Current Sonar Plug-in Efforts

Sonar can be augmented by the addition of plugins, several of which are currently under development at ICS. These plugins will assist in scanning our code for issues unique to our platform. Several custom rules have already been completed for our next release. To contribute ideas for bug checks not on this list, add to the Future rule development ideas section below.

Completed rules


  • Check for run-on reference statements (a.b().c().d()...)
  • Check for use of java.logging instead of log4j
  • Check for use of getBoolean("true") and getBoolean("false") as they are likely erroneous
  • Check for calls to BigInteger, String, and BigDecimal methods without handle assignment.
  • Check for non-constructor methods with the same name as the class (public class Name { public void Name() {...}})
  • Check for service methods that have no exit points other than the parameters themselves (symptom of anemic domain modeling)
  • Advise use of @ServiceProxy when entity manager is called for simple tasks


  • Check beans for thread-safety annotation where required
  • Check to ensure all @Inject fields use Provider if bean scope is "session"
  • Check to make sure that all constructor-injected properties use the provider as well
  • Check for use of @Scope("session") - Recommend change, but at low priority


  • Check for use of Sets instead of Lists on OneToMany hibernate getter methods


  • Don't use short, byte, char
  • Avoid use of longs
  • Don't use strictfp
  • No threads (javascript is single-threaded) - synchronized and volatile don't make sense
  • Don't use LayoutPanels
  • Serializable objects should reference implementations instead of interfaces (i.e. use ArrayList instead of List)
  • IsSerializable should be replaced with Serializable


  • Check stack version in POM
  • Check for lack of Provider wrapper on injected fields in session-scoped beans in POM
  • Check web.xml files for session timeout values--these should be set in deploy scripts instead.
  • Recommend inclusion of Woodstox and Jackson for better performance in applicable POM files.


  • Suggest compression of javascripts into fewer javascripts if the count exceeds a certain number.
  • Avoid deprecated formatting tags such as 'i', 'b', and 'center'.
  • Avoid formatting tags like 'em' and 'strong'. These should be moved into a css class, when possible.
  • In the main project pom, projects should list a developer tag for future support.
  • Check for duplicate ids on html elements
  • Check for use of tables to perform layouts, recommend CSS styling

Future rule development ideas

  • Maybe also check that they are not using SLF4J directly for logging
  • Possibly provide a soft recommendation to use the Stack RPC mechanisms
This page was last modified on 2 July 2010, at 11:12.

Note: Content found in this wiki may not always reflect official Church information. See Terms of Use.