Fix SonarCloud reliability bugs on new code#6138
Open
dkayiwa wants to merge 1 commit into
Open
Conversation
Resolves the legitimate Java reliability issues flagged by the SonarCloud quality gate (Reliability Rating D on new code): - S2142 (16): re-interrupt the current thread when catching InterruptedException across Daemon, ServiceContext, HibernateContextDAO, S3StorageService, Hl7InArchivesMigrateThread, WebDaemon, TestInstallUtil, UpdateFilter and InitializationFilter. - S899 (12): act on the boolean returned by File.delete()/createNewFile() (log a warning on failure) in ModuleClassLoader, ModuleFactory, Listener, AbstractSnapshotTuner, TestInstallUtil and InitializationFilter. - S2119 (5): reuse a single Random/SecureRandom instance instead of creating one per call; use SecureRandom where the value is a password (MigrationHelper, InitializationFilter) and a shared Random elsewhere (OpenmrsUtil). - S2201 (6): replace the unused Collection.size() lazy-init trick with the self-documenting Hibernate.initialize(...) in UserContext and HibernateContextDAO. - S1143 (2): remove the throw from the finally block in ORUR01Handler and the return from the finally block in DatabaseDetective (the latter could wrongly report a populated database as empty when closing the connection failed). - S2390: break the Result -> EmptyResult static-init cycle with a lazy holder. - S2153 (2), S2184 (2), S4973, S2674, S2886 (2), S2259 (2): assorted boxing, integer-overflow, String comparison, unchecked-read, missing-synchronization and possible-NPE fixes. S1872 hits are left as false positives (they compare Class objects / test class names that are not on the production classpath, so instanceof cannot be used). The S2276 sleep-in-synchronized in UpdateFilter is a deliberate anti-brute-force delay and the plsql BLOCKER lives in a historical migration file; these need a SonarCloud "won't fix" rather than a code change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #6138 +/- ##
============================================
- Coverage 59.04% 58.99% -0.05%
+ Complexity 9239 9236 -3
============================================
Files 693 693
Lines 37257 37280 +23
Branches 5485 5490 +5
============================================
- Hits 21998 21993 -5
- Misses 13287 13312 +25
- Partials 1972 1975 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The SonarCloud quality gate on
masteris failing with a Reliability Rating of D on new code (required ≥ A). This PR fixes the legitimate Java reliability issues driving that rating.Fixed
S2142Thread.currentThread().interrupt()) when catchingInterruptedExceptionS899File.delete()/createNewFile()S2119Random/SecureRandom; useSecureRandomfor password generationS2201Collection.size()lazy-init trick withHibernate.initialize(...)S1143throw/returnfromfinallyblocks (ORUR01Handler,DatabaseDetective)S2390Result→EmptyResultstatic-init cycle with a lazy holderS2153S2184S4973S2674S2886S2259The
DatabaseDetectivechange is a genuine behavioural fix: areturninside afinallycould report a populated database as empty when closing the connection threw.Intentionally not changed (need SonarCloud "won't fix")
S1872(7): all compareClassobjects or test-class names that are not on the production classpath (e.g."org.openmrs.api.db.UserDAOTest"), soinstanceofcannot be used without weakening security caller-checks.S2276(UpdateFilter): theThread.sleepin asynchronizedmethod is a deliberate anti-brute-force delay.update-to-1.4.2.01-db.mysqldiff.sqlmigration, which must not be edited.Testing
mvn -pl liquibase,api,web -am compile→ BUILD SUCCESS.Targeted tests pass:
ResultTest,OpenmrsUtilTest,ORUR01HandlerTest,UserContextTest,ContextTest,ContextDAOTest(177 tests, 0 failures).🤖 Generated with Claude Code