language : Java
rule : java:S4288
Why do you believe it’s a false-positive/false-negative?
SonarQube - 8.9.10
SonarLint - IntelliJ / 6.7.0.45926
Issue is correctly raised on @Service
, @Controller
but not @RestController
(which is a controller and annoted @Controller
)
To reproduced, change a class annotated @Controller
that raises the issue and annotate with @RestController
instead : no more issue.
Colin
(Colin)
February 14, 2023, 10:30am
2
This matches a previous request made here.
(This isn’t so much a feature request as a suggestion for extending an existing rule; hopefully I’ve selected the correct category.)
In brief: java:S4288 recommends constructor injection in place of autowiring fields in Spring controllers, services and repositories. For example, the following snippet (correctly) triggers the rule,
@Controller
public class DemoController {
@Autowired // java:S4288 matches here
private FooRepository fooRepository;
}
Unfortunately, the rule doesn’t match…
I’ve flagged this for attention by the right team internally.
Make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported.