squid:S1118 with Lombok @UtilityClass


(Oksana Tkanko) #1

Hi there,

My team face false positives with squid:S1118 rule and Lombok @UtilityClass annotation.

Example code:

 import lombok.experimental.UtilityClass;

@UtilityClass
public class UtilityClassExample {

  public void doSomething() {
    //something here
  }
}

SQ marks it as major code smell, but according to [1] you cannot instantiate the utility class, even only as an internal implementation detail.


(Michael Gumowski) #2

Hello,

What’s your version of SonarQube and SonarJava analyzer plugin?

I can not reproduce the issue you are facing with the latest release of SonarJava (5.8.0.15699). From my point of view this case should be covered correctly already.

Regards,
Michael


(Oksana Tkanko) #3

Hi Michael,

Thanks for coming back.
SQ version: 6.7.0.33306
SonarJava: 5.7 (build 15470)

Regards,
Oksana


(Michael Gumowski) #4

Hey,

I had a look at the code of rule and how we handle the lombok annotations, and this case should definitely be covered, even with your slightly older version.

Can you check that you are correctly providing the lombok binaries to the SonarQube analysis? Missing binaries will make the SonarJava fail to build its semantic model, and therefore fail to handle correctly lombok annotations.

Michael


(Oksana Tkanko) #5

Hey,

What is the correct way of supplying Lombok to Sonarqube?
We recently moved it from the list of dependencies to build-tools.

Regards,
Oksana