SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Java

Java static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code

  • All rules 733
  • Vulnerability60
  • Bug175
  • Security Hotspot40
  • Code Smell458

  • Quick Fix 65
Filtered: 21 rules found
java8
    Impact
      Clean code attribute
        1. Java features should be preferred to Guava

           Code Smell
        2. "ThreadLocal.withInitial" should be preferred

           Code Smell
        3. Consumed Stream pipelines should not be reused

           Bug
        4. Intermediate Stream methods should not be left unused

           Bug
        5. "Stream.peek" should be used with caution

           Code Smell
        6. "Map.get" and value test should be replaced with single method call

           Code Smell
        7. Java 8's "Files.exists" should not be used

           Code Smell
        8. Value-based objects should not be serialized

           Code Smell
        9. Value-based classes should not be used for locking

           Bug
        10. "null" should not be used with "Optional"

           Bug
        11. "DateUtils.truncate" from Apache Commons Lang library should not be used

           Code Smell
        12. Types should be used in lambdas

           Code Smell
        13. "collect" should be used with "Streams" instead of "list::add"

           Code Smell
        14. "java.time" classes should be used for dates and times

           Code Smell
        15. Try-with-resources should be used

           Code Smell
        16. Standard functional interfaces should not be redefined

           Code Smell
        17. Annotation repetitions should not be wrapped

           Code Smell
        18. Lambdas should be replaced with method references

           Code Smell
        19. Parentheses should be removed from a single lambda parameter when its type is inferred

           Code Smell
        20. Anonymous inner classes containing only one method should become lambdas

           Code Smell
        21. Lambdas containing only one statement should not nest this statement in a block

           Code Smell

        Value-based classes should not be used for locking

        intentionality - logical
        reliability
        Bug
        • multi-threading
        • java8
        • lock-in

        Why is this an issue?

        More Info

        According to the documentation,

        A program may produce unpredictable results if it attempts to distinguish two references to equal values of a value-based class, whether directly via reference equality or indirectly via an appeal to synchronization…​

        This is because value-based classes are intended to be wrappers for value types, which will be primitive-like collections of data (similar to structs in other languages) that will come in future versions of Java.

        Instances of a value-based class …​

        • do not have accessible constructors, but are instead instantiated through factory methods which make no commitment as to the identity of returned instances;

        This means that you can’t be sure you’re the only one trying to lock on any given instance of a value-based class, opening your code up to contention and deadlock issues.

        Under Java 8 breaking this rule may not actually break your code, but there are no guarantees of the behavior beyond that.

        This rule raises an issue when a known value-based class is used for synchronization. That includes all the classes in the java.time package except Clock; the date classes for alternate calendars, HijrahDate, JapaneseDate, MinguoDate, ThaiBuddhistDate; and the optional classes: Optional, OptionalDouble, OptionalLong, OptionalInt.

        Note that this rule is automatically disabled when the project’s sonar.java.source is lower than 8.

        Noncompliant code example

        Optional<Foo> fOpt = doSomething();
        synchronized (fOpt) {  // Noncompliant
          // ...
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use