URIs should not be hardcoded. Doesn't work for my code

Phillipe · February 26, 2019, 4:23pm

I am hoping to use this rule to avoid hardcode in production projects. Recently, the rule in question did not warn, but the code had a URL encoded.

I tried with sonarqube version 5.6 and also with a local test using the docker image in version 7.6

Code that I am trying to trigger rule.

@SuppressWarnings ("rawtypes")
protected <T> ResponseEntity postForEntity(URI uri, Object body, Class<T> responseType) {

    try {

        ResponseEntity<T> response = restTemplate.postForEntity("http://something:8010/operation/test", body, responseType);

        return response;

    } catch (HttpClientErrorException | HttpServerErrorException e) {

        logger.error(e);
        return processErrorResponse(e.getResponseBodyAsString(), e.getStatusCode());

    } catch (RestClientException e) {
        logger.error(e);
    }

    return null;
}

Nicolas_Peru · July 9, 2019, 9:21am

Hi @Phillipe and sorry for the late reply :
based on https://jira.sonarsource.com/browse/SONARJAVA-176 and other implementations in different analyzers for different languages, this rule is raising issue on a very limited scope of places where we can spot hardcoded URIs.

This choice was made to limit the amount of noise we report to our users. We value false negative (your case) over false positive as a general rule of thumb for code smells so you can actually trust the issues you are getting from the tool.