[JAVA] S3457 Printf-style format strings should be used correctly - False Positive - it doesn't support strings evaluated at compile time

[Adam Gabryś]

Hello,

S3457 rule doesn't support strings evaluated at compile time:

I tried to change the order of the instructions and result was always the same - issue is not created only for: Logger.getLogger(NAME).log(Level.INFO, "Log1 " + CONST_VALUE + ".");

Environment:

• SonarQube 6.7.4
• SonarJava 5.4

Example class:
https://github.com/agabrys/sonarqube-falsepositives/blob/master/src/main/java/biz/gabrys/agabrys/sonarqube/falsepositives/d20180606/S3457.java

Project:
https://github.com/agabrys/sonarqube-falsepositives

Build:
mvn clean package sonar

Regards
Adam Gabryś

[Michael Gumowski]

Hey,

Thanks a lot for the reproducer Adam. Indeed, these strings are going to be compiled into string literals, and raising issue there causes FPs.

I created the following ticket to handle them: SONARJAVA-2780

Cheers,

Michael

--
Important: this SonarQube Google Group will close on June 11th, 2018, in order to move to a new forum to power even more community discussions. See details in this post: https://groups.google.com/d/msg/sonarqube/BbSZz-JnhVM/DavhMueEAAAJ
---
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/VI1PR08MB050970FB27895E26F135640598650%40VI1PR08MB0509.eurprd08.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--

Michael Gumowski | SonarSource

Software Developer, Language Team
https://www.sonarsource.com