Open
Description
Create inspections similar to AEM SonarQube rules by Cognifide
Good practices
- AEM-1 Inspections: AEM-1 & AEM-2 #148: Use predefined constant in annotation instead of hardcoded value.
- Use constants available in AEM instead of repeating inline literals
- AEM-2 Inspections: AEM-1 & AEM-2 #148: Use predefined constant instead of hardcoded value.
- Use constants available in AEM instead of repeating inline literals.
- AEM-8 Prefer cleaner
@SlingServletannotation.- Prefer cleaner
@SlingServletannotation over@Propertiesapproach. Do not mix up both approaches.
- Prefer cleaner
- AEM-14 Using http literal hardcoded makes it difficult to switch to https later on.
- We should not use http as a literal in our projects because if we want to switch to https, our code will be not ready.
- AEM-15 Usage of
synchronizedkeyword should be avoided if possible.- Usage of
synchronizedkeyword should be avoided if possible. Check if usingsynchronizedcan be replaced with more sophisticated solution.
- Usage of
- AEM-17 No mutator methods invoked on
ModifiableValueMapModifiableValueMapshould be replaced byValueMapif no mutator methods are invoked.
Possible bugs
- AEM-3 Inspections: AEM-3 #159 Non-thread safe object used as a field of Servlet/Filter etc.
- It if not safe to keep session based object as a field in
ServletorFilter. Rule checks for the occurrence of any instance or static fields of following types:org.apache.sling.api.resource.ResourceResolverjavax.jcr.Sessioncom.day.cq.wcm.api.PageManagercom.day.cq.wcm.api.components.ComponentManagercom.day.cq.wcm.api.designer.Designercom.day.cq.dam.api.AssetManagercom.day.cq.tagging.TagManagercom.day.cq.security.UserManagerorg.apache.jackrabbit.api.security.user.Authorizableorg.apache.jackrabbit.api.security.user.Userorg.apache.jackrabbit.api.security.user.UserManager
- It if not safe to keep session based object as a field in
- AEM-6 Inspections: AEM 6 implementation #162 ResourceResolver should be closed in finally block.
- According to its Javadoc, Resource Resolver has a life cycle which begins with the creation of the Resource Resolver using any of the factory methods and ends with calling the
closemethod. It is very important to call theclosemethod once the resource resolver is not used any more to ensure any system resources are properly clean up.
- According to its Javadoc, Resource Resolver has a life cycle which begins with the creation of the Resource Resolver using any of the factory methods and ends with calling the
- AEM-7 Session should be logged out in finally block.
- Manually created
javax.jcr.Sessionshould be logged out after it is no longer needed. Thelogoutmethod releases all resources associated withSession.
- Manually created
- AEM-11 Do not use deprecated administrative access methods
- Administrative access to the resource tree and JCR Repository by means of usage of
ResourceResolverFactory.getAdministrativeResourceResolverandSlingRepository.loginAdministrativehas been deprecated. UseResourceResolverFactory.getServiceResourceResolverorSlingRepository.loginServicerrespectively.
- Administrative access to the resource tree and JCR Repository by means of usage of
Sling Models related
- AEM-16 Inspections: AEM-16 #157 Optional is defined as
DefaultInjectionStrategy- Usage of
@Optionalannotation is redundant, whendefaultInjectionStrategyisOPTIONAL.
- Usage of
Description of inspection is taken from Cognifide/AEM-Rules-for-SonarQube github page