SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Java

Java static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code

  • All rules 733
  • Vulnerability60
  • Bug175
  • Security Hotspot40
  • Code Smell458

  • Quick Fix 65
 
Tags
    Impact
      Clean code attribute
        1. Return values should not be ignored when they contain the operation status code

           Bug
        2. @EventListener methods should have one parameter at most

           Bug
        3. "@Scheduled" annotation should only be applied to no-arg methods

           Bug
        4. Consumed Stream pipelines should not be reused

           Bug
        5. "String.indexOf" should be used with correct ranges

           Bug
        6. "Math.clamp" should be used with correct ranges

           Bug
        7. Virtual threads should not run tasks that include synchronized code

           Bug
        8. "setDaemon", "setPriority" and "getThreadGroup" should not be invoked on virtual threads

           Bug
        9. Virtual threads should be used for tasks that include heavy blocking operations

           Bug
        10. Set appropriate Status Codes on HTTP responses

           Bug
        11. Beans in "@Configuration" class should have different names

           Bug
        12. SpEL expression should have a valid syntax

           Bug
        13. "@PathVariable" annotation should be present if a path variable is used

           Bug
        14. "@Bean" methods for Singleton should not be invoked in "@Configuration" when proxyBeanMethods is false

           Bug
        15. "@Qualifier" should not be used on "@Bean" methods

           Bug
        16. "@Autowired" should only be used on a single constructor

           Bug
        17. Use of the "@Async" annotation on methods declared within a "@Configuration" class in Spring Boot

           Bug
        18. Nullable injected fields and parameters should provide a default value

           Bug
        19. Async methods should return void or Future

           Bug
        20. Model attributes should follow the Java identifier naming convention

           Bug
        21. Accessing an array element should not trigger an ArrayIndexOutOfBoundsException

           Bug
        22. Collections should not be modified while they are iterated

           Bug
        23. Calls to methods should not trigger an exception

           Bug
        24. Unsupported methods should not be called on some collection implementations

           Bug
        25. Cast operations should not trigger a ClassCastException

           Bug
        26. Equals method should be overridden in records containing array fields

           Bug
        27. Reflection should not be used to increase accessibility of records' fields

           Bug
        28. Members ignored during record serialization should not be used

           Bug
        29. Map "computeIfAbsent()" and "computeIfPresent()" should not be used to add "null" values.

           Bug
        30. AssertJ assertions with "Consumer" arguments should contain assertion inside consumers

           Bug
        31. Mockito argument matchers should be used on all parameters

           Bug
        32. The regex escape sequence \cX should only be used with characters in the @-_ range

           Bug
        33. Regex lookahead assertions should not be contradictory

           Bug
        34. Back references in regular expressions should only refer to capturing groups that are matched before the reference

           Bug
        35. Regular expressions should not overflow the stack

           Bug
        36. Regex boundaries should not be used in a way that can never be matched

           Bug
        37. Regex patterns following a possessive quantifier should not always fail

           Bug
        38. Annotated Mockito objects should be initialized

           Bug
        39. Tests method should not be annotated with competing annotations

           Bug
        40. Assertions should not be used in production code

           Bug
        41. DateTimeFormatters should not use mismatched year and week numbers

           Bug
        42. Unicode Grapheme Clusters should be avoided inside regex character classes

           Bug
        43. Case insensitive Unicode regular expressions should enable the "UNICODE_CASE" flag

           Bug
        44. Assertions should not compare an object to itself

           Bug
        45. Regular expressions should be syntactically valid

           Bug
        46. Regex alternatives should not be redundant

           Bug
        47. Alternatives in regular expressions should be grouped when used with anchors

           Bug
        48. Assertions comparing incompatible types should not be made

           Bug
        49. Repeated patterns in regular expressions should not match the empty string

           Bug
        50. AssertJ assertions "allMatch" and "doesNotContain" should also test for emptiness

           Bug
        51. AssertJ methods setting the assertion context should come before an assertion

           Bug
        52. AssertJ configuration should be applied

           Bug
        53. JUnit5 test classes and methods should not be silently ignored

           Bug
        54. JUnit5 inner test classes should be annotated with @Nested

           Bug
        55. Only one method invocation is expected when testing checked exceptions

           Bug
        56. Assertion methods should not be used within the try block of a try-catch catching an Error

           Bug
        57. "ThreadLocal" variables should be cleaned up when no longer used

           Bug
        58. Strings and Boxed types should be compared using "equals()"

