Unnecessary imports should be removed

cindy-rahbani · July 24, 2023, 2:58pm

Hello,

I’m facing an issue with the following rule not detecting vulnerable lines of code.

import org.springframework.beans.factory.annotation.AnnotatedBeanDefinition;

No @ are added before the line.
The quality profile used contains the rule in question.
We are using sonarqube version 9.6-community.

Do you have any idea?

Thanks,
Cindy

ganncamp · July 25, 2023, 1:18pm

Hi Cindy,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

9.6 → 9.9.1 → 10.1 (last step optional)

You may find these resources helpful:

Upgrade Guide

Regarding your question, it’s not clear what’s wrong with the line of code you provided. If you still have problems after your upgrade, please come back to us and make sure to provide detail on what’s missing, and what language you’re working in.

Ann

cindy-rahbani · July 28, 2023, 1:35pm

Hello Ann,

Actually what is wrong is that we have an enabled rule: “Unnecessary imports should be removed”
And this import : import org.springframework.beans.factory.annotation.AnnotatedBeanDefinition;
is not used, so the rule should have picked it up and a bug / code smell …

Do you have any idea why it ignored it?

Will be upgrading soon to the latest LTS version.

Thanks,
Cindy

ganncamp · July 28, 2023, 1:55pm

Hi Cindy,

Please let us know if this is still replicable after your upgrade.

Thx,
Ann

cindy-rahbani · July 31, 2023, 3:19pm

Hello Ann,

The issue persists after upgrading to the latest LTS version.
Can you please assist?

Thanks,
Cindy

ganncamp · July 31, 2023, 4:54pm

Hi Cindy,

Thanks for the followup.

To clarify, we’re talking about Java?

And could you provide a screenshot of the context for this false positive, or a compact reproducer file?

Thx,
Ann

cindy-rahbani · August 1, 2023, 8:49am

Hi again,

Yes we are talking about java.
The rule “Unnecessary imports should be removed” the same project is working for java classes but not for java classes in spring services modules.

Here is an example where the same import is detected as duplicated but not detected as unused.

Thanks,
Cindy

cindy-rahbani · August 1, 2023, 8:51am

import java.io.ObjectOutput should have been detected as unused.
But it’s not.

Any idea?

ganncamp · August 1, 2023, 1:30pm

Hi,

Thanks for the clarifications. I’ve flagged this for the language experts.

Ann

Margarita_Nedzelska · August 3, 2023, 3:03pm

Hello @cindy-rahbani,

Thanks for your message. I think there are a few different issues here: Duplicated import is reported, but unused is not, unused import isn’t reported. So let’s not mix them and try to solve them one by one.

Firstly, I will need the minimal reproducer to be able to reproduce the issue. Could you, please, provide me with a small sample project, where it happens, so I can investigate it further?

Regards,
Margarita