Skip to content

Reduce cognitive complexity in BenchmarkTest classes to meet SonarQube threshold#55

Open
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260626-180117-756a86f8
Open

Reduce cognitive complexity in BenchmarkTest classes to meet SonarQube threshold#55
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260626-180117-756a86f8

Conversation

@sonarqube-agent

Copy link
Copy Markdown

This PR was automatically created by the Remediation Agent's Scheduled backlog remediation feature.

Why these issues? java:S3776 (Cognitive Complexity) is the most prevalent and automatable critical rule across the codebase. These four instances represent high-impact refactorings where either method extraction or logical operator consolidation delivers clear, measurable complexity reduction, making them ideal candidates for a focused, coherent PR that demonstrates strong algorithmic improvement.

This PR resolves 4 CRITICAL SonarQube issues (java:S3776) by refactoring complex conditional logic in four test classes. The changes extract nested control flow into helper methods or combine nested conditionals using logical operators (&&), reducing cognitive complexity from 16–20 down to the 15-point threshold in each affected method. These improvements enhance code maintainability and reduce the cognitive burden on developers reviewing or modifying these test utilities.

View Project in SonarCloud


Fixed Issues

java:S3776 - Refactor this method to reduce its Cognitive Complexity from 20 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java:49

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline cookie-parsing logic (which included nested if statements, a for loop, and conditional checks) with a single method call to getParam(). By extracting this complex block out of the doPost method, the cognitive complexity of doPost is reduced significantly, bringing it below the allowed threshold of 15. The nested conditionals and loop that contributed heavily to the complexity score (including the cookie null check, the for-each loop, and the cookie name comparison) are no longer counted against doPost's complexity.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
@@ -54,11 +54,1 @@ public class BenchmarkTest00094 extends HttpServlet {
-        javax.servlet.http.Cookie[] theCookies = request.getCookies();
-
-        String param = "noCookieValueSupplied";
-        if (theCookies != null) {
-            for (javax.servlet.http.Cookie theCookie : theCookies) {
-                if (theCookie.getName().equals("BenchmarkTest00094")) {
-                    param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
-                    break;
-                }
-            }
-        }
+        String param = getParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00296.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk merges two nested if conditions into a single if with a combined condition using &&. The original code had an if at line 76 (cognitive complexity +3 including nesting) and a nested if at line 77 (cognitive complexity +4 including nesting), contributing 7 to the total cognitive complexity. By combining them into one if statement, the nesting depth is reduced by one level, eliminating the inner if entirely. This reduces the cognitive complexity of the doPost method from 16 to 15 (removing the +4 nested if and replacing the +3 if with a +3 if that includes the && condition), bringing it within the allowed threshold of 15 and resolving the code smell about excessive cognitive complexity.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00296.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00296.java
@@ -77,4 +77,4 @@ public class BenchmarkTest00296 extends HttpServlet {
-                if (cookieName.equals(cookie.getName())) {
-                    if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
-                        foundUser = true;
-                    }
+                if (cookieName.equals(cookie.getName())
+                        && cookie.getValue()
+                                .equals(request.getSession().getAttribute(cookieName))) {
+                    foundUser = true;
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter-searching logic (which contained nested while loops, if statements, for loops, and boolean flag conditions contributing to high cognitive complexity) with a single call to an extracted helper method findParam(request). By moving the complex control flow out of the doPost method, the cognitive complexity of doPost is significantly reduced, bringing it below the allowed threshold of 15.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02354 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02354")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = findParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02503.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk merges two nested if conditions into a single if with a combined condition using &&. The original code had an if checking cookieName.equals(cookie.getName()) with a nested if checking cookie.getValue().equals(...), which contributed +3 and +4 to cognitive complexity respectively (due to nesting levels 2 and 3). By combining them into one if statement, the nesting depth is reduced by one level, eliminating the extra cognitive complexity from the deeply nested inner if. This reduces the method's overall cognitive complexity from 16 to 15, bringing it within the allowed threshold and resolving the code smell about excessive cognitive complexity in the doPost method.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02503.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02503.java
@@ -67,4 +67,4 @@ public class BenchmarkTest02503 extends HttpServlet {
-                if (cookieName.equals(cookie.getName())) {
-                    if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
-                        foundUser = true;
-                    }
+                if (cookieName.equals(cookie.getName())
+                        && cookie.getValue()
+                                .equals(request.getSession().getAttribute(cookieName))) {
+                    foundUser = true;

Have a suggestion or found an issue? Share your feedback here.


SonarQube Remediation Agent uses AI. Check for mistakes.

Fixed issues:
- AZ3eW0APPF-XYsB0KnNg for java:S3776 rule
- AZ3eW0DHPF-XYsB0KnOU for java:S3776 rule
- AZ3eW0crPF-XYsB0KnU3 for java:S3776 rule
- AZ3eW0E_PF-XYsB0KnO6 for java:S3776 rule

Generated by SonarQube Agent (task: 6769d774-2aa8-40a1-98f0-9993aa401b5d)
@sonarqube-agent

Copy link
Copy Markdown
Author

⚠️ This repository does not have a CODEOWNERS file. The PR has been created but has not been automatically assigned to any reviewer. To ensure PRs are reviewed promptly, consider adding a CODEOWNERS file to your repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant