Skip to content

Reduce cognitive complexity in five benchmark test methods#67

Open
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260709-180121-c4b97437
Open

Reduce cognitive complexity in five benchmark test methods#67
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260709-180121-c4b97437

Conversation

@sonarqube-agent

Copy link
Copy Markdown

This PR was automatically created by the Remediation Agent's Scheduled backlog remediation feature.

Why these issues? All five issues stem from java:S3776 (Cognitive Complexity), which is the most frequently occurring rule in this codebase (70+ occurrences). This rule is well-scoped, actionable, and highly automatable through method extraction refactoring. Grouping these five related fixes under a single PR ensures coherent changes with maximum ROI for automated complexity reduction.

This PR refactors five doPost methods in benchmark test classes by extracting complex parameter extraction logic into separate helper methods. These changes reduce cognitive complexity from 16-17 down to the allowed threshold of 15, eliminating deeply nested loops and conditionals that exceeded SonarQube's java:S3776 rule.

View Project in SonarCloud


Fixed Issues

java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00599.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (containing nested while loops, for loops, and if statements) in the doPost method with a single method call to extractParam(). By moving this complex control flow out of doPost, the cognitive complexity of doPost is reduced, bringing it below the allowed threshold of 15. The nested loops and conditionals that contributed +1 (while), +1 (&&), +2 (nested if), +3 (nested for), +1 (&&), and +4 (deeply nested if) to the cognitive complexity score are no longer counted against doPost. This also helps reduce the overall method complexity that includes the catch block (+1), the nested if inside the catch (+2), and the else throw (+1), which remain in doPost but are now within the allowed threshold since the extracted parameter logic no longer adds its complexity.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00599.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00599.java
@@ -43,16 +43,1 @@ public class BenchmarkTest00599 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest00599")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 17 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01367.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk reduces the cognitive complexity of the doPost method by merging two nested if-conditions into a single if-condition with a logical AND (&&). The original code had an if statement checking the cookie name (at line 76), with another deeply nested if inside checking the cookie value (at line 77) — these two nested conditions contributed significantly to the cognitive complexity score (+3 and +4 respectively due to nesting depth). By combining them into a single condition using &&, one level of nesting is eliminated, which reduces the cognitive complexity of the method from 17 down to within the allowed threshold of 15. This addresses the code smell about the method's cognitive complexity being too high and needing refactoring to reduce its complexity.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01367.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01367.java
@@ -77,5 +77,4 @@ public class BenchmarkTest01367 extends HttpServlet {
-                    if (cookieName.equals(cookie.getName())) {
-                        if (cookie.getValue()
-                                .equals(request.getSession().getAttribute(cookieName))) {
-                            foundUser = true;
-                        }
+                    if (cookieName.equals(cookie.getName())
+                            && cookie.getValue()
+                                    .equals(request.getSession().getAttribute(cookieName))) {
+                        foundUser = true;
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01405.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (which contained nested while loops, for loops, conditionals, and a boolean flag) with a single method call to extractParam(request). By extracting this complex block out of the doPost method, the cognitive complexity of doPost is significantly reduced — removing the while loop (+1), the && flag condition (+1), the nested if (+2), the nested for loop (+3), the && flag in the for (+1), and the deeply nested if (+4). This directly addresses the cognitive complexity issue reported on the doPost method, which had a cognitive complexity of 16 exceeding the allowed threshold of 15. The refactoring reduces the method's complexity by moving the nested control flow into a separate helper method.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01405.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01405.java
@@ -43,16 +43,1 @@ public class BenchmarkTest01405 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest01405")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02303.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (containing nested while loops, if statements, and for loops) with a single method call to extractParam(request). By extracting this complex block out of the doPost method, the cognitive complexity of doPost is reduced. The nested control flow structures — the while loop with compound condition (+1, +1), the if check for null values (+2 incl nesting), the nested for loop with compound condition (+3 incl nesting, +1), the nested if for value equality (+4 incl nesting), plus the catch blocks and additional if statements later in the method (+1, +1, +2) — together contributed to a cognitive complexity score of 16. Moving the deeply nested parameter extraction logic to a separate method removes those increments from doPost's complexity calculation, bringing it within the allowed threshold of 15.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02303.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02303.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02303 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02303")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);
java:S3776 - Refactor this method to reduce its Cognitive Complexity from 16 to the 15 allowed. • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java:39

Why is this an issue?

Cognitive Complexity is a measure of how hard it is to understand the control flow of a unit of code. Code with high cognitive complexity is hard to read, understand, test, and modify.

What changed

This hunk replaces the inline parameter extraction logic (containing nested while loops, if statements, and for loops) with a single method call to extractParam(request). By extracting this complex block out of the doPost method, the cognitive complexity of doPost is significantly reduced — removing the while loop (+1), the && flag condition (+1), the nested if (+2), the nested for loop (+3), the && flag in the for (+1), and the deeply nested if (+4), which together contributed 12 points of cognitive complexity. This also reduces the nesting depth for the catch block and its nested if-statement that were contributing additional cognitive complexity (+1 for catch, +2 for nested if, +1 for else). With the extracted method, these remaining constructs have lower nesting levels, bringing the total cognitive complexity of doPost below the allowed threshold of 15.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
@@ -43,16 +43,1 @@ public class BenchmarkTest02367 extends HttpServlet {
-        String param = "";
-        boolean flag = true;
-        java.util.Enumeration<String> names = request.getParameterNames();
-        while (names.hasMoreElements() && flag) {
-            String name = (String) names.nextElement();
-            String[] values = request.getParameterValues(name);
-            if (values != null) {
-                for (int i = 0; i < values.length && flag; i++) {
-                    String value = values[i];
-                    if (value.equals("BenchmarkTest02367")) {
-                        param = name;
-                        flag = false;
-                    }
-                }
-            }
-        }
+        String param = extractParam(request);

Have a suggestion or found an issue? Share your feedback here.


SonarQube Remediation Agent uses AI. Check for mistakes.

Fixed issues:
- AZ3eW0rPPF-XYsB0KnYE for java:S3776 rule
- AZ3eW0TxPF-XYsB0KnSQ for java:S3776 rule
- AZ3eW0pCPF-XYsB0KnXf for java:S3776 rule
- AZ3eW0smPF-XYsB0KnYg for java:S3776 rule
- AZ3eW0msPF-XYsB0KnXB for java:S3776 rule

Generated by SonarQube Agent (task: 83b23123-e176-412b-bd89-319f6832dc1e)
@sonarqube-agent

Copy link
Copy Markdown
Author

⚠️ This repository does not have a CODEOWNERS file. The PR has been created but has not been automatically assigned to any reviewer. To ensure PRs are reviewed promptly, consider adding a CODEOWNERS file to your repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant