public class Datez
{
public static final String D_PATTERN = "yyyy-MM-dd";
private static final DateFormat D = new SimpleDateFormat( D_PATTERN ); // FP
public static String formatD( Date d )
{
synchronized( D )
{
return D.format( d );
}
}
}
In the above code the line, that declares and initializes a DateFormat is marked by rule S2885.
But it cannot be an instance variable, since the whole class has a static character and scope. All these date formatters are accessed via synchronized blocks only as shown above Hence they are not reported as insecure.
The rule should be adjusted to ignore this kind of fields.