Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

sonarqube incorrectly reports "PreparedStatement has no parameters."

Tags:

java

sonarqube

sonarqube incorrectly reports on the following (simplified) source PreparedStatement has no parameters. (squid:S2695):

public static final String UPDATE_QUERY = "UPDATE TABLE SET COL1=? WHERE PK=?";

private PreparedStatement preparedStatement = null;

public void updateMethod(Date date, Long pk )
{
  if(preparedStatement == null)
  {
    //ConnectionService is not a Connection!
    preparedStatement = ConnectionService.prepareStatement(UPDATE_QUERY);
  }

  //sonarqube reports on the following two lines: 'This "PreparedStatement" has no parameters.'
  preparedStatement.setDate(1, date);
  preparedStatement.setLong(2, pk);
  ResultSet rs = preparedStatement .executeQuery(); 

  //further code left out
}

Questions:

  1. Is this a bug or a limitation of the analyser?

  2. Is there something I can do to hide these "false positives"?

like image 782
MRalwasser Avatar asked Feb 01 '16 10:02

MRalwasser


1 Answers

It's a false positive as you can see here it's fixed in version 4.5.

Answer to question 1:
Yes, it is a bug, upgrade your Sonar version to 4.5 (or newer)

Answer to question 2:
Disable rule in sonar here
or
How to remove False-Positive issues? here

like image 123
fidudidu Avatar answered Oct 17 '22 12:10

fidudidu