Close "PreparedStatement" in a "finally" clause with Spring JdbcTemplate

Deepak_Gusain · August 9, 2019, 6:25am

SonarQube version 6.7.1
Java 1.8
When we use JdbcTemplate in Spring framework, spring framework’s JdbcTemplate close the PreparedStatement object automatically.

But sonarQube raise a blocker bug saying “Use try-with-resources or close this “PreparedStatement” in a “finally” clause”
Ideally this is not a bug, but due to this false analysis, our project rating is showing E.

Below is the sample code:-

jdbcTemplate.update(new PreparedStatementCreator() {
			public PreparedStatement createPreparedStatement(Connection con) throws SQLException {
				PreparedStatement pst = con.prepareStatement(ADDON_QUERY, new String[] { "id" });

Alexandre_Gigleux · August 29, 2019, 8:11am

Hello @Deepak_Gusain,

Thanks for the feedback. You are perfectly right by saying that JdbcTemplate is taking care to close PreparedStatement automatically (https://github.com/spring-projects/spring-framework/blob/master/spring-jdbc/src/main/java/org/springframework/jdbc/core/JdbcTemplate.java#L638).

I tried to reproduce your problem with SonarQube 7.9.1 LTS and SonarJava 6.0 and there is not issue raised by 2095.

I guess you have this false-positive issue because you are using an old version of SonarQube. Can you try to upgrade and reproduce your problem with SQ 7.9+?
If you manage to reproduce the problem, that would be great to share a reproducer.

Thanks

Alexandre_Gigleux · September 13, 2019, 6:07am

Hello @Deepak_Gusain,

Did you manage to reproduce the problem with SQ 7.9+?

Thanks

system · April 8, 2021, 9:21am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.