SonarQube 8.5 (build 37579) scanning Java code with the built-in SonarWay quality profile.
Sometimes S3457 gives a false positive and claims that a log message contains no format specifiers. Example:
package com.utils;
import java.util.logging.Level;
import java.util.logging.Logger;
import com.process.customer.MalformedDataException;
import com.process.customer.PartyNotFoundException;
public class LogExample {
private static final Logger log = Logger.getLogger(LogExample.class.getName());
private Integer owner;
public Integer getOwner() {
try {
if (owner == null)
throw new MalformedDataException(null, null);
if (owner == -1)
throw new PartyNotFoundException(null, null);
} catch (MalformedDataException | PartyNotFoundException e) {
// False positive on this log() call
log.log(Level.SEVERE, "Exception occured in UserBean.getOwner", e);
}
return owner;
}
}
The FP is not consistent. It does not happen if
- The above exceptions are replaced with other (Java-supplied) exceptions
- Only one of the above exceptions is used and caught
- The above exceptions are replaced with copies in the same package that are identical code-wise
The exceptions above are subclasses of Exception
, created from another project’s WSDL and supplied by a JAR file. They have similar declarations:
package com.process.customer;
import javax.xml.ws.WebFault;
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.2.10
* Generated source version: 2.2
*
*/
@WebFault(name = "MalformedDataFault", targetNamespace = "http://customer.process.aaalife.com/")
public class MalformedDataException extends Exception
{
/**
* Java type that goes as soapenv:Fault detail element.
*/
private GenericFaultBean faultInfo;
public MalformedDataException(String message, GenericFaultBean faultInfo) {
super(message);
this.faultInfo = faultInfo;
}
public MalformedDataException(String message, GenericFaultBean faultInfo, Throwable cause) {
super(message, cause);
this.faultInfo = faultInfo;
}
public GenericFaultBean getFaultInfo() {
return faultInfo;
}
}
GenericFaultBean is
package com.process.customer;
import java.io.Serializable;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for genericFaultBean complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* <complexType name="genericFaultBean">
* <complexContent>
* <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* <sequence>
* <element name="message" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* </sequence>
* </restriction>
* </complexContent>
* </complexType>
* </pre>
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "genericFaultBean", propOrder = {"message"})
public class GenericFaultBean implements Serializable
{
private final static long serialVersionUID = 1L;
protected String message;
public String getMessage() {
return message;
}
public void setMessage(String value) {
this.message = value;
}
}
Fred Robinson
frobinson@aaalife.com