java:S6857 reporting for #{ expression using a variable

Brad_Giaccio · May 1, 2025, 2:49pm

Java
java:S6857
SonarQube Server Enterprise Edition v10.8.1 (101195)

I have a spring boot project
in properties file I have

app.pagination.limit=10
provider.attribute_map={\
	'givenname': 'firstName', \
	'sn': 'lastName' \
}

In a Java class

@Value("#{T(java.lang.Math).min(50, ${app.pagination.limit})}")
private int paginationLimit;

@Value("#{${provider.attribute_map:T(java.util.Collections).emptyMap()}}")
Map<String, String> attributeMap;

The SPEL is properly evaluated assigning the variable to 10, but sonar is reporting “Correct this malformed SpEL expression.”

Colin · May 2, 2025, 7:04am

Hey there.

This is a known issue in progress of being fixed. SONARJAVA-4917

It should be fixed with SonarQube Server 2025.3, coming later this month.

(!) Your version is past EOL. You should upgrade to either the latest version or the current LTA (long-term active version) at your earliest convenience. Your upgrade path is:

10.8 → 2025.1.1-> 2025.2 (last step optional)

You may find these resources helpful:

Upgrade Guide

Topic		Replies	Views
S6857 with constant Report False-positive / False-negative... java	4	40	September 18, 2024
java:S6804 false positive for @Value on Resource Report False-positive / False-negative...	1	856	November 8, 2023
False positive on java:S1120 with switch expression Report False-positive / False-negative... java	2	1564	September 1, 2021
S6857 Default value zero length string in SpEL reported as issue Report False-positive / False-negative...	2	491	April 12, 2024
java:S6857 false positive when using @Value to inject directly into a Map Report False-positive / False-negative...	7	1571	August 26, 2024

java:S6857 reporting for #{ expression using a variable

Related topics