java:S5850 vs. java:S6395

MarcelRueedi · April 13, 2023, 7:58am

We are running

Community Edition, Version 9.9 (build 65466), installed from zip

We have a piece of code to remove leading and trailing quotes from a string

theString.replaceAll("^\"|\"$", "");

this gives us : Alternatives in regular expressions should be grouped when used with anchors (java:S5850)

so we replace it with (as suggested as compliant solution)
theString.replaceAll("(?:^\")|(?:\"$)", "")

but now there is a new code smell : Unwrap this unnecessarily grouped subpattern. Non-capturing groups without quantifier should not be used (java:S6395)

How can we resolve this ?

Marco_Kaufmann · May 15, 2023, 2:58pm

Hey Marcel,

Issue confirmed. Thanks for the report! The rules contradict each other and the problem is in rule S6395. "(?:^\")|(?:\"$)" is a false positive because the groups should not be regarded as unnecessary in this case.

I created a ticket for this issue: SONARJAVA-4479.

Until fixed, you could either suppress this FP using @SuppressWarnings("squid:S6395"), or remove one of both rules from your quality profile.

Best,
Marco

MarcelRueedi · May 15, 2023, 3:18pm

Hi Marco,

Thanks for taking care. We’ll suppress the warning.

Greetings
Marcel