language : Java
rule : java:S4288
Why do you believe it’s a false-positive/false-negative?
SonarQube - 8.9.10
SonarLint - IntelliJ / 6.7.0.45926
Issue is correctly raised on @Service, @Controller but not @RestController (which is a controller and annoted @Controller)
To reproduced, change a class annotated @Controller that raises the issue and annotate with @RestController instead : no more issue.
Colin
February 14, 2023, 10:30am
2
This matches a previous request made here.
(This isn’t so much a feature request as a suggestion for extending an existing rule; hopefully I’ve selected the correct category.)
In brief: java:S4288 recommends constructor injection in place of autowiring fields in Spring controllers, services and repositories. For example, the following snippet (correctly) triggers the rule,
@Controller
public class DemoController {
@Autowired // java:S4288 matches here
private FooRepository fooRepository;
}
Unfortunately, the rule doesn’t match…
I’ve flagged this for attention by the right team internally.
upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported.
Make sure you 