False positive on Spring Boot applications and Java 8 IntStream
2,144 views
Skip to first unread message
t...@berrycloud.co.uk
Apr 18, 2016, 1:09:31 PM4/18/16
to SonarQube
Hi
I am using the Java plugin version 3.13.1.
The following code will result in a blocker issue:
@SpringBootApplication
public class App extends SpringBootServletInitializer {
public static void main(final String[] args) {
SpringApplication.run(App.class, args);
}
}
The example above comes from http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file
The Sonar Java plugin tells me to close the ConfigurableApplicationContex (squid:S2095) however if I do that then the application will stop as soon as it has finished starting so I consider this a false positive (with dangerous side effects!). If someone did close the ConfigurableApplicationContex it would only be apparent when running the application using the embedded Tomcat server, the deployable war file is unaffected.
I think Spring Boot is fairly widely used so I'm sure this issue is effecting several people.
Incidentally the Sonar Java plugin also suggests closing an IntStream (Java 8) which although probably not harmful it is unnecessary. This is also (squid:S2095).
Many Thanks.
Nicolas Peru
Apr 26, 2016, 3:19:35 AM4/26/16
to t...@berrycloud.co.uk, SonarQube
Hi,
Regarding closing of IntStream, this is a known issue handled with the following ticket: https://jira.sonarsource.com/browse/SONARJAVA-1478 which is normally fixed in the upcoming version of the analyzer.
Regarding the problem with the ConfigurableApplicationContex. I am not sure I understand how to fix the problem here :
Shall we not raise any issue on a ConfigurableApplicationContext or ideally do you think we should avoid raising the issue only within this SpringBootServletInitializer context ?
Thanks
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/98f3a990-3dfb-4e0c-ac20-29dc6af7af02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
t...@berrycloud.co.uk
May 6, 2016, 12:36:49 PM5/6/16
to SonarQube, t...@berrycloud.co.uk
Hi
Sorry for the delay in my reply.
Have you considered excluding all classes that implement AutoClosable from rule S2095? http://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html
ConfigurableApplicationContex implements AutoClosable.
Failing that I think excluding ConfigurableApplicationContext from rule S2095 would be the best option.
Many Thanks
wojtek....@gmail.com
May 18, 2016, 6:11:58 AM5/18/16
to SonarQube, t...@berrycloud.co.uk
Hi,
This is a legit false positive that I've run into as well.
Look forward to getting this one out of my Blockers column.
Thanks
W
Nicolas Peru
May 18, 2016, 11:26:57 AM5/18/16
to t...@berrycloud.co.uk, SonarQube
Hi all,
Thanks for your feedback : ticket created to exclude this one : https://jira.sonarsource.com/browse/SONARJAVA-1687
Cheers,
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ffa4c208-5a9a-4aee-8d10-84f5970b358e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages