Skip to main content

Set private constructor to hide implicit public constructor (Sonar)


ImportanceReview GuidanceRequires Scanning Tool
LOWMerge After ReviewYes (Sonar)

This change adds private constructors to utility classes. Utility classes are only meant to be accessed statically. Since they're not meant to be instantiated, we can use the Java's code visibility protections to hide the constructor and prevent unintended or malicious access.

Our changes look something like this:

   public class Utils {
+ private Utils() {}


Why is this codemod marked as Merge After Review?

This change depends completely on Sonar's accuracy about in identifying types that are meant to only offer static utilities. Our testing shows this generally works as expected, but correctness can't be guaranteed in all situations.