When using SonarQube 6.4 a false positive is emitted for squid:S2629 when an annotation type is being used. I would argue that calling a method on an annotation type is in general very cheap and should not be prevented in the context of logging. Example source code
private final static Logger LOG = LoggerFactory.getLogger(ExtensionStrippingTransformer.class);
...
public void myMethod(AnnotationType annotation) throws SAXException {
LOG.debug("Called myMethod with annotation element1 '{}' and element2 '{}'!", annotation.element1(), annotation.element2()); // this will trigger squid:S2629
}
Can you please provide the version of your SonarJava analyzer?
What do you mean by AnnotationType? Are you referring to any class extending sun.reflect.annotation.AnnotationType or simply any custom annotation type? i.e Defined with a @interface, and therefore implicitly extending java.lang.annotation.Annotation.
Could you provide with your example an annotationType and the elements you would like to retrieve.
Regards,
Michael
PS: please note that we are trying to answer threads here on a best effort basis. Some times some topics are passing through. Sorry for missing this one.
I admit that, by definition of annotation types and their elements, the operation of calling their methods should not result in any performance penalty. I therefore created the following ticket to handle the issue and fix SonarJava: SONARJAVA-2897
Now, please be aware that you are apparently using both very old versions of SonarQube and SonarJava, which are not supported anymore. Current LTS of SonarQube is 6.7.5, which guarantees support of latest released version of SonarJava (5.7). If you want to benefit from the fix to come of this ticket, you will need to upgrade at least your SonarQube version to 6.7.x, and then update SonarJava.