- What language is this for? Java
- Which rule? java:S5443
- Why do you believe it’s a false-positive/false-negative? Both (?)
- SonarQube Server / Community Build v25.3.0.104237 and v9.9
- How can we reproduce the problem? Give us a self-contained snippet of code
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
...
public Path downloadObject(AmazonS3 cosClient, String bucketName, String objectName) throws IOException {
S3Object item = cosClient.getObject(new GetObjectRequest(bucketName, objectName));
Path temporalPath = null;
try (S3ObjectInputStream s3ois = item.getObjectContent()) {
temporalPath = Files.createTempFile(Path.of("aaa"), null, null); // THIS LINE
File temporalFile = temporalPath.toFile();
boolean setReadable = temporalFile.setReadable(true, true);
boolean setWritable = temporalFile.setWritable(true, true);
if (!setReadable || !setWritable) {
Log.warnv("...", setReadable, setWritable);
}
Files.copy(s3ois, temporalPath, StandardCopyOption.REPLACE_EXISTING);
return temporalPath;
} catch (IOException e) {
throw e;
}
}
Files.createTempFile(Path.of("aaa"), null, null);is not flagged (should be?). Path “aaa” is virtual, it doesn’t exist, yet.Files.createTempFile(null, null);is flagged, despite havingsetReadableandsetWritable(setExecutableis not usable because there is no file created, only the path). WithsetExecutableit’s still flagged. The only difference with “Compliant Solution”, is that.toFile()is done in another line.- “Compliant Solution” should be modified. Example triggers
java:S899because returned booleans are not used.
-
Context
I download a file from an Object Storage, write it locally, work with it, and delete it.
I just need the Path to copy the file from the Stream, usingFiles.copy.
In case point 2 above is not a false positive, how should this be implemented?
Point 1 feels like a false negative, given that it’s “predictable”.