I used reflection to invoke a private constructor of a class in order to solve insufficient branch coverage issue shown by sonar scan report. This is the snippet of my code I was working:
// reflection to access a private constructor of a class
Constructor<CMISBridgeMaps> c = CMISBridgeMaps.class.getDeclaredConstructor(new Class[0]);
c.setAccessible(true);
cmisBridgeMaps = c.newInstance(new Object[0]);
The above code solved my sonar scan critical issue. But unfortunately fortify is now showing the Access specifier manipulation issue on the following line:
c.setAccessible(true);
How can I solve both fortify and sonarcube issues? Any help would be greatly appreciated.
If you use Spring, you can use ReflectionUtils.makeAccessible(field)
to make that field accessible. Fortify does not complain about this tweak.
You can read more about this in this article.
I believe you do not need to run fortify scan on your UNIT TCs. As they are written to verify your code and they do not run into your production/actual environment.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With