FP S6073 when calling static method to

Rules and Languages Report False-positive / False-negative...
1

The rule seems to get confused when you call a static method to create a class (same problem if you use e.g. List.of())

  • versions used 9.3.0
@ExtendWith(MockitoExtension.class)
class SonarS6073Test {
	@Test
	void myTest() {
		Foo foo = new Foo();
		verify(foo).bar(expected(), "hello"); // FP?
		verify(foo).bar(expected2(), "hello"); //OK!
	}

	Container expected() {
		return Container.create();
	}

	Container expected2() {
		return new Container();
	}

	static class Container {
		public static Container create() {
			return new Container();
		}

	}

}

Similar problem as I reported here, could they be related?

2 Likes
3

Hello @fassen, It definitely looks like there is an issue.
However, following the current state of the rule, it is not a false positive on the first verify but a false negative on the second one.

S6073 has a known limitation that prevents it from exploring chains of method calls: it will not go further than looking at the return statements in the bodies of expected or expected2.
The issue stems from the fact when it detects a method call, it assumes it eventually leads to an argument matcher.

On the first verify, expected “returns” an argument matcher and so "hello" should be wrapped in a eq call and replaced by eq("hello").

For the second verify, the constructor call is mistakenly not detected as an argument matcher and since the second argument is not wrapped in an argument matcher, no issue is raised.

A quick fix for now would be to replace "hello" with eq("hello") but ultimately, the rule should be reworked to be more flexible around parameters returned from a method call.

A ticket has been created to handle the issue.

5

I see, interesting. Thank you for the response!

6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.