Java: False positive S125 - should not treat JSON as code


  • Using SonarCloud
  • Using SonarLint IntelliJ plugin, latest version (

Code Sample:

Issue: Sonar is pretending that JSON is code…when it is JSON.

Why I think JSON should be allowed:

  • It is not code, and thus does not fall under this rule.
  • It will never be “uncommented” as this rule suggests is possible.

Hello @clounie,

Thanks for the feedback.

I can understand your pain in receiving such issues. However, I am not completely sure there is much we can do about it. Here is why:

  • The recognition if something is code or not is not a trivial task and despite our try to improve the algorithm it can still sometimes fail.

  • You consider JSON is not a code, while this is also a questionable statement. For example, in some languages, it is a valid code. And that’s another big question should we only recognize Java code in Java files

  • The other point. Why would you need JSON in the comments? Is it to document something? Maybe Javadoc could be a better solution rather than simple comments?

  • And last but not least it is Ok, to mark issues as False Positive or Won’t Fix. If this rule brings more noise than help, just remove it from your quality profile.

Meanwhile, from our side we’ve noted, that Algorithm is not behaving well with JSON, so we will try to improve it one day.

Hope this answer was helpful to you.


Thanks for the response Margarita.

We do want code in comments to be illegal in Sonar - that is a valid rule.

However, “JSON is not code” is not a ‘questionable statement’ in Java - it’s a fact. JSON is never an executable statement in the Java compiler.

  • An assignment with JSON inside a string would be a statement
  • A conditional with JSON inside a string would be a statement
  • Using JSON without any kind of Java syntax is never a statement - you will get a compiler error every time.

I can understand that it may not be a priority, or that it may be difficult. But this does seem like a legitimate false positive.