Skip to content

SONARJAVA-4698 Fix false positive in S1191 when variable is named "sun" #5352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

SONARJAVA-4698 Fix false positive in S1191 when variable is named "sun" #5352

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
66bc890
SONARJAVA-4698 Fix false positive in S1191 when variable is named "sun"
benzonico Nov 12, 2025
e7e84f4
SONARJAVA-4698 Address PR review comments
benzonico Nov 13, 2025
72dd782
SONARJAVA-4698 Prefer avoiding FPs over missing TPs when type is unknown
benzonico Nov 14, 2025
d568c34
SONARJAVA-4698 Detect all sun.* usage patterns and ensure consistent …
benzonico Nov 18, 2025
4329430
SONARJAVA-4698 Fix autoscan test by requiring bytecode for import det…
benzonico Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion ...-test-sources/default/src/main/files/non-compiling/checks/SunPackagesUsedCheckSample.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
import java.util.ArrayList;

class SunPackagesUsedCheckSample {
private Object sun; // variable named "sun"

private void f() {
java.util.List a;
sun.Foo b; // Noncompliant
// ^^^^^^^
sun.Foo.toto.asd c; // secondary
// ^^^^^^^^^^^^^^^^<

}

public Object uselessMethod() {
Expand All @@ -16,4 +18,18 @@ public Object uselessMethod() {
}
return null;
}

// SONARJAVA-4698: False positive when variable is named "sun"
public void fooWithFieldNamedSun() {
sun.toString(); // Compliant - FP: "sun" is a field of type Object, not a sun.* package class
Copy link
Contributor

@andreaguarino andreaguarino Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should mention "FP" in the comment, it sounds confusing to me: I would rather leave only // Compliant - "sun" is a field of type Object, not a sun.* package class

}

public void barWithParameterNamedSun(Object sun) {
sun.toString(); // Compliant - FP: "sun" is a parameter of type Object, not a sun.* package class
Copy link
Contributor

@andreaguarino andreaguarino Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should mention "FP" in the comment, it sounds confusing to me: I would rather leave only // Compliant - "sun" is a field of type Object, not a sun.* package class

}

public void bazWithLocalVariableNamedSun() {
Object sun = