SQL string concatenation false positive with ternary operator

[e.li...@gmail.com]

Hi,

When using the ternary operator to assign one of two values to a variable holding a SQL statement, SonarLint complains about concatenation:

final boolean someCondition = ...
final String sql1 = ...
final String sql2 = ...
final String sql = someCondition ? sql1 : sql2;

Connection conn = ...
PreparedStatement stmt;
try {
  stmt = conn.prepareStatement(sql); // "Use a variable mechanism to construct..."
} catch (SQLException e) {
  ...
} finally {
  ...
}

IntelliJ IDEA Ultimate 2018.1.4, build IU-181.5087.20

SonarLint version 3.4.2.2586

Cheers,

Even

[Michael Gumowski]

Hey Even,

Thanks a lot for the feedback. This is indeed a FP with implementation of rule S2077. I created the following ticket to handle the issue: SONARJAVA-2779

Note that once fixed, in order to benefit from the fix, you will need to wait for an update of SonarLint to embed the proper version of the SonarJava analyzer (for standalone mode). For connected mode, only updating SonarJava on your SonarQube instance and synchronize SonarLint will do the trick.

Regards,

Michael

--
Important: this SonarLint Google Group will close on June 11th, 2018, in order to move to a new forum to power even more community discussions. See details in this post: https://groups.google.com/d/msg/sonarlint/7mRg447YjWM/yk64X5HyAQAJ
---
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/59f706ab-08e3-4f67-a75d-01f4d62c4349%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Michael Gumowski | SonarSource

Software Developer, Language Team
https://www.sonarsource.com