Skip to content

Reduce cognitive complexity across five benchmark test methods#61

Open
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260702-180115-f305a300
Open

Reduce cognitive complexity across five benchmark test methods#61
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260702-180115-f305a300

Conversation

@sonarqube-agent

Copy link
Copy Markdown

This PR was automatically created by the Remediation Agent's Scheduled backlog remediation feature.

Why these issues? All five issues are CRITICAL java:S3776 violations spanning the fewest files with clear, high-impact refactoring targets. Addressing the most severe outliers (methods with complexity 21–26) yields maximum improvement with minimal changes, automating straightforward extractions and consolidations.

This change reduces cognitive complexity in five benchmark test classes by extracting complex parameter extraction logic and consolidating exception handling. Each method exceeded the allowed cognitive complexity threshold of 15 by significant margins (ranging from 16 to 26), and these refactorings bring them into compliance while improving code readability.

View Project in SonarCloud


Fixed Issues

java:S3776 - Refactor this method to reduce its Cognitive Complexity from 19 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00528.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter-searching logic (which included nested while/if/for loops with compound conditions contributing heavily to cognitive complexity) with a single method call getParam(request). By extracting this complex block out of doPost, the cognitive complexity of doPost is significantly reduced — removing the while loop (+1), the && flag condition (+1), the nested if for values != null (+2), the nested for loop (+3), the && flag in the for condition (+1), and the deeply nested if for value.equals (+4), totaling 12 points of cognitive complexity removed from doPost. This addresses both the overall cognitive complexity issue on the doPost method (which was at 19, exceeding the allowed 15) and the specific flow contributions from the nested control structures and compound boolean conditions within this extracted block.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00528.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00528.java
@@ -43,16 +43,1 @@ public class BenchmarkTest00528 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest00528")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = getParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 25 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01432.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk extracts the parameter-searching logic (while loop with nested if/for statements) from the doPost method into a separate method call extractParam(request). This reduces the cognitive complexity of doPost by removing the while loop, nested conditionals, and nested for loop that contributed significantly to the complexity score. The doPost method had a cognitive complexity of 25, exceeding the allowed threshold of 15. By extracting this block into a helper method, the deeply nested control flow (while with && condition, nested if, nested for with && condition, and deeply nested if) no longer counts toward doPost's cognitive complexity.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01432.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01432.java
@@ -43,16 +43,1 @@ public class BenchmarkTest01432 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest01432")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01976.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk consolidates six separate catch blocks (for NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, and InvalidAlgorithmParameterException) into a single multi-catch block. Each of those individual catch blocks contributed +1 to the cognitive complexity of the doPost method (5 of the 6 catches contributed, since one catch remains). By merging them into one catch clause, the cognitive complexity is reduced by 5 points, bringing the method's complexity from 16 down to within the allowed threshold of 15.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01976.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01976.java
@@ -124,31 +124,6 @@ public class BenchmarkTest01976 extends HttpServlet {
-        } catch (java.security.NoSuchAlgorithmException e) {
-            response.getWriter()
-                    .println(
-                            "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
-            e.printStackTrace(response.getWriter());
-            throw new ServletException(e);
-        } catch (javax.crypto.NoSuchPaddingException e) {
-            response.getWriter()
-                    .println(
-                            "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
-            e.printStackTrace(response.getWriter());
-            throw new ServletException(e);
-        } catch (javax.crypto.IllegalBlockSizeException e) {
-            response.getWriter()
-                    .println(
-                            "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
-            e.printStackTrace(response.getWriter());
-            throw new ServletException(e);
-        } catch (javax.crypto.BadPaddingException e) {
-            response.getWriter()
-                    .println(
-                            "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
-            e.printStackTrace(response.getWriter());
-            throw new ServletException(e);
-        } catch (java.security.InvalidKeyException e) {
-            response.getWriter()
-                    .println(
-                            "Problem executing crypto - javax.crypto.Cipher.getInstance(java.lang.String) Test Case");
-            e.printStackTrace(response.getWriter());
-            throw new ServletException(e);
-        } catch (java.security.InvalidAlgorithmParameterException e) {
+        } catch (java.security.NoSuchAlgorithmException
+                | javax.crypto.NoSuchPaddingException
+                | javax.crypto.IllegalBlockSizeException
+                | javax.crypto.BadPaddingException
+                | java.security.InvalidKeyException
+                | java.security.InvalidAlgorithmParameterException e) {
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 23 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02291.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (containing nested while loops, if statements, and for loops that contributed significantly to cognitive complexity) with a single method call to extractParam(request). By extracting this complex control flow into a separate method, the cognitive complexity of the doPost method is reduced, since method calls are "free" in cognitive complexity scoring. This directly addresses the high cognitive complexity (23 vs allowed 15) of the doPost method reported as a code smell for the doPost method needing refactoring to reduce its Cognitive Complexity.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02291.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02291.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02291 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02291")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 26 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02348.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces a complex inline parameter extraction block (containing nested while loops, for loops, and conditionals) with a single method call to extractParam(request). By extracting this logic into a separate method, the cognitive complexity of the doPost method is reduced significantly — removing the nested loops and conditionals that contributed +1 (while), +1 (&&), +2 (nested if), +3 (nested for), +1 (&&), and +4 (deeply nested if) to the complexity score. This directly addresses the high cognitive complexity warning on the doPost method, which was measured at 26 against an allowed threshold of 15. The extraction reduces the nesting depth and control flow complexity within doPost, making it easier to read and understand.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02348.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02348.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02348 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02348")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);

Have a suggestion or found an issue? Share your feedback here.


SonarQube Remediation Agent uses AI. Check for mistakes.

Fixed issues:
- AZ3eW0-DPF-XYsB0KndL for java:S3776 rule
- AZ3eW4KhPF-XYsB0KoT4 for java:S3776 rule
- AZ3eW43iPF-XYsB0Kogx for java:S3776 rule
- AZ3eW0l0PF-XYsB0KnWy for java:S3776 rule
- AZ3eW0qbPF-XYsB0KnX0 for java:S3776 rule

Generated by SonarQube Agent (task: 085e327e-95e0-4f01-8fda-ccffef761f7c)
@sonarqube-agent

Copy link
Copy Markdown
Author

⚠️ This repository does not have a CODEOWNERS file. The PR has been created but has not been automatically assigned to any reviewer. To ensure PRs are reviewed promptly, consider adding a CODEOWNERS file to your repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant