squid:S1948 generates false-positves for the "interface extend interface" special case.
571 views
Skip to first unread message
Tibor
Apr 11, 2016, 1:04:19 PM4/11/16
to SonarQube
Hi,
we enabled the squid:S1948 rule, but this generated false-positive issues for us in that case when the class implements an interface that is extends the Serializable.
This is the base interface:
public interface Bean extends Serializable {
}
This is the class:public class Data implements Bean {}
We use the sonar-maven-plugin:3.0.1:sonar plugin with the SonarQube 4.5.6.
Please check this issue.
Thanks for it.
Regards,
Tibor
Michael Gumowski
Apr 12, 2016, 3:34:11 AM4/12/16
to Tibor, SonarQube
Hello Tibor,
Thank you for your feedback. I'm not sure to understand your problem. If a class implements an interface, extending Serializable, then the fields of that class should be serializable too. Could you provide example of field getting issue raised on, and why you judge them as being FP?
What is the version of the java plugin you are using?
Regards,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/4080fc86-1841-4529-91e9-f19f83096b27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
TAKACS Tibor
Apr 12, 2016, 5:42:16 AM4/12/16
to Michael Gumowski, SonarQube
Hi Michael,
I tested again the issue and when the "Bean" is in the same artifact the rule is working well.
public class Error implements Bean {
public Data data;
public Data2 data2;
}
But when the "Data2" implements in the same way an interface that is extend the Serializable we got this problem. The other artifact (with the ServiceBean) is an aar type dependency.import other.artifact.ServiceBean;
public class Data2 implements ServiceBean {
}public interface ServiceBean extends Serializable {
}
The source and the target version is 1.7.
Regards,
Tibor
Michael Gumowski
Apr 26, 2016, 4:46:06 AM4/26/16
to TAKACS Tibor, SonarQube
Hello Tibor,
Thanks for the details. The issue comes from the fact that the bytecode from ServiceBean is within an 'aar'. Unfortunately, the java analyzer currently does not retrieve bytecode from 'aar' dependencies.
The issue is consequently a false positive that we won't be able to handle as long as we are not providing support of 'aar' dependencies.
I created the following JIRA ticket to cover this case: https://jira.sonarsource.com/browse/SONARJAVA-1652
Regards,
spe...@intralinks.com
Dec 23, 2016, 1:41:22 PM12/23/16
to SonarQube
I have the same issue, and I am not using an 'aar' file, just a normal jar.
I have 2 occurrences of this in my codebase, both due to the same scenario in the code as described by Tibor Takacs.
public interface Foo extends Serializable { ...}
public class MyException extends Exception { private final Foo foo; ^^^^^^^^^^^^^^^^^^^^^^--------------------------------------- | Make "errorType" transient or serializable. (squid:S1948) | -------------------------------------------------------------
public MyException(Foo foo) { this.foo = foo; }}The java.lang.Exception class, of course, also extends Serializable.
Since this has nothing to do with using an 'aar' file, I think this false positive is not related to the 'aar' file specifically.
We're using SonarQube 5.1.
Thanks,
Sam
Nicolas Peru
Jan 3, 2017, 3:28:50 AM1/3/17
to spe...@intralinks.com, SonarQube
Hi, can you please not hijack threads and post multiple times? Please open a dedicated thread with your problem and precising which version of SonarJava analyzer you are using.
That would help to keep problems separated and not make too much noise on the mailing list hence improving the quality of the community support we can provide.
Thanks for your understanding.
Cheers
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ac9a2071-c3a6-407d-9555-cbbe5254dfad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Reply all
Reply to author
Forward
0 new messages