Skip to content

Reduce cognitive complexity in five benchmark test classes#48

Open
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260619-180112-adf20698
Open

Reduce cognitive complexity in five benchmark test classes#48
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260619-180112-adf20698

Conversation

@sonarqube-agent

Copy link
Copy Markdown

This PR was automatically created by the Remediation Agent's Scheduled backlog remediation feature.

Why these issues? All five issues target the same rule (java:S3776 Cognitive Complexity) with consistent, automatable refactoring patterns across distinct files. The fixes apply the same well-established technique—method extraction—to reduce nesting and control flow complexity, making this a coherent, high-impact PR that improves code quality systematically.

Refactored five benchmark test classes (BenchmarkTest01197, BenchmarkTest01399, BenchmarkTest02295, BenchmarkTest02360, and BenchmarkTest02614) by extracting complex nested control flow from doPost methods into dedicated helper methods. This brings all five methods below the SonarQube cognitive complexity threshold of 15, eliminating critical code smells and improving code maintainability.

View Project in SonarCloud


Fixed Issues

java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01197.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline cookie-searching logic (which included nested if statements, a for loop with a compound condition, and deep nesting) with a single method call to isUserFound(). By extracting this complex block into a separate method, the cognitive complexity of the doPost method is significantly reduced — removing the contributions from the nested if (cookies != null), the for loop, the if (cookieName.equals(...)), and the if (cookie.getValue()...) checks, which together contributed heavily to the method's cognitive complexity score of 16. This brings the complexity below the allowed threshold of 15.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01197.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01197.java
@@ -75,13 +75,1 @@ public class BenchmarkTest01197 extends HttpServlet {
-            boolean foundUser = false;
-            javax.servlet.http.Cookie[] cookies = request.getCookies();
-            if (cookies != null) {
-                for (int i = 0; !foundUser && i < cookies.length; i++) {
-                    javax.servlet.http.Cookie cookie = cookies[i];
-                    if (cookieName.equals(cookie.getName())) {
-                        if (cookie.getValue()
-                                .equals(request.getSession().getAttribute(cookieName))) {
-                            foundUser = true;
-                        }
-                    }
-                }
-            }
+            boolean foundUser = isUserFound(request, cookieName);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 18 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01399.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (which contained nested while loops, for loops, and if statements contributing significantly to cognitive complexity) with a single method call to extractParam(). By extracting this complex block into a separate method, the doPost method's cognitive complexity is reduced well below the threshold of 15, addressing the code smell about excessive cognitive complexity in the doPost method.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01399.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01399.java
@@ -43,16 +43,1 @@ public class BenchmarkTest01399 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest01399")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 17 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (which contained nested while loops, if statements, and for loops contributing to high cognitive complexity) with a single method call to extractParam(). By moving the complex nested control flow out of the doPost method, the cognitive complexity of doPost is significantly reduced, bringing it below the allowed threshold of 15. The nested while loop with a compound condition, the nested if-check for null values, the nested for loop, and the nested if-check for the matching parameter name are all removed from doPost's complexity calculation.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02295.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02295 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02295")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 17 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02360.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (which contained nested while loops, if statements, and for loops contributing to high cognitive complexity) with a single method call to extractParam(). By moving the deeply nested control flow out of the doPost method, the cognitive complexity of doPost is significantly reduced, bringing it below the allowed threshold of 15.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02360.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02360.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02360 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02360")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 17 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02614.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces a deeply nested block of cookie-searching logic (containing multiple nested if statements, a for loop with a compound condition, and several levels of nesting) with a single method call to findUserCookie(). By extracting this complex code into a separate method, the cognitive complexity of the doPost method is significantly reduced — removing the contributions from the nested if/for/if/if structure, the compound loop condition, and the deep nesting penalties that collectively added substantial cognitive complexity to the method.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02614.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02614.java
@@ -91,13 +91,1 @@ public class BenchmarkTest02614 extends HttpServlet {
-            boolean foundUser = false;
-            javax.servlet.http.Cookie[] cookies = request.getCookies();
-            if (cookies != null) {
-                for (int i = 0; !foundUser && i < cookies.length; i++) {
-                    javax.servlet.http.Cookie cookie = cookies[i];
-                    if (cookieName.equals(cookie.getName())) {
-                        if (cookie.getValue()
-                                .equals(request.getSession().getAttribute(cookieName))) {
-                            foundUser = true;
-                        }
-                    }
-                }
-            }
+            boolean foundUser = findUserCookie(request, cookieName);

Have a suggestion or found an issue? Share your feedback here.


SonarQube Remediation Agent uses AI. Check for mistakes.

Fixed issues:
- AZ3eW054PF-XYsB0Knbw for java:S3776 rule
- AZ3eW00ZPF-XYsB0KnaW for java:S3776 rule
- AZ3eW08FPF-XYsB0Knca for java:S3776 rule
- AZ3eW09NPF-XYsB0Kncz for java:S3776 rule
- AZ3eW04IPF-XYsB0KnbW for java:S3776 rule

Generated by SonarQube Agent (task: fc5c8900-fe9f-4ce9-a928-899598b297f8)
@sonarqube-agent

Copy link
Copy Markdown
Author

⚠️ This repository does not have a CODEOWNERS file. The PR has been created but has not been automatically assigned to any reviewer. To ensure PRs are reviewed promptly, consider adding a CODEOWNERS file to your repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant