Hello,
I want to report a false positive for “PreparedStatement” and “ResultSet” methods should be called with valid indices.
Versions:
Sonarqube 8.9.7.52159 (Community Edition)
Java code in language level 17.
Sample code:
As you can see in the screenshot, it occurred for a prepared statement where the query itself is defined in a constant:
private static final String SQL_GET_USERS_BY_SSO_TOKEN = "select p.person_id, b.ben_person_id, b.benutzerkennung, "
+ "u2a.application_id, b.passwort from personen p, benutzer b, USER2APPLICATION u2a "
+ "where p.person_id = b.pij_person_id AND b.BEN_PERSON_ID = u2a.USER_BEN_PERSON_ID "
+ "and lower(p.sso_identifier) = lower(?) and trunc(NVL(b.gesperrt_ab, sysdate+1)) > trunc(sysdate)";
Regards, Stefan