I will like to bring this potential issue to your attention. Reference the images below.
The bug rule violated is RSPEC-3981 in line 4 of Image 1 where the length of the array is checked for being greater than or equal to zero which is unreasonable. Image 2 is a variant of the original Java program but the same bug rule violation is not flagged when scanned.
Sonarqube version: 9.9.0.65466
SonarScanner version: 5.0.1.3006
SonarQube Community Edition
Related language: Java
Please take a look at this post on reporting false-positives.
You’ll need to provide a text-based snippet of code, and make sure the issue can be reproduced on the latest version of SonarQube’s Community Build.
Only the latest version of SonarQube Community Build is considered active, so you’ll need to upgrade and see if the false-negative can still be produced!
Thanks for the response. A retest has been done with SonarQube version 10.7.0.96327.
It remains the case that scans of the two different code snippets fail to reliably flag the bug rule violation of RSPEC-3981, despite both code snippets violating that rule.
Code snippet 1:
class BugExample {
public boolean showBug(String[] myArray) {
if (myArray.length >= 0) {
return true;
}
return false;
}
}
To recreate the issue, perform a scan of each code snippet and confirm if the bug rule violation is flagged. Further testing can be conducted by repeating the scan to determine if the bug rule violation is consistently flagged.
