Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add clarifying braces to misleading code #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add clarifying braces to misleading code #22

wants to merge 1 commit into from

Conversation

@pixeebot
Copy link

@pixeebot pixeebot bot commented May 12, 2025

This change adds clarifying braces to misleading code blocks that look like they may be executing unintended code.

Consider the following code:

if (isAdmin)
  doFirstThing();
  doSecondThing();

Although the code formatting makes it look like doSecondThing() only executes if isAdmin is true, it actually executes regardless of the value of the condition. This pattern of not having curly braces in combination with misaligned indentation leads to security bugs, including the famous Apple iOS goto fail bug from their SSL library which allowed attackers to intercept and modify encrypted traffic.

This codemod will add braces to control flow statements to make the code more clear, but only in situations in which there is confusing formatting. Our changes look something like this:

- if (isAdmin)
+ if (isAdmin) {
    doFirstThing();
+ }    
    doSecondThing();

Note that these changes illuminate situations in which there may be bugs and help make the control flow more clear.

More reading

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:java/add-clarifying-braces

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 12, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
70.6% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

@pixeebot
Copy link
Author

pixeebot bot commented May 20, 2025

I'm confident in this change, but I'm not a maintainer of this project. Do you see any reason not to merge it?

If this change was not helpful, or you have suggestions for improvements, please let me know!

@pixeebot
Copy link
Author

pixeebot bot commented May 21, 2025

Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!

@pixeebot
Copy link
Author

pixeebot bot commented May 27, 2025

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.

@pixeebot pixeebot bot closed this May 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant