I’m using org.sonarsource.sonarlint.core:sonarlint-core:4.15.0.24749
I’m executing SonarLint via the SonarLint Gradle Plugin: Gradle - Plugin: name.remal.sonarlint
I’m getting this violation:
[rank 5] [java:S1191] /home/candrews/projects/REDACTED.java:7:7
Classes from "sun.*" packages should not be used
Classes in the sun.* or com.sun.* packages are considered implementation details, and are not
part of the Java API.
They can cause problems when moving to new versions of Java because there is no backwards
compatibility guarantee. Similarly, they can cause problems when moving to a different Java
vendor, such as OpenJDK.
Such classes are almost always wrapped by Java API classes that should be used instead.
Noncompliant Code Example
import com.sun.jna.Native; // Noncompliant
import sun.misc.BASE64Encoder; // Noncompliant
The referenced import on line 7 is:
import com.sun.jersey.api.client.ClientHandlerException;
That’s a false-positive - the com.sun.jersey.*
packages are Jersey, which is not part of the Java API, not part of the JDK, and is not a Java implementation detail.
To reproduce this issue, run Sonar against a project that uses Jersey 1.x. It will falsely report S1191 against all of the com.sun.jersey
imports.
This false positive has been known for a few years (it’s been discussed since at least 2014), here are some other references to it:
- java - Excluding com.sun.jersey package from Sonarqube rule -
- http://sonarqube-archive.15.x6.nabble.com/S1191-To-strict-td5022117.html
And here’s another similar false positive, not for Jersey, but for Faces (com.sun.faces
): https://www.javaer101.com/en/article/16516290.html