Java:2095 ClientHttpResponse

Rules and Languages
1

Dear all,

It is my first publication about an issue. I hope I follow the process well :slight_smile:

In fact, I have a problem with the rule java:2095 where an instance of ClientHttpResponse (spring-web) which implements Closable is not closed.

I don’t understand why Sonarqube does not detect this issue.

        ClientHttpResponse response = execution.execute(request, body);
        String responseBody = new String(response.getBody().readAllBytes());
        log.info("[Response Body] {}", responseBody);
        return "OK"

How works this issue? There is an exhaustive list of checked classes? Where is the related code?

Thanks a lot for your response.

Regards,

Sonar Community Roundup, October 25 - October 31
2

Hi,

Welcome to the community!

In what context are you (not) seeing this? SonarQube Cloud? On-prem? For IDE? And if either of the latter two, please provide flavor and version.

 
Thx,
Ann

3

Exact, sorry!

It’s about Sonarqube On-prem “Community Build - v25.1.0.102122 - MQR Mode”.

Regards,

4

Hi,

Thanks for that. Technically, nothing but the latest version of SonarQube Community Build is supported, but I’m not seeing anything relevant in Jira, so I’m going to flag this for the team.

 
Thx,
Ann

6

Thank you so much for that :wink:

Regards,

8

Hi support!

Any news about that?

9

Hi,

This is flagged for the language experts. Hopefully they’ll be along soon.

 
Ann

10

Hi @Dam,
Sorry for the late reply. I was able to reproduce the issue and created a ticket specifically to document for the case you shared with us.

Please beware, we cannot commit to a timeline to fixing this FN. We already have a number of false negatives for S2095 and work on the symbolic execution engine is currently on pause as we evaluate more sustainable ways to maintain and improve our coverage of advanced bugs.

Cheers,

Dorian

1 Like