java:S2259 false positive

Robert_Paasche · July 7, 2021, 9:39am

Template for a good false-positive report, formatted with Markdown:

Server 8.9.0.43852 Developer-Edition, Scanner is the Gradle Plugin in Version 3.1.1
Spring Boot 2.5.2 OauthClient

    public ApiResponse<AccountDto> findMe(OAuth2User principal, String loggedIn)
    {
        if (principal.getAttribute("sub") == null)
        {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }

        if (!principal.getAttribute("sub").equals(loggedIn))
        {
            throw new WebApplicationException(Status.NOT_ACCEPTABLE);
        }
[...]

reitzmichnicht · July 8, 2021, 7:57am

Just store this in a local variable as it might be modified in the mean time.

Kind regards,
Michael

Robert_Paasche · July 19, 2021, 9:12am

i already did. Just didn’t think about the fact the underlaying map could may be changed (Infact it want, but that is pretty specific to this usecase and spring).

system · July 26, 2021, 2:17pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.