java:S2259 false positive

Template for a good false-positive report, formatted with Markdown:

  • Server Developer-Edition, Scanner is the Gradle Plugin in Version 3.1.1
  • Spring Boot 2.5.2 OauthClient
    public ApiResponse<AccountDto> findMe(OAuth2User principal, String loggedIn)
        if (principal.getAttribute("sub") == null)
            throw new WebApplicationException(Status.UNAUTHORIZED);

        if (!principal.getAttribute("sub").equals(loggedIn))
            throw new WebApplicationException(Status.NOT_ACCEPTABLE);


Just store this in a local variable as it might be modified in the mean time.

Kind regards,

1 Like

i already did. Just didn’t think about the fact the underlaying map could may be changed (Infact it want, but that is pretty specific to this usecase and spring).

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.