RSPEC-3065 need detect final variables from out class

Belle · December 16, 2021, 1:36pm

Hi, I think the rule RSPEC-3065 should detect final fields from out class.

Please refer to the following minimized sample and this is a false negative. SonarQube should report a warning at line 6 because the Min and Max used in combination here always return same value and this is wrong result.

class Util {
    public static final int UPPER = 20;
    public static final int LOWER = 0;
}    
public int foo(int num) {
    int result = Math.min(Util.LOWER, num);  // should report a warning here, but no warnings
    return Math.max(Util.UPPER, result);
}

My Version
- sonarqube-9.2.2.50622
- sonar-scanner-cli-4.6.2.2472-linux

Michael · December 21, 2021, 5:35pm

Hey @Belle,

Unfortunately, this can not be achieved with a purely static analysis approach and so rule S3065 won’t be able to detect them. The content of the other class might not be available at analysis time, or without compilation, which makes it difficult to follow the logic, or be sure of the results on the analyzer side.

Cheers,
Michael

system · December 28, 2021, 5:36pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.