java:S107 Custom Spring Component annotation

SonarLint IntelliJ Platform
1
  • Operating system: Windows 11
  • SonarLint plugin version: 8.4.0.73538
  • Programming language you’re coding in: java
  • Is connected mode used: No

I’ve created a custom annotation @Job

@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Component
public @interface Job {
    ...
}

Spring support classes annotated with this kind of annotation and consider them as beans. Spring do constructors injection as it were real component (and they are!)

But I have this SonarLint rule infraction java:S107:

@Job(JobName.FtpsRetry)
public class FtpsRetryJobFactory implements JobFactory {

    (...)

    @Autowired
    // Here I have the SonarLint warning
    public FtpsRetryJobFactory(UserManager userManager,
                               PCPWorkflowService workflowService,
                               @Qualifier("associatedFileManagerImpl") AssociatedFileManager associatedFileManager,
                               HistoryManager historyManager,
                               ConfigurationManager configurationManager,
                               NotificationModeles notificationModeles,
                               MailManager mailManager,
                               CommentManager commentManager,
                               DocumentActionManager documentActionManager,
                               DocumentManager documentManager,
                               CircuitManager circuitManager) {
        (...)
    }
    
    (...)
}

image
image807×445 59.2 KB

2

Hello @Mohicane,

thank you for raising this issue. As it is not a direct issue with SonarLint for IntelliJ but more on the Java analyzer side, I’ll pass this issue on to the dedicated analyzer developers to provide you with more quality feedback on that matter!

Best,
Tobias

6

Hi @Mohicane ,

Thanks for reporting, and welcome to the community!

As far as I can see from the implementation of the rule, it does not check for dependency injection annotations like @Autowired at all and treats them like regular methods. This is a false positive.

I created a ticket here.

BR,

Marco