Query an Oracle database connection with a variable table name but avoiding SQL injections.
Sonaqube won’t accept this (even if I know it’s safe because of the Pattern verification):
if (ValidateurParams.patternMinimumChaine.matcher(nomTable).find())
preparedStatement = connection.prepareStatement(
String.format("select NUM_INSN, NUM_CAIS, NUM_FOLI, NUM_FOLI_MASQ, MASQ_DIGIT from %s",
nomTable));
else
throw new IllegalArgumentException("NomTable n'est pas correct: " + nomTable);
What rule is raising an issue on your code? Does the rule description not adequately explain why an issue is raised?
Also, make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported.
To get the rule ID, use the “Why is this an issue” link. It will look something like java:s###
Marking the issue as Won’t Fix is certainly an option. Marking is False Positive is an option too if you truly believe the code has been incorrectly analyzed. I wonder, though, if the issue will still be raised when you upgrade to 9.9…