False positive/unfixable stiuation for java:S2975?

Starnose · April 26, 2023, 5:55am

Hi there,

I’m using java 11, sonarcloud (plugin 4.0.0.2929 for gradle) and a piece of my code has just flagged java:S2975 - Remove this “clone” implementation; use a copy constructor or copy factory instead.

The code in question -

import java.security.cert.CertStoreParameters;

public class CustomCertStoreParameters implements CertStoreParameters {
    @Override
    public Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e) {
            //should never happen
            throw new RuntimeException(e.toString(), e);
        }
    }
}

The issue here is that I need to implement that interface to get the job done, and the interface (which is part of java.security) specifies that I must implement clone:

public interface CertStoreParameters extends Cloneable {
    Object clone();
}

If there’s a way around it I’m not seeing, I’d love to hear it!

angelo.buono · May 1, 2023, 1:52pm

Hello David,

Thank you for reporting this false positive, it has been internally discussed and SONARJAVA-4469 has been created to address it.

Kind regards,
Angelo

Starnose · May 2, 2023, 7:17am

Cool, thanks for getting back to me and confirming

I’ll mark it appropriately in our scan results.

system · May 15, 2023, 8:36am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.