Hello,
I’m facing an issue with the following rule not detecting vulnerable lines of code.
import org.springframework.beans.factory.annotation.AnnotatedBeanDefinition;
No @ are added before the line.
The quality profile used contains the rule in question.
We are using sonarqube version 9.6-community.
Do you have any idea?
Thanks,
Cindy
Hi Cindy,
Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:
9.6 → 9.9.1 → 10.1 (last step optional)
You may find these resources helpful:
Regarding your question, it’s not clear what’s wrong with the line of code you provided. If you still have problems after your upgrade, please come back to us and make sure to provide detail on what’s missing, and what language you’re working in.
Ann
Hello Ann,
Actually what is wrong is that we have an enabled rule: “Unnecessary imports should be removed”
And this import : import org.springframework.beans.factory.annotation.AnnotatedBeanDefinition;
is not used, so the rule should have picked it up and a bug / code smell …
Do you have any idea why it ignored it?
Will be upgrading soon to the latest LTS version.
Thanks,
Cindy
Hi Cindy,
Please let us know if this is still replicable after your upgrade.
Thx,
Ann
Hello Ann,
The issue persists after upgrading to the latest LTS version.
Can you please assist?
Thanks,
Cindy
Hi Cindy,
Thanks for the followup.
To clarify, we’re talking about Java?
And could you provide a screenshot of the context for this false positive, or a compact reproducer file?
Thx,
Ann
Hi again,
Yes we are talking about java.
The rule “Unnecessary imports should be removed” the same project is working for java classes but not for java classes in spring services modules.
Here is an example where the same import is detected as duplicated but not detected as unused.
Thanks,
Cindy
import java.io.ObjectOutput should have been detected as unused.
But it’s not.
Any idea?
Hi,
Thanks for the clarifications. I’ve flagged this for the language experts.
Ann
Hello @cindy-rahbani,
Thanks for your message. I think there are a few different issues here: Duplicated import is reported, but unused is not, unused import isn’t reported. So let’s not mix them and try to solve them one by one.
Firstly, I will need the minimal reproducer to be able to reproduce the issue. Could you, please, provide me with a small sample project, where it happens, so I can investigate it further?
Regards,
Margarita
