False Negative for rule RSPEC-2201

Hi Team, I will like to bring this potential issue to your attention. Reference Images 1 and 2 below, where Image 1 is the original and Image 2 is a variant. Image 1 correctly shows that the bug rule in RSPEC-2201 was violated in line 31 while in Image 2 violation of the same bug rule is not flagged in line 31.

Sonarqube version: 9.9.0.65466
SonarScanner version: 5.0.1.3006
SonarQube Community Edition
Related language: Java


Image 1


Image 2

Thanks for your time and consideration.

Hey there.

Please take a look at this post on reporting false-positives.

You’ll need to provide a text-based snippet of code, and make sure the issue can be reproduced on the latest version of SonarQube’s Community Build.

Only the latest version of SonarQube Community Build is considered active, so you’ll need to upgrade and see if the false-negative can still be produced!

Your upgrade path is:

9.9.0 → 24.12 → 25.5

You may find these resources helpful:

Hi Team,

A rescan has been done on the code snippet with version SonarQube 10.7 and the violation of bug RSPEC-2201 was not flagged. The code snippet below contains a call to the toLowercase() function, and the result is ignored; however, it wasn’t flagged for violating this bug rule.

Code snippet:

class BugDemo {
    public void showBug() {
        String command = "Hello World";
        command.toLowerCase();
    }
}

Screenshot from the sonarqube scanning window showing the provided the code snippet where bug rule violation was not flagged

Screenshot from the sonarqube window show the scan of a variant of the original code snippet where the bug rule violation was indeed flagged

It is expected that the bug should be flagged in both code snippets, however, it is scanned in the first screenshot but not the second screenshot.

Use the sonar-scanner command to rescan the provided code snippet to recreate it.

Like I said, you need to reproduce this on the latest version. 25.5.

Well, now it’s:

10.7 → 24.12 → 25.5