Fortify issue — Dead Code unused

Kiran Kumar
1 min readMar 14, 2022

--

Abstract:
The field X is never used.

Explanation:
This field is never accessed, except perhaps by dead code. Dead code is defined as code that is never directly or indirectly executed by a public method. It is likely that the field is simply vestigial, but it is also possible that the unused field points out a bug.

Example 1:

The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.

public class Dead {
String glue;
public String getGlue() {
return "glue";}}

Example 2:
The field named glue is used in the following class, but only from a method that is never called.

public class Dead {
String glue;
private String getGlue() {
return glue;
}
}

Recommendations:
In general, you should repair or remove dead code. To repair dead code, execute the dead code directly or indirectly through a public method. Dead code causes additional complexity and maintenance burden without contributing to the functionality of the program.

Tip:

Avoid having unused code or unused variable in the class

credits :

Fortify documentation

image from softwaretesttips website

--

--

Kiran Kumar
Kiran Kumar

Written by Kiran Kumar

Technophile with 12.5 years experience in IT industry | Java Technical Manager cum Architect

No responses yet