Qube: Community 9.9
The following finding is missed by the Java rule S6201.
if (!(x instanceof String))
return;
String s = (String)x; // Not detected!
The rule could be improved to detect thiss case.
1 Like
Hello @mfroehlich,
Thanks for your message. You’re right that currently, this rule doesn’t detect early returns. In order to make a precise detection of things that you suggest this rule should rely on the Symbolic Execution engine. At the moment it doesn’t and we don’t have plans for this in the future.
I will discuss such points with the team (as it’s not the only case of not being able to detect issues due to static analysis limitations) and I’ll get back to you if we find some easier solution or just put this idea in our backlog.
Regards,
Margarita
You’re right. I didn’t see, that this is related to the early return.
Ok, I will wait and see then…
Thanks.