The main options for blocking reporting of an issue in SQ are either to mark the issue itself, or annotate the code, either with NOSONAR or @suppresswarnings(). We normally use the former but would like to use the latter in some cases.
For instance, the null pointer rule java:S2259 often has false positives. In many cases (at least for US) this is because our code has convoluted logic where we know an NPE can’t occur at a certain place, but only because we have high-level knowledge of the application that is beyond SQ’s ken. We could mark that instance FP, but there’s the risk that a dev might make a subtle change that then violates the assumptions and makes the NPE possible.
For such cases, we’d prefer an explicit annotation in the actual code. Something that says, in effect: “WE TOOK THE GUARD RAIL OFF HERE, SO IF YOU CHANGE THIS METHOD, YOU’D BETTER MAKE SURE YOU DIDN’T INTRODUCE AN NPE HERE, OR WE’LL HANG AN ALBATROSS AROUND YOUR NECK!”
We could tag the specific line of code with NOSONAR, but that suppresses ALL issues on that line. @Suppresswarnings gives rule-specificity, but only at the granularity of a method (if I’m reading current documentation correctly). What I’d like is to combine the two, something like //NOSONAR(“java:S2259”) or make @Suppresswarnings only apply to one region of code.