getter and setter method for each field in a form bean STRUTS.FORM - Include only getter and setter methods in form beans STRUTS.FWD - Specify a non-empty name and path for each '<forward>' element in 'struts-config.xml' files STRUTS.IACM - Avoid calling methods of Action Classes STRUTS.INST - Do not declare instance variables in Struts Action classes STRUTS.MFBSN - Avoid defining multiple form beans with the same name in 'struts-config.xml' files STRUTS.MLFF - Specify a valid 'maxlength' value for each form field in Struts validation files STRUTS.MLVP - Use the 'minlength' validator for password fields in 'validation.xml' STRUTS.NTFB - Specify a name and type for each form bean in 'struts-config.xml' files STRUTS.PFS - Ensure that the @path attribute of '<action>' and '<forward>' elements begins with '/' in 'struts-config.xml' files STRUTS.PLUGIN - Ensure Plugins are added in the 'struts-config.xml' STRUTS.PMAC - Avoid public methods in Action Classes STRUTS.PTE - Specify a non-empty path and type for each '<exception>' element in 'struts-config.xml' files STRUTS.RSS - Ensure that the 'scope' attribute is set to either "request" or "session" for actions and exceptions in 'struts-config.xml' files STRUTS.SCDTD - Use a Struts DTD for validation in 'struts-config.xml' files STRUTS.STRUTS2.S2DAFV - Avoid duplicated field validators STRUTS.STRUTS2.S2DVF - Avoid duplicated validation files STRUTS.STRUTS2.S2DV - Avoid duplicated validators STRUTS.STRUTS2.S2NA - Ensure each validation file has a corresponding Action STRUTS.TAFP - Specify a valid 'type' attribute for each '<form-property>' element in 'struts-config.xml' files STRUTS.VPI - Enable the Struts Validator plug-in in all 'struts-config.xml' files TRS.AIL - Do not use Atomic variables when always accessed in synchronized manner TRS.ANF - Do not use 'notify()'; use 'notifyAll()' instead so that all waiting threads will be notified TRS.ATI - Avoid accidental use of "Thread.interrupted()" TRS.AUTG - Do not use variables of the unsafe type 'java.lang.ThreadGroup' TRS.AUTY - Do not use 'Thread.yield()' because it may behave differently under different Virtual Machines TRS.CDF - Avoid invoking methods using "static" 'Calendar', 'DateFormat', or 'SimpleDateFormat' TRS.CHM - Use ConcurrentHashMap instead of Hashtable and "synchronizedMap" wrapped HashMap when possible TRS.CIET - Do not catch InterruptedException except in classes extending Thread TRS.CLQ - Use ConcurrentLinkedQueue instead of Vector and synchronizedList when possible TRS.CMA - Avoid compound synchronized collection accesses which violate atomicity TRS.CSFS - Do not cause deadlocks by calling a "synchronized" method from a "synchronized" method TRS.CSTART - Do not call the "start" method of threads from inside a constructor TRS.CTRE - Do not let "this" reference escape during construction TRS.DCL - Avoid unsafe implementations of the "double-checked locking" pattern TRS.DOPQ - Do not use DiscardOldestPolicy with PriorityBlockingQueue TRS.GSD - Do not use "getState" except for debugging purposes TRS.IASF - Inspect accesses to "static" fields which may require synchronization TRS.ILI - Make lazy initializations thread-safe TRS.IMSE - Do not catch 'IllegalMonitorStateException' since this exception likely indicates a design flaw TRS.IRET - Implement Runnable instead of extending Thread TRS.IRUN - Do not call the 'run()' method directly on classes extending 'java.lang.Thread' or implementing 'java.lang.Runnable' TRS.LORD - Ensure that nested locks are ordered correctly TRS.MRAV - Access related Atomic variables in a synchronized block TRS.MRUN - Give subclasses of Thread a 'run()' method so they can run as separate threads TRS.NAME - Ensure threads are named TRS.NSM - Use "synchronized" blocks instead of making the whole method declaration "synchronized" TRS.NSYN - Ensure 'wait()', 'notify()' and 'notifyAll()' are invoked on an object that is clearly synchronized in its enclosing method scope TRS.OSNS - Avoid overriding synchronized methods with non-synchronized methods TRS.RLF - Release Locks in a "finally" block TRS.RUN - Use synchronization on methods that implement 'Runnable.run()' TRS.SCS - Do not synchronize on constant Strings TRS.SNSM - Do not mix "static" and non-"static" "synchronized" methods TRS.SOL - Do not perform synchronization using the "synchronized" keyword on implementations of "java.util.concurrent.locks.Lock" TRS.SOPF - Do not synchronize on "public" fields since doing so may cause deadlocks TRS.SOUF - Do not synchronize on non-"final" fields since doing so makes it difficult to guarantee mutual exclusion TRS.SSCI - Manually synchronize on 'synchronized' collections when iterating over them TRS.SSDF - Synchronize access to "static" SimpleDataFormats TRS.SSUG - Make the get method for a field synchronized if the set method is synchronized TRS.STR - Do not perform synchronization nor call semaphore methods on an Object's 'this' reference TRS.THRD - Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime' TRS.TSHL - Do not call 'Thread.sleep()' while holding a lock since doing so can cause poor performance and deadlocks TRS.UACS - Avoid unsynchronized accesses of "Collections.synchronized" wrapped Collections TRS.UCM - Use unsynchronized Collections/Maps only when safe TRS.USL - Use the same locking object to access variables TRS.UT - Do not start a thread without specifying a 'run()' method TRS.UWIL - Call 'wait()' and 'await()' only inside a loop that tests the liveness condition TRS.UWNA - Use 'wait()' and 'notifyAll()' instead of polling loops TRS.WOC - Use the correct method calls on "java.util.concurrent.locks.Condition" objects TRS.WOS - Do not make the "writeObject()" method synchronized if no other method is synchronized UC.AAI - Avoid unnecessary modifiers in an "interface" UC.ACC - Remove commented out Java code UC.AEEO - Ensure that classes do not explicitly extend 'java.lang.Object' UC.AESTAT - Avoid empty static and non-static initializers UC.AMAMI - Do not override "abstract" methods of a parent class with "abstract" methods UC.ARTD - Avoid redundant throw clauses UC.AUL - Avoid unused labels UC.AURCO - Avoid collection objects that are never read UC.AURV - Avoid local variables that are never read UC.BCMP - Avoid unnecessary "boolean" comparisons UC.DIEB - Avoid duplicate code in 'if' branches UC.DIL - Do not explicitly "import" the java.lang.* "package" UC.EF - Avoid empty 'finalize()' methods UC.FCSF - Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method UC.FMFC - Avoid redundant "final" keywords in method declarations in "final" classes UC.PF - Avoid unused "private" fields UC.PIMPORT - Do not import classes from the package that contains the current class UC.PM - Avoid unused "private" methods UC.RSKE - Avoid redundant 'static' keywords in enum type declarations UC.SNE - Avoid empty "synchronized" statements UC.SO - Avoid methods that only call the overridden implementation (superclass implementation) UC.UCATCH - Use a caught exception in the "catch" block UC.UCIF - Avoid unnecessary 'if' statements UC.UES - Avoid unnecessary "else" statements UC.UIMPORT - Avoid unused "import" statements UC.UPC - Avoid unused "private" classes or interfaces UC.UP - Avoid unused parameters UC.VR - Avoid unnecessary "return" statement at the end of "void" methods XML.DLTH - Avoid debug levels which are too high in Tomcat's 'server.xml' XML.WF - Ensure that XML files are well-formatted |