false positive squid:S2166?

82 views
Skip to first unread message

ivan.k...@ev.uk

unread,
Dec 21, 2017, 8:27:58 AM12/21/17
to SonarLint
Hi there,

just to let you know I think I'm getting a false positive here. I believe it's because my Exception class is inheriting from another child  Exception. It's probably not considering grandchildren of Exception.

Error:



InfrastructureAppException:

public class InfrastructureAppException extends Exception {

/**
* Autogenerated
*/
private static final long serialVersionUID = 8764581426982797580L;

public InfrastructureAppException(String msg) {
super(msg);
}
public InfrastructureAppException(String msg, Exception e) {
super(msg, e);
}
}



Here's HeartbeatNotFoundException

public class HeartbeatNotFoundException extends InfrastructureAppException {


/**
* Autogenerated
*/
private static final long serialVersionUID = 5725777835595949232L;

public HeartbeatNotFoundException(String msg) {
super(msg);
}
public HeartbeatNotFoundException(String msg, Exception e) {
super(msg, e);
}
}










Michael Gumowski

unread,
Jan 2, 2018, 10:13:26 AM1/2/18
to ivan.k...@ev.uk, SonarLint
Hello Ivan,

Thanks for the feedback. I can not reproduce the issue on my side, no issue is raised when I try to implement the same pattern.

Now, could you specify and check a few more things?
  • Check in the logs of the SonarLint analysis of your file that there is no warning regarding binaries. Bytecode should be correctly provided for your project in order to have the rule behaving correctly. In particular, the rule needs to access bytecode in order to create the type hierarchy. Note that for maven projects, this should work without having to configure anything.
  • Are these two classes part of the same package or project? If the parent class is not in the same project, maybe analysis parameter "sonar.java.libraries" is missing in the configuration of your project.
  • What is your version of SonarLint (which IDE?)
  • Are you using Connected Mode with SonarQube?
  • If yes, what is the version of the SonarJava plugin on your SQ instance?
    You may try to use this URL to get it if you don't have administrator rights: http://localhost:9000/deploy/plugins/index.txt (don't forget to replace the localhost:9000 part by your real instance address)
What I suspect is that our semantic engine fails to recreate the class hierarchy... And the rule should not raise an issue in such cases. Note that that's the only way I reproduced the issue. 
I created the following ticket in order to handle this very specific case: SONARJAVA-2604 

Cheers,
Michael


-----
This e mail and any attachments are confidential. If you are not the intended recipient, please notify us immediately by replying to the sender by e mail and delete it from your system. 
E mail messages sent via the internet may not be secure and may be susceptible to data corruption, interception and unauthorised amendment, over which we have no control.  The recipient is responsible for ensuring that the transmission, opening or use of this message and any attachments will not adversely affect its systems or data. We do not accept liability for any errors arising from transmission or for any loss or damage suffered as a result of this email and/or its attachments being communicated to anyone other than the intended recipient
EValue Limited, company number 7382500
Moneybee Limited, company number 7604100
Each company is registered in England and Wales with its registered office at Benyon House, Newbury Business Park, Newbury, Berks., RG14 2PZ. Moneybee Limited is authorised and regulated by the Financial Conduct Authority.

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/11bbd03f-91f3-471a-b74e-cfb93d81e090%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Michael Gumowski | SonarSource
Software Developer, Language Team
https://www.sonarsource.com

ivan.k...@ev.uk

unread,
Jan 3, 2018, 4:25:07 AM1/3/18
to SonarLint
Hi Michael,

thanks for coming back to me.

I've been working on this through the holidays and made a lot of changes, mainly moving to Java 6 to 7 and upgrading to the latest version of the IDE and SonarLint. The thing is that the issue is no longer appearing and I'm unable to reproduce it now. From the many errors that I got initially, this was the only false positive, so I would think binaries were OK.

Answering to your questions:

  • Is a Maven project. I'm not sure on where I can find the SonarLint logs of the analysis.
  • Both classes belong to the same project and package.
  • I'm using SonarLint 3.3.1.201712071600 on Eclipse IDE Oxygen.1a Release (4.7.1a). But the issue doesn't appear with these two...I reinstalled eclipse and sonarLint
  • It's not connected to SonarQube
Thanks for looking at this. Unfortunately I can't reproduce it anymore. I'm sorry for wasting your time.

Regards,
Ivan

Michael Gumowski

unread,
Jan 3, 2018, 4:37:56 AM1/3/18
to ivan.k...@ev.uk, SonarLint
Thanks for your answer. Glad to hear that you fixed the issues and that SonarLint is helping.
No worries, it was clearly NOT wasted time, it highlighted a limitation of the rule which deserved a fix!

Cheers,
Michael

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/d7f2658f-f49d-4713-b732-7758b2f5c98e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages