今天继续来看Sonar规则
3、Throwable.printStackTrace(...) should not be called
处理异常时不要用e.printStackTrace(),最好记录log
Throwable.printStackTrace(...) prints a Throwable and its stack trace to some stream. By default that stream System.Err, which could inadvertently expose sensitive information.
Loggers should be used instead to printThrowables, as they have many advantages:
1、Users are able to easily retrieve the logs.
2、The format of log messages is uniform and allow users to browse the logs easily.
This rule raises an issue when printStackTrace is used without arguments, i.e. when the stack trace is printed to the default stream.
4、"public static" fields should be constant
There is no good reason to declare a field "public" and "static" without also declaring it "final". Most of the time this is a kludge to share a state among several objects. But with this approach, any object can do whatever it wants with the shared state, such as setting it to null.
从代码安全性上考虑,public static 一定要加 final。
Sonar相关规则解读1
网友评论