S2699 - False Positives for Java MockMvc + SonarCloud

joepf · January 8, 2021, 11:16pm

Platform: SonarCloud
Language: Java

For our integration tests we’re running into a false positive that expects at least a single assertion when using MockMvc. andExpect works as an assertion, but is not treated like one.
I found a similar issue, where the fix was to upgrade their version:

I’m unsure how to go about fixing this for SonarCloud.

Code snippet:

  @Test
  @SuppressWarnings("squid:S2699")
  void register400() throws Exception {

    mockMvc.perform(post("/register")
        .content(...)
        .andExpect(status().is(400))
        .andExpect(jsonPath("$.errorMessage", is("TEST ERROR MESSAGE")));
  }

Margarita_Nedzelska · January 27, 2021, 11:54am

Hi @joepf and welcome to the community!

I tried to reproduce your problem and I can’t. According to the implementation we do support MockMvc methods for this rule. In order to investigate this case further I need link to your project in SonarCloud or at least the whole file with this issue.

My guess is either you have misconfigured project and semantic is broken, or your assertions are in different package than analyser expects, so are not considered as assertions.

Regards,
Margarita

Nazariy_Dovhii_Trach · March 12, 2021, 11:19am

Hello! We have the same issue in our project.

Margarita_Nedzelska · March 25, 2021, 1:57pm

Hi @Nazariy,

Thank you for your message and welcome to the community. As you can probably see, we were unable to reproduce such case because Java analyser do support MockMvc assertions.

In order to make help us investigate your case, we will highly appreciate if you can share the version of the product you’re using and the version of Java analyser there. Also it will be very helpful if you can tell us, which version of Spring you’re using to test with MockMvc (or any other library you’re using, if it’s not from Spring) and a version of JUnit.

Another possible explanation could be a broken configuration or semantics, so it will be nice to see your log and/or configuration and properties.

Kind regards,
Margarita

lrozenblyum · March 30, 2021, 7:34am

@Margarita_Nedzelska I also started sufferring from the issue (got multiple false positives related to the problem, during the last night SonarCloud analyzing).
We are using Spring 5.3.3, JUnit4.

Example

Margarita_Nedzelska · April 9, 2021, 1:36pm

Hello @lrozenblyum,

Thank you for the message. Unfortunately, I cannot reproduce the original case.
Could you please explain a little bit more what does it mean “during last night SonarCloud analysis”. Does it mean, the issue was not reported before on this case or there was no such code before?

Could you please also check there are no warnings on your project. There could be a missing semantic problem that leads to FPs. It is usually caused by misconfiguration.

Regatds,
Margarita

lrozenblyum · April 9, 2021, 2:45pm

Hello @Margarita_Nedzelska!
By ‘during last night SonarCloud analysis’ I meant that the code is pretty old (since July 2019), and Sonar hasn’t been complaining about it before.

About warnings: SonarCloud doesn’t show any warnings about analyzing itelf on its web interface. Or do you mean to check logs of the analyzing in the CI?

Margarita_Nedzelska · April 9, 2021, 3:08pm

Yes, I meant both warnings in the web interface and in logs.

rfajarachmad · August 16, 2021, 5:55am

Hello!, I have the same issue in my project, do we have a workaround or resolution for this?

joepf · August 16, 2021, 5:07pm

Unfortunately, the only workaround we found was to suppress the warning.

@SuppressWarnings("squid:S2699")

system · August 23, 2021, 5:07pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.