FP when prepared statement is indirectly initialized

  • SonarQube * Developer Edition * Version 7.9.3 (build 33349)
private final String sqlCount = "NAME_OF_SQL";
// ...
PreparedStatement stmt = null;
try {
  conn = getConnection();
  baseRequest = getSqlByRessourceId(sqlCount);
  stmt = conn.prepareStatement(baseRequest);
  stmt.setInt(1, delai); // issue here
  // ...

At this last line, we have this rule : "PreparedStatement" and "ResultSet" methods should be called with valid indices
Rule is looking for a parameter but can’t find it because it’s loaded from a file.

It seems similar from SONARJAVA-2036 but I still get the issue.

Kind regards,
Michaël

Hello
Do you need any more information to take into account to what it seems a false positive ?