False positive for Rule java:S1166


One of our most important rules is “Exception handlers should preserve the original exceptions” (java:S1166).
Unfortunately we have some random issue, where this rule finds a false positive:
a) Normal catch

                    } catch (SecurityRealmException ex) {
                                "Could not read user",

b) In a Multi Catch:

     } catch (final StorageException | DeviceNotLoadedException | UnmarshalException ex) {
                                ex.getMessage(), ex);

Thank your very much in advance.
Best Regards

Thanks for reporting this false-positive!

Since all the necessary information has been included, we’ve flagged this for attention by an expert. This means that somebody will look at your report, maybe ask some follow-up questions, and try and determine if it’s really a false-positive that should be fixed.

This review could be done hours, days, or even weeks from now. If it takes a while – it doesn’t mean your report isn’t important to us, it just means that our teams are already hard-at-work developing new language analysis features, and your report is in the queue.

If you’re using SonarQube or SonarCloud – an issue administrator can always mark an issue as a false-positive in the UI (this also suppresses it in SonarLint when using Connected Mode). The rule can also be disabled in your Quality Profile if it’s particularly noisy.

Hi Dominik, I will need some more information to replicate the issue.
Could you share what library does the Logger come from? Also if you have no issues in disclosing a little bit more of your code, it would help me to see the whole try-catch block. Ideally it would be nice to have a snippet of code that I could simply copy paste to replicate the problem.

For reference, I tried with something like this and it does not raise any FP on my side:

class Test {
  private static final org.slf4j.Logger LOGGER = null;
  void foo() {
    try {
    } catch (SecurityException ex) {
      LOGGER.info( "Could not read user", ex);
    try {
    }catch(final SecurityException | ClassCastException ex) {
      LOGGER.info( ex.getMessage() , ex);
  void goo() throws SecurityException { }
  void joo() throws ClassCastException{ }

Hi Leonardo,
we are using java.util.logging.Logger, but I believe it does not depend on the logging class since we are experiencing the same problem with rethrown exceptions, e.g.

try {
        } catch (final IllegalStateException | TimeManagementException | StorageException | JAXBException ex) {
Either log or rethrow this exception.
            throw new WebApplicationException("Cannot create group row", ex);

In addition, SonarLint does not flag any of these issues in my local environment. These errors occur in our paid and private repositories and unfortunately I’m not allowed to share the code in the community.
But if you have enough internal access in SonarCloud i can give you the direct link to the issues.

Sadly I don’t have access to SonarCloud private repos, and without a self contained replicator of the issue I can’t do much more :frowning:
If you want to share with me privately the portion of code where the issue is shown we can do that, but I fear that this issue is strictly related to SonarCloud (since SonarLint doesn’t bother you), where I can’t really do much.

Maybe you could try to reach out to the commercial support?


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.