False negaitve about the rule RSPEC-2658

Belle · June 27, 2025, 7:34am

Hi, I am using SonarQube and SonarScanner which are latest version. I tried some cases in the document (vulnerability category), but SonarQube failed to report them.

The following figure shows a RSPEC-2658 example:

public class Main {
    public static void main(String[] args) throws Exception {
        String className = System.getProperty("messageClassName");
        Class clazz = Class.forName(className); // should report a warning, but no warnings.
        System.out.println(clazz);
    }
}

This is the analysis results:

There are also no warnings in security hotspots.

Colin · June 27, 2025, 7:51am

Hey there!

This rule is not included in the built-in Quality Profile (the “Sonar Way”). Have you made sure to assign this project to a QP where the rule is turned on?

system · July 4, 2025, 7:52am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
A false negaitve about the rule RSPEC-6350 Report False-positive / False-negative... java , security	2	619	April 28, 2022
False Negative for rule RSPEC-6070 Report False-positive / False-negative... java , sonarqube , scanner	3	24	June 3, 2025
False negatives about the rule RSPEC 2692 Report False-positive / False-negative... java	2	498	May 12, 2022
False Negative for rule RSPEC-1226 Report False-positive / False-negative... java , sonarqube , scanner	1	11	June 3, 2025
A false positive about the rule RSPEC-2974 Report False-positive / False-negative... false-positive	6	761	September 25, 2023

False negaitve about the rule RSPEC-2658

Related topics