Java S1144 false positive for @MethodSource methods when using array-form value

Product: SonarQube Community (self-hosted)
sonar-java version: sonar-java 8.28.0.43176 on SonarQube Community Build 26.4.0.121862
Java source level: 21 (javac 21, source/target 17)

Rule

java:S1144 — Unused “private” methods should be removed

Description

SonarJava recognizes a private method referenced by @MethodSource("name") as used, but incorrectly reports it as unused when the equivalent array form @MethodSource({"name"}) is used. Since both forms are semantically identical in JUnit 5, this leads to a false positive.

Reproducer

package demo;

import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;

import java.util.stream.Stream;

import static org.junit.jupiter.api.Assertions.assertEquals;

public class VulnerabilityDueDateTest {

    private static Stream<Arguments> vulnerabilities() {
        return Stream.of(
            Arguments.of(0.0, null),
            Arguments.of(5.5, "2023-04-15T04:20:00")
        );
    }

    // BEFORE: no S1144 raised — single-string form is resolved correctly
    @ParameterizedTest
    @MethodSource("vulnerabilities")
    public void testSingle(double score, String expected) {
        assertEquals(expected, compute(score));
    }

    // AFTER: S1144 raised on vulnerabilities() — array form not resolved
    @ParameterizedTest
    @MethodSource({"vulnerabilities"})
    public void testArray(double score, String expected) {
        assertEquals(expected, compute(score));
    }

    private String compute(double score) {
        return score <= 0.04 ? null : "2023-04-15T04:20:00";
    }
}

Hello @Emilyaxe,

Thank you for reporting this other false positive in S1144. I have created this ticket to track the fix.

Best,
Noemie