False-positive on squid:S3518

java
sonarlint

(Ewa Śliwińska) #1

SonarLint for Eclipse 3.6

private static int method(int alwaysGreaterThanZero) {
    if (alwaysGreaterThanZero < 1)
	    return 0;

    int result = 0;
    for (int i = alwaysGreaterThanZero; i > 0; --i)
        result += alwaysGreaterThanZero;

    return (0 / result);
}

This gives

Zero should not be a possible denominator

while result won’t be ever zero, because alwaysGreaterThanZero will be always greater than zero, so loop will be executed at least once.


(Andrei Epure) #3

Thank you for the detailed reproducer. I confirm it is a false positive. Unfortunately, this is a known limitation of the static code analyzer.


(Ewa Śliwińska) #4

Does it mean that you’re not going to change abything about it?
So I just need to silence Sonar when it says so? Or avoid code like this?


(Andrei Epure) #5

Indeed, we do not have plans for the near future to fix this false positive.

You can resolve the issue as ‘False Positive’ in SonarQube (see issue lifecycle). For this, you need to have “Administer Issues” permission in SonarQube, see our documentation.

I hope that helps.


(Ewa Śliwińska) #6

That doesn’t help.
That was not accident that I tagged this topic sonarlint.
So it’s about SonarLint and from what I know, I can just use // NOSONAR (as much as I don’t like it).
Or deactivate rule.


(Andrei Epure) #7

Your two options are correct. There’s two more options:

  • annotate the method with
    @SuppressWarnings("squid:S3518")
  • run SonarLint in connected mode (with SonarQube or SonarCloud)