False positive/unfixable stiuation for java:S2975?

Hi there,

I’m using java 11, sonarcloud (plugin for gradle) and a piece of my code has just flagged java:S2975 - Remove this “clone” implementation; use a copy constructor or copy factory instead.

The code in question -

import java.security.cert.CertStoreParameters;

public class CustomCertStoreParameters implements CertStoreParameters {
    public Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e) {
            //should never happen
            throw new RuntimeException(e.toString(), e);

The issue here is that I need to implement that interface to get the job done, and the interface (which is part of java.security) specifies that I must implement clone:

public interface CertStoreParameters extends Cloneable {
    Object clone();

If there’s a way around it I’m not seeing, I’d love to hear it!

1 Like

Hello David,

Thank you for reporting this false positive, it has been internally discussed and SONARJAVA-4469 has been created to address it.

Kind regards,

Cool, thanks for getting back to me and confirming :slight_smile:

I’ll mark it appropriately in our scan results.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.