Description
JetBrains published a set of annotation that can be interpreted by IDEs and static analysis tools to improve code analysis. The annotation @ TestOnly can be used to mark methods, constructors, fields and types whose visibility restrictions has been relaxed more than necessary for the API to allow for easier unit testing.
Access to such methods is fine for code in test packages but is discouraged in production code. It would be nice if there was a Sonar rule that could raise an issue if the latter case is encountered, so violations could be spotted quickly in SonarQube and would also be flagged in the IDE by SonarLint.
The rule should cover not only fields but also methods, for scenarios where using a getter is fine in production code but a setter is only allowed to be used in test code.
Noncompliant Code:
/** src/main/java/MyObject.java */
@VisibleForTesting
String foo;
/** src/main/java/Service.java */
new MyObject().foo; // NONCOMPLIANT, foo is accessed from production code
Compilant Code
/** src/main/java/MyObject.java */
@VisibleForTesting
String foo;
/** src/test/java/MyObjectTest.java */
new MyObject().foo; // COMPLIANT, foo is accessed from test code
External references
- Copied most of the topic from Class members annotated with @VisibleForTesting should not be accessed from production code and altered the text to fit to this anotation.
Github repo:
- https://github.com/JetBrains/java-annotations/blob/master/java-annotations/src/main/java/org/jetbrains/annotations/TestOnly.java
- https://github.com/JetBrains/java-annotations/blob/master/multiplatform-annotations/src/commonMain/kotlin/org/jetbrains/annotations/TestOnly.kt
Sonar is already acknowledging the existence of @ VisibleForTesting as exceptions to RSPEC-5803. Maybe this one can be extended or a new one can be created for @ TestOnly.
Type
Code Smell - It’s meant to raise awareness to potential violations of API contracts. Ideally the original developer recognizes the issue right there in the IDE and refrains from accessing that member in that way.
Tags
pitfall - Modifying the internal state of objects in a manner that is not sanctioned by the API in production code could cause unforeseeable problems further down the line and might happen easily by accident if a developer does not check the JavaDoc or original member definition to notice that annotation before using it.