-
What language is this for? - Java
-
Which rule? - Methods should not have too many parameters (java:S107)
-
Why do you believe it’s a false-positive/false-negative?
Because Inject annotation should exclude in this rule… it is there already but we are quarkus lambda this is in jakarta.inject.Inject. Existing exclusions
-
Are you using
- SonarCloud? - No
- SonarQube - which version? - Version 10.3 (build 82913)
- SonarLint - which IDE/version? - Intellij - 2024.1.2
- in connected mode with SonarQube or SonarCloud? - No
-
How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
We need to use
import jakarta.inject.Inject;
instead of
javax.inject.Inject
1 Like
Hello, this rule is already excluding methods with the jakarta annotation, an example:
@jakarta.inject.Inject
public void foo5(int p1, int p2, int p3, int p4, int p5, int p6, int p7, int p8) {} // Compliant
This should not raise an issue with the default threshold of 7 max parameters.
Could you share a self contained snippet of code (not an image, text) so that we can reproduce the issue?
If it is excluded then, it should be in Exceptions like below
Exceptions
Methods annotated with :
- Spring’s
@RequestMapping (and related shortcut annotations, like @GetRequest)
- JAX-RS API annotations (like
@javax.ws.rs.GET)
- Bean constructor injection with
@org.springframework.beans.factory.annotation.Autowired
- CDI constructor injection with
@javax.inject.Inject
@com.fasterxml.jackson.annotation.JsonCreator- Micronaut’s annotations (like
@io.micronaut.http.annotation.Get)
may have a lot of parameters, encapsulation being possible. Therefore the rule ignores such methods.
Also, if a class annotated as a Spring component (like @org.springframework.stereotype.Component) has a single constructor, that constructor will be considered @Autowired and ignored by the rule.
1 Like
This is showing issue for Construction Injection –
Constructor has 13 parameters, which is greater than 7 authorized
Leonardo_Pilastri – Sorry I can’t share any code due to security issues.
Can you derive a reproducer from your code without sharing your actual sensitive code? I just need an example that on your end is raising an issue, that I can copy-paste to reproduce it on my end.
Anyway you correctly pointed out that the description of the rule does not mention jakarta, so I created a ticket to update the exceptions mentioned in the rule description.
Thanks for the support Leonardo_Pilastri ,
Any ETA for this
I’m not sure when the ticket will be worked.
But this ticket is only about the description of the rule, not its behavior.
If you think the rule is currently reporting a false positive, I need a reproducer of this issue because, on my side, the rule seems to behave correctly.
