Product: sonarcloud
Rule: java:S5996

I closed the following report as a false positive: https://sonarcloud.io/project/issues?id=org.xwiki.platform%3Axwiki-platform&open=AXnpAej1DDFOvAKXAQM2&resolutions=FALSE-POSITIVE&sinceLeakPeriod=true&types=BUG

In short, it seems like this rule more or less assumes $ only make sense at the end of the regex, or maybe it’s not properly noticing that it’s a MULTILINE Pattern (it’s not very clear to me in the description if it takes into account MULTILINE only for ^) and report that ^##!(.+)=(.*)$\r?\n? can never match. See regex101: build, test, and debug regex for an example of this regex behavior.

In case the sonarcloud link is not accessible anymore you can see where that Pattern is defined on xwiki-platform/InternalTemplateManager.java at 9f5e30b0523cbaa4fecd52ccf6e23fe8a101b32c · xwiki/xwiki-platform · GitHub.

Hi Thomas,

Thank you for your report. Indeed this is a false positive and this particular example is not even specific to multiline patterns: "##!a=b\n".matches("^##!a=b$\r?\n?") is true without the MULTILINE flag.

I’ve created a ticket to address this.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.