Menu

Showing posts with label Sonar. Show all posts
Showing posts with label Sonar. Show all posts

Code Quality Rules in AEM Cloud Manager

Sonar code quality rules in Adobe cloud manager








How to exclude or skip some line of code from Sonar violations

Exclude and skip any line of code from Sonar, so sonar will not run the violation check on that line of code. This could be done by adding a comment "//NOSONAR" at the end of line of code or block of code.

For example, in this code Sonar is raising Critical vulnerability, but this needs to be present in the code and something which cannot be changed. So, in this situation, to run the sonar successfully, this line of code should get excluded from Sonar violation check, and to do so, there will be a comment //NOSONAR needs to get added at the end of this line of code. 

e.g.

AlgorithmParameterSpec paramSpec = new IvParameterSpec(IVAes); //NOSONAR


Reference

https://www.baeldung.com/sonar-exclude-violations

Unused assignments should be removed | Sonar

Sonar code smell "Unused assignments should be removed" means, 
a dead store happens when a local variable is assigned a value that is not read by any subsequent instruction. Calculating or retrieving a value only to then overwrite it or throw it away, could indicate a serious error in the code. Even if it’s not an error, it is at best a waste of resources. Therefore all calculated values should be used.

Noncompliant Code 

i = a + b; // Noncompliant; calculation result not used before value is overwritten
i = compute();

Compliant Solution

i = a + b;
i += compute();