           Bug
        59. "@SpringBootApplication" and "@ComponentScan" should not be used in the default package

           Bug
        60. InputSteam.read() implementation should not return a signed byte

           Bug
        61. "compareTo" should not be overloaded

           Bug
        62. "iterator" should not return "this"

           Bug
        63. Getters and setters should access the expected fields

           Bug
        64. Map values should not be replaced unconditionally

           Bug
        65. Week Year ("YYYY") should not be used for date formatting

           Bug
        66. Exceptions should not be created without being thrown

           Bug
        67. Collection sizes and array length comparisons should make sense

           Bug
        68. Consumed Stream pipelines should not be reused

           Bug
        69. Intermediate Stream methods should not be left unused

           Bug
        70. All branches in a conditional structure should not have exactly the same implementation

           Bug
        71. "@Controller" classes that use "@SessionAttributes" must call "setComplete" on their "SessionStatus" objects

           Bug
        72. Spring "@Controller" classes should not use "@Scope"

           Bug
        73. Optional value should only be accessed after calling isPresent()

           Bug
        74. Double Brace Initialization should not be used

           Bug
        75. Overrides should match their parent class methods in synchronization

           Bug
        76. Custom resources should be closed

           Bug
        77. Zero should not be a possible denominator

           Bug
        78. Value-based classes should not be used for locking

           Bug
        79. Expressions used in "assert" should not produce side effects

           Bug
        80. Constructor injection should be used instead of field injection

           Bug
        81. "volatile" variables should not be used with compound operators

           Bug
        82. Non-primitive fields should not be "volatile"

           Bug
        83. "getClass" should not be used for synchronization

           Bug
        84. Min and max used in combination should not always return the same value

           Bug
        85. Assignment of lazy-initialized members should be the last step with double-checked locking

           Bug
        86. "wait" should not be called when multiple locks are held

           Bug
        87. Indexes to passed to "String" operations should be within the string's bounds

           Bug
        88. Raw byte values should not be used in bitwise operations in combination with shifts

           Bug
        89. JEE applications should not "getClassLoader"

           Bug
        90. "Collection.toArray()" should be passed an array of the proper type

           Bug
        91. Getters and setters should be synchronized in pairs

           Bug
        92. Non-thread-safe fields should not be static

           Bug
        93. "null" should not be used with "Optional"

           Bug
        94. Unary prefix operators should not be repeated

           Bug
        95. Non-existent operators like "=+" should not be used

           Bug
        96. "PreparedStatement" and "ResultSet" methods should be called with valid indices

           Bug
        97. Files opened in append mode should not be used with "ObjectOutputStream"

           Bug
        98. "read" and "readLine" return values should be used

           Bug
        99. "Math.abs" and negation should not be used on numbers that could be "MIN_VALUE"

           Bug
        100. The value returned from a stream read should be checked

           Bug
        101. Inappropriate regular expressions should not be used

           Bug
        102. "@NonNull" values should not be set to null

           Bug
        103. Conditionally executed code should be reachable

           Bug
        104. "notifyAll()" should be preferred over "notify()"

           Bug
        105. Blocks should be synchronized on "private final" fields

           Bug
        106. Non-serializable objects should not be stored in "javax.servlet.http.HttpSession" instances

           Bug
        107. Classes should not access their own subclasses during class initialization

           Bug
        108. "wait(...)" should be used instead of "Thread.sleep(...)" when a lock is held

           Bug
        109. Printf-style format strings should not lead to unexpected behavior at runtime

           Bug
        110. "Object.wait()", "Object.notify()" and "Object.notifyAll()" should only be called from synchronized code

           Bug
        111. "Iterator.next()" methods should throw "NoSuchElementException"

           Bug
        112. Null pointers should not be dereferenced

           Bug
        113. Loop conditions should be true at least once

           Bug
        114. A "for" loop update clause should move the counter in the right direction

           Bug
        115. Methods "wait(...)", "notify()" and "notifyAll()" should not be called on Thread instances

           Bug
        116. Methods with Spring proxying annotations should be public

           Bug
        117. Methods should not call same-class methods with incompatible "@Transactional" values

           Bug
        118. Servlets should not have mutable instance fields

           Bug
        119. "toString()" and "clone()" methods should not return null

           Bug
        120. Locks should be released on all paths

           Bug
        121. ".equals()" should not be used to test the values of "Atomic" classes

