sonarqube incorrectly reports on the following (simplified) source PreparedStatement has no parameters.
(squid:S2695):
public static final String UPDATE_QUERY = "UPDATE TABLE SET COL1=? WHERE PK=?";
private PreparedStatement preparedStatement = null;
public void updateMethod(Date date, Long pk )
{
if(preparedStatement == null)
{
//ConnectionService is not a Connection!
preparedStatement = ConnectionService.prepareStatement(UPDATE_QUERY);
}
//sonarqube reports on the following two lines: 'This "PreparedStatement" has no parameters.'
preparedStatement.setDate(1, date);
preparedStatement.setLong(2, pk);
ResultSet rs = preparedStatement .executeQuery();
//further code left out
}
Questions:
Is this a bug or a limitation of the analyser?
Is there something I can do to hide these "false positives"?
It's a false positive as you can see here it's fixed in version 4.5.
Answer to question 1:
Yes, it is a bug, upgrade your Sonar version to 4.5 (or newer)
Answer to question 2:
Disable rule in sonar here
or
How to remove False-Positive issues? here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With