SonarQube规则来自“com.sun。*”的类和“太阳。*”不应该使用包裹 [英] SonarQube rule Classes from "com.sun.*" and "sun.*" packages should not be used
问题描述
我有一个具有以下特征的J2EE项目:
I have a J2EE project with the following characteristics:
CDI 1.0
Dynamic Web Module 3.0
Java 1.7 (it's being changed to 1.8)
JSF 2.0
JPA 2.0
我正在运行SonarQube 5.6.6规则,它感觉到规则
I'm running SonarQube 5.6.6 rules against it and it felt into the rule
来自com.sun。和sun的类。不应该使用包
squid:S1191
com.sun。*和sun。*包中的类被认为是实现细节,并且是不属于Java API。迁移到新版本的Java时,它们可能会导致问题,因为没有向后兼容性保证。这些类几乎总是由应该使用的Java API类包装。
因为我正在使用类 com.sun.faces。 application.ApplicationAssociate 和 com.sun.faces.application.ApplicationResourceBundle 。
我已经找到了关于这个和大多数的另一个主题他们说我应该改变规则以排除特定的包或类。
I've seached another threads about this and most of them say I should change the rule to exclude the specific package or class.
我认为简单地规避规则是没有意义的,所以我想知道是否这些sun类有实际的java API(1.7或1.8)类。
I think there is no point in simply circumvent the rule, so I would like to know if there are actualy java API (1.7 or 1.8) classes for these sun classes.
如果没有,我相信最好保持警报直到Java API类可用于这些类sun class。
If not, I believe it's better to keep the alert until java API classes become available for these sun classes.
有关此的任何提示/建议吗?
Any tip/advice on this?
推荐答案
这是SonarQube中的一个错误。它过度概括了 sun。* 包。 htmlrel =nofollow noreferrer>为什么开发人员不应该将调用'sun'软件包的程序写入 com.sun。* 包。这是不正确的。甲骨文并不是故意在文章中提到这一点。 SonarQube实际上应该只惩罚 sun。* 包或任意JRE / JDK实现内部使用的任何内容的使用。 com.sun。* 包根本不是JRE / JDK API / impl。
That's a bug in SonarQube. It's overgeneralizing the sun.* package as mentioned in Why Developers Should Not Write Programs That Call 'sun' Packages to com.sun.* package. This is incorrect. Oracle didn't mean to say that in abovelinked article. SonarQube should really only penalize usage of sun.* package or whatever is internally used by an arbitrary JRE/JDK implementation. The com.sun.* package is not JRE/JDK API/impl related at all.
要么关闭S1191规则,或将 com.sun。* 上的所有点击标记为误报。
Either turn off the S1191 rule, or mark all hits on com.sun.* as false positive.
- What is inside com.sun package?
- SonarQube users: S1191 too strict
这篇关于SonarQube规则来自“com.sun。*”的类和“太阳。*”不应该使用包裹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
