[java:S2885] "private static final DateFormat" should be ignored

mfroehlich · August 25, 2021, 12:15pm

public class Datez
{
    public static final String D_PATTERN = "yyyy-MM-dd";
    private static final DateFormat D = new SimpleDateFormat( D_PATTERN ); // FP
    
    public static String formatD( Date d )
    {
        synchronized( D )
        {
            return D.format( d );
        }
    }
}

In the above code the line, that declares and initializes a DateFormat is marked by rule S2885.
But it cannot be an instance variable, since the whole class has a static character and scope. All these date formatters are accessed via synchronized blocks only as shown above Hence they are not reported as insecure.

The rule should be adjusted to ignore this kind of fields.

SebastianHungerecker · September 6, 2021, 1:42pm

Hi @mfroehlich,

Thank you for your feedback. You’re right that using static fields in this way is safe and we should not raise an issue in cases like this. I have created a ticket to address this.

Cheers,
Sebastian

system · September 13, 2021, 1:55pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.