Make sure to read this post before raising a thread here:
Then tell us:
- What language is this for? Java
- Which rule? java:S6857 - SpEL expression should have a valid syntax
- Why do you believe it’s a false-positive/false-negative? The code has been working in production for >5 years
- Are you using
- SonarCloud? yes
- How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
The ‘offensive’ line is
@PropertySource(value = "file:${osgp/Global/config}", ignoreResourceNotFound = true)
I assume the slashes are the problem. However, the 'environment var osgp/Global/config is a valid in a JNDI environment. In this case:
<Environment name="osgp/Global/config" value="/etc/osgp/global.properties"
type="java.lang.String" override="true" />
taken from the context.xml used by e.g. Tomcat. The full (and valid) JNDI url would be java:comp/env/osgp/Global/config.
This is in our open source project, here is the public link to SonarCloud: SonarCloud