False positive with java:S2159: unrelated classes (how)?

Clean Code Report False-positive / False-negative...
1

Hello.

Using:

  • Version 7.9.6 (build 41879)
  • Java Code Quality and Security 6.3.2 (build 22818)

Considering the following dummy code:

import java.util.Objects;

public class Parent {

  String desc;

  @Override
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
    if (o == null || getClass() != o.getClass()) {
      return false;
    }
    Parent parent = (Parent) o;
    return Objects.equals(desc, parent.desc);
  }

  @Override
  public int hashCode() {
    return Objects.hash(desc);
  }
}

and

import java.util.Objects;

public class Child extends Parent {
  String dummy;

  @Override
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
    if (o == null || getClass() != o.getClass()) {
      return false;
    }
    if (!super.equals(o)) { // this line triggers the issue
      return false;
    }
    Child child = (Child) o;
    return Objects.equals(dummy, child.dummy);
  }

  public static void main(String[] args) {
    Child a = new Child();
    a.desc = "a";
    Child b = new Child();
    b.desc = "a";
    a.equals(b);
  }
}

An issue is reported for Child.java, referring to the line where I call super.equals(), saying “comparisons between unrelated types always return false”. At the very best, given the class check above, we know these objects share the same class. Plus, also considering the main method provided, this seems to be a completely valid usage. What am I missing here?

Thanks!

4

Hi Pvaldv,

I’m not able to reproduce the false-positive given the above code reproducer using SonarQube 7.9.6 and the java analyzer 6.3.2. But I know that the rule S2159 had a bug with incomplete
semantic information (bug SONARJAVA-3495 fixed in the java analyzer 6.7.0 and SonarQube 8.5).
So if I delete the "target/classes/Parent.class" file and I run "mvn sonar:sonar", yes I can reproduce the false-positive, but only because the binary file is missing.
And the false-positive disappears when I use SonarQube 8.5.
Upgrading to a new version of SonarQube will fix the false-positive but not the java analyzer configuration problem regarding java binary files.