13、Method concatenates strings using + in a loop
在循环里使用字符串连接,效率低,应该使用StringBuilder/StringBuffer
例:
String writeData = \
for (int i = 0; i < 10; i++) { writeData = writeData + \}
14、Method may fail to close database resource
没有释放数据库资源
public ResultSet callProcedure(String procedure) { Session ses = getSessionForUpdate(); ResultSet rs = null; try {
Connection conn = ses.connection(); conn.setAutoCommit(false);
CallableStatement statement = conn.prepareCall(procedure); //may fail to close CallableStatement rs = statement.executeQuery(); conn.commit();
} catch (Exception e) { e.printStackTrace(); } finally { try {
ses.close();
} catch (SQLException e) { throw e; } }
return rs; }
应当修改为:
public ResultSet callProcedure(String procedure) { Session ses = getSessionForUpdate(); ResultSet rs = null;
CallableStatement statement = null; try {
Connection conn = ses.connection(); conn.setAutoCommit(false);
statement = conn.prepareCall(procedure);
rs = statement.executeQuery(); conn.commit();
} catch (Exception e) { e.printStackTrace(); } finally { try {
statement.close(); ses.close();
} catch (SQLException e) { e.printStackTrace(); }
}
return rs; }
15、Method may fail to close stream
没有关闭流,可能会导致文件描述符泄露,应该在finally中关闭 例:
try {
FileInputStream in = new FileInputStream(file);
InputStreamReader inputStreamReader = new InputStreamReader(in); BufferedReader reader = new BufferedReader(inputStreamReader); //...
in.close();
inputStreamReader.close(); reader.close();
} catch (IOException e) {
} 修改为:
FileInputStream in = null;
InputStreamReader inputStreamReader = null; BufferedReader reader = null; try {
in = new FileInputStream(file);
inputStreamReader = new InputStreamReader(in); reader = new BufferedReader(inputStreamReader); // ...
} catch (IOException e) {
} finally { try {
in.close();
} catch (IOException e) { e.printStackTrace(); } try {
inputStreamReader.close(); } catch (IOException e) { e.printStackTrace(); } try {
reader.close();
} catch (IOException e) { e.printStackTrace(); } }
16、Method might ignore exception
This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.
应该将异常 处理、打印或者抛出 反例:
try {
//...
} catch (Exception e) { }
17、Class defines non-transient non-serializable instance field readerTypeInfo
一个实现了Serializable接口的类,含有非transient 和非serializable 的实例对象域。
This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and
writeObject() methods. Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.
18、Nullcheck of value previously dereferenced
前面获取的对象,现在引用的时候没有交验是否为null 反例:
Reader reader = null; try {
reader = this.getReaderByName(readerBasicInfo.getByName()); } catch (Exception e1) { e1.printStackTrace();
return ReaderStateConst.FAIL; }
DependenceRelation dependenceRelation = new DependenceRelation(); dependenceRelation.setDescription(reader.getIpAddress()); // 使用前没有做null校验
19、Possible null pointer dereference
可能存在的空引用
capInfo = wrapper.wrapperToClient((ReaderCapabilities) object);
try {
if (capInfo != null) { transactionDs
.saveReaderCapabilityCom((ReaderCapabilities) object); }
} catch (RuntimeException e) {
capInfo.setDetailMsg(ReaderStateConst.DB_OPT_FAIL); return capInfo; }
capInfo.setDetailMsg(ReaderStateConst.SUCCESSFUL); //capInfo可能为null
20、引用前需要做空校验
public synchronized void remove(String batNo, int count) { List
synchronized (taskList) { //使用前需要作null check //... } }
21、Possible null pointer dereference in method on exception path
例
List
districts = this.getDistricts(ReaderConst.DESC); } catch (Exception e) { e.printStackTrace(); }
if (start >= districts.size()) { //districts 可能是null tableData.setTotalCount(0); return tableData; }