           Bug
        122. Return values from functions without side effects should not be ignored

           Bug
        123. "compareTo" results should not be checked for specific values

           Bug
        124. Recursion should not be infinite

           Bug
        125. Loops should not be infinite

           Bug
        126. Math operands should be cast before assignment

           Bug
        127. Ints and longs should not be shifted by zero or more than their number of bits-1

           Bug
        128. Child class methods named for parent class methods should be overrides

           Bug
        129. Inappropriate "Collection" calls should not be made

           Bug
        130. Double-checked locking should not be used

           Bug
        131. "compareTo" should not return "Integer.MIN_VALUE"

           Bug
        132. Math should not be performed on floats

           Bug
        133. "equals" methods should be symmetric and work for subclasses

           Bug
        134. Unnecessary equality checks should not be made

           Bug
        135. Dissimilar primitive wrappers should not be used with the ternary operator without explicit casting

           Bug
        136. Unnecessary boxing and unboxing should be avoided

           Bug
        137. "runFinalizersOnExit" should not be called

           Bug
        138. "InterruptedException" and "ThreadDeath" should not be ignored

           Bug
        139. Classes that don't define "hashCode()" should not be used in hashes

           Bug
        140. Classes extending java.lang.Thread should provide a specific "run" behavior

           Bug
        141. "Double.longBitsToDouble" should take "long" as argument

           Bug
        142. Values should not be uselessly incremented

           Bug
        143. "ScheduledThreadPoolExecutor" should not have 0 core threads

           Bug
        144. String operations with predictable outcomes should be avoided

           Bug
        145. "Random" objects should be reused

           Bug
        146. "writeObject" argument must implement "Serializable"

           Bug
        147. "hashCode" and "toString" should not be called on array instances

           Bug
        148. Collections should not be passed as arguments to their own methods

           Bug
        149. "BigDecimal(double)" should not be used

           Bug
        150. Invalid "Date" values should not be used

           Bug
        151. Reflection should not be used to check non-runtime annotations

           Bug
        152. "equals(Object obj)" should test the argument's type

           Bug
        153. Resources should be closed

           Bug
        154. "Serializable" inner classes of non-serializable outer classes should be "static"

           Bug
        155. Custom serialization methods should have required signatures

           Bug
        156. "Externalizable" classes should have no-arguments constructors

           Bug
        157. The non-serializable super class of a "Serializable" class should have a no-argument constructor

           Bug
        158. Classes should not be compared by name

           Bug
        159. Related "if/else if" statements should not have the same condition

           Bug
        160. Synchronization should not be done on instances of value-based classes

           Bug
        161. "Iterator.hasNext()" should not call "Iterator.next()"

           Bug
        162. Identical expressions should not be used on both sides of a binary operator

           Bug
        163. Loops with at most one iteration should be refactored

           Bug
        164. Variables should not be self-assigned

           Bug
        165. "StringBuilder" and "StringBuffer" should not be instantiated with a character

           Bug
        166. Floating point numbers should not be tested for equality

           Bug
        167. Method parameters, caught exceptions and foreach variables' initial values should not be ignored

           Bug
        168. Methods should not be named "tostring", "hashcode" or "equal"

           Bug
        169. "Thread.run()" should not be called directly

           Bug
        170. "equals(Object obj)" and "hashCode()" should be overridden in pairs

           Bug
        171. "equals" method overrides should accept "Object" parameters

           Bug
        172. The signature of "finalize()" should match that of "Object.finalize()"

           Bug
        173. Jump statements should not occur in "finally" blocks

           Bug
        174. "super.finalize()" should be called at the end of "Object.finalize()" implementations

           Bug
        175. The "Object.finalize()" method should not be called

           Bug

        Mockito argument matchers should be used on all parameters

        intentionality - logical
        reliability
        Bug
        • tests
        • mockito

        Why is this an issue?

        How can I fix it?

        More Info

        Mockito provides argument matchers and argument captors for flexibly stubbing or verifying method calls.

        Mockito.verify(), Mockito.when(), Stubber.when() and BDDMockito.given() each have overloads with and without argument matchers.

        However, if argument matchers or captors are used only on some of the parameters, all the parameters need to have matchers as well, otherwise an InvalidUseOfMatchersException will be thrown.

        This rule consequently raises an issue every time matchers are not used on all the parameters of a stubbed/verified method.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use