S6857 with constant

It seems that using a concatenated SPEL with a string constant leads to false-positives.

  • What language is this for?
    • Java
  • Which rule?
    • S6857
  • Why do you believe it’s a false-positive/false-negative?
    • The SPEL expressions seems valid to me and is working.
  • Are you using
    • SonarQube - which version?
      • Enterprise Edition v10.6 (92116)
  • How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
    • @Value("${demo.soap.sp.client.ssl.keystore.path:" + MOCKED_SOAP_SP_CLIENT_SSL + "}")

Hey there.

Thanks for the report. We’re already tracking this bug here (SONARJAVA-5079) and it’s on our to-do list.

Thanks for the quick response. I wouldn’t have thought that SONARJAVA-5079 is also relevant to my report, but I’m happy to see that I will be fixed.

Hi @govenny,

Can you please provide the value MOCKED_SOAP_SP_CLIENT_SSL ?
As it affects how the rule regex is implemented.

Thanks!

Irina

Sure, it is a String with the value “classpath:/keys/mocked-sp-client-auth.p12”

1 Like