DocumentBuilderFactorydbf= DocumentBuilderFactory.newInstance(); // sonar compliant ---- start // to be compliant, completely disable DOCTYPE declaration: dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); // or completely disable external entities declarations: dbf.setFeature("http://xml.org/sax/features/external-general-entities", false); dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); // or prohibit the use of all protocols by external entities: dbf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); dbf.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); // or disable entity expansion but keep in mind that this doesn't prevent fetching external entities // and this solution is not correct for OpenJDK < 13 due to a bug: https://bugs.openjdk.java.net/browse/JDK-8206132 dbf.setExpandEntityReferences(false); // sonar compliant ---- end
This accessibility update should be removed.
错误代码
1
field.setAccessible(true);
解决方法
使用反射工具类ReflectionUtils.makeAccessible替换
1
ReflectionUtils.makeAccessible(field);
This accessibility bypass should be removed.
错误代码
1
field.set(obj, value);
解决方法
使用 ReflectionUtils.setField替换
1
ReflectionUtils.setField(field, obj, value);
Use a primitive boolean expression here.
错误代码
1 2 3 4
// getFlag()可能为null,if会报错 if (test.getFlag()) { xxxx }
解决方法
1 2 3
if (Boolean.TRUE.equals(test.getFlag())) { xxxx }
Merge the previous cases into this one using comma-separated label.