java:S1191 false positive for com.sun.jersey.*

I’m using org.sonarsource.sonarlint.core:sonarlint-core:
I’m executing SonarLint via the SonarLint Gradle Plugin: Gradle - Plugin: name.remal.sonarlint

I’m getting this violation:

[rank 5] [java:S1191] /home/candrews/projects/
  Classes from "sun.*" packages should not be used

  Classes in the sun.* or com.sun.* packages are considered implementation details, and are not
  part of the Java API.

  They can cause problems when moving to new versions of Java because there is no backwards
  compatibility guarantee. Similarly, they can cause problems when moving to a different Java
  vendor, such as OpenJDK.

  Such classes are almost always wrapped by Java API classes that should be used instead.

  Noncompliant Code Example

  import com.sun.jna.Native;     // Noncompliant
  import sun.misc.BASE64Encoder; // Noncompliant

The referenced import on line 7 is:

import com.sun.jersey.api.client.ClientHandlerException;

That’s a false-positive - the com.sun.jersey.* packages are Jersey, which is not part of the Java API, not part of the JDK, and is not a Java implementation detail.

To reproduce this issue, run Sonar against a project that uses Jersey 1.x. It will falsely report S1191 against all of the com.sun.jersey imports.

This false positive has been known for a few years (it’s been discussed since at least 2014), here are some other references to it:

And here’s another similar false positive, not for Jersey, but for Faces (com.sun.faces):

Hi @candrews

This is unrelated with the error you face, but this Gradle plugin name.remal.sonarlint is not under the SonarSource umbrella. I didn’t find a way to contact the author, nor to browse the source code, so be very careful when using those third party products…

Hi Craig,

Thank you for your report. As promised in the mailing list thread you linked, there is a parameter you can use to exclude packages from the rule, so you can set that to com.sun.jersey to fix your issue. Since it makes sense that com.sun.jersey should be excluded by default without user intervention, I’ve created a ticket to make it the default.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.