Possible false positive for java:S2175 when using generics

Problem Description

We are getting a java:S2175 “Inappropriate “Collection” calls should not be made” bug raised for something which does not seem to be a bug (at least to us).


where the the types are using generics: List<T> completeListOfElements and final T lastFilteredElement.

Expected Behaviour

This should not raise the rule java:S2175

Used Version

We are running on SonarCloud.

Additional Info

As we are runniong on sonarcloud I would hope you can hop on our project and take a look there, that’s why I did not create a minimized ready to run example. Also, because I highly suspect it is something specific about our code that raises this bug, because I guess simply using indexOf on gen erics is done often enough that a very simple case would already have been detected.

This seems to me to be related or at least similar to Possible false postive for java:S2175 while using generic wrapping class, but there the problem seems to have simply vanished.

Hello Dirk,

Thanks for the report! I tried reproducing it, however, could not so far. The FP may be raised only in certain edge cases. If it is public, can you share which SonarCloud project you are talking about, with a link to the issue you are seeing?

If it is not public, I will unfortunately not be able to access it and it would be helpful if you could provide a reproducer / the original file in which this issue gets raised here. If the code is sensitive, I can open a private channel over which you can share it.

Hello Johann,

thanks for your reply. Unfortunately it is a private project. However, I thought if it is running in SonarCloud you could maybe connect to it? Link to the issue is https://sonarcloud.io/project/issues?issues=AYByeTL8BjuLoFfTb0Og&open=AYByeTL8BjuLoFfTb0Og&id=forcam-devops_fforce

I tried reproducing the issue, but it does not trigger when I try to create a SSCCE. I could send you the whole file, but without all the required imports I guess this is kind of useless. Sending the whole project is unfortunately not possible.

We do not have access to private SonarCloud projects for security reasons, so I cannot simply connect to it, unfortunately.

However, I have opened up a private channel, via which you can share the single file that causes you the issue. Of course, I cannot say for sure if this file, removed from the project, will also trigger the rule in the same way, but it is worth a try.

Hello Dirk,

Thanks for your patience and for sending me the code in which this issue occurs. I’ve been trying to reproduce the issue on our side, however unfortunately have not been able to so far.

You wrote that this issue only occurs when you do a PR analysis, not on branch analysis. This makes it even more surprising to me and I would be very interested to find the cause here.

What (unrelated) change did you make in the file that ended up triggering the FP in the PR analysis? Also, are you able to simplify the file to an extent that it is self-contained (i.e. without dependencies on other closed-source code) and still reproduces the issue? Since I can’t compile the file alone, I tried to extract the parts that seemed relevant to me, however, it was not enough to reproduce the problem.