Checker Production

belongs to group Basic
Identify operations that are not adequate for production code

Frameworks supported by this checker

  • java up to 11
  • android up to API level 28
  • dotnet

Warnings generated by this checker

  • InadequateCallInProductionWarning: a method should not be called in production code [ CWE477 ]
  • UseLogInsteadWarning: a method should be replaced with a logging code in production code [ CWE477 ]

Options accepted by this checker

  • none

Annotations understood by this checker

  • @com.juliasoft.julia.checkers.production.NotInProduction
  • @com.juliasoft.julia.checkers.production.UseLogInsteadInProduction


Description

Some operations should not be performed in production code, since they have no effect or have unpredictable effects, or since they might compromise the availability or security of your system.

Action: Verify if the operation is adequate for production code. Remove it or transform it if that is not the case.

Some operations should not be performed in production code, since they have no effect or have unpredictable effects, or since they might compromise the availability or security of your system.

Action: Verify if the operation is adequate for production code. Remove it or transform it if that is not the case.

Examples

Consider the following program:

import com.juliasoft.julia.extraction.EntryPoint;

public class InadequateCalls {
  public @EntryPoint void check(int k) {
    if (k <= 0)
      System.exit(-1);
    else
      System.out.println(k);
  }
}

This checker issues the following warning:

InadequateCalls.java:6: [Production: InadequateCallInProductionWarning] You should not call java.lang.System.exit(int):void in production code

since calls to System.exit() should not be used in production code, as they would disrupt the availability of your service.

In this example, the programmer should signal the unusual situation in other ways, for instance by throwing an exception or by showing a dialog to the user.

Consider the following program:

using System;

namespace DocumentationExamples
{


    public class Production
    {
        public static void Main(string[] args)
        {
            Check(args.Length);
        }
        public static void Check(int k)
        {
            if (k <= 0)
                Environment.Exit(-1);
            else
                Console.WriteLine(k);
        }
    }
}

This checker issues the following warning:

DocumentationExamples.cs:16: [Production: InadequateCallInProductionWarning] You should not call method "Exit" in production code DocumentationExamples.cs:18: [Production: UseLogInsteadWarning] Call to method "WriteLine" in production code should be replaced with a logging method

since calls to Environment.Exit() should not be used outside the Main in production code, as they would disrupt the availability of your service. The WriteLine should be not used because it should be replaced with a logging method.

In this example, the programmer should signal the unusual situation in other ways, for instance by throwing an exception or by showing a dialog to the user and finish the run correctly.