Rule S3887: Mutable, non-private fields should not be "readonly" (Bug warning) is not caught by sonar scanner and it is not displayed in the report on SonarQube 8.2 version community edition

mike1970fl03 · March 20, 2020, 11:40am

I’m using SonarQube sonarqube-8.2.0.32929 community edition, sonar scanner sonar-scanner-msbuild-4.7.1.2311-net46

The warning for the rule S3887: Mutable, non-private fields should not be “readonly” (Category: Bug) is not caught by sonar scanner and it is not displayed in the report.

E.g. Analyzing :

using System.Collections.Generic;
/// <title>Mutable, non-private fields should not be "readonly"</title>
/// <summary>
/// Using the readonly keyword on a field means that it can't be changed after initialization. However, when applied to collections or arrays, 
/// that's only partly true. readonly enforces that another instance can't be assigned to the field, but it cannot keep the contents from being updated. 
/// That means that in practice, the field value really can be changed, and the use of readonly on such a field is misleading, and you're likely to not be getting the behavior you expect.
/// This rule raises an issue when a non-private, readonly field is an array or collection.
/// </summary>
namespace SonarQubeToolVerification.Bug.Warnings
{
    public class S3887Warning
    {
        public readonly int[] intArr;  // Noncompliant
        public readonly LinkedList<int> intList;  // Noncompliant
    }
}

Waiting for Bug warning:

S3887: Mutable, non-private fields should not be “readonly”
but nothing displayed in the report.

Any suggestions?

Andrei_Epure · March 24, 2020, 10:12am

hi @mike1970fl03

This is by design - check this explanation from our test cases:

When the types are uninitialized, this is equivalent to being initialized to null so we don’t report

This behavior was added in #1695

When a mutable readonly field is not initialized, this is equivalent to being initialized with null . As the rule doesn’t report on the latter it should not report on uninitialized fields.

We don’t raise when a read-only collection field is initialized with null because we consider it an immutable value.

Topic		Replies	Views
Java:S2384 False Negative when the mutable member is not private Report False-positive / False-negative... java , sonarqube	4	1015	May 30, 2023
Rule S3241 FN: Methods should not return values that are never used (Code Smell warning) is not caught by sonar scanner and it is not displayed in the report on SonarQube 8.2 version community edition SonarQube Server / Community Build csharp	8	1928	October 13, 2020
'Non-primitive fields should not be "volatile" for @Immutable and @ThreadSafe annotated types Report False-positive / False-negative... java , sonarqube	4	1851	April 21, 2021
Sonarlint rule java:S2386 not working properly Report False-positive / False-negative... java , sonarqube-ide	5	2574	May 25, 2020
The rule Fields in non-serializable classes should not be "transient" (java:S2065) is a FP SonarQube Server / Community Build sonarqube , false-positive	2	1349	October 19, 2022

Rule S3887: Mutable, non-private fields should not be "readonly" (Bug warning) is not caught by sonar scanner and it is not displayed in the report on SonarQube 8.2 version community edition

Related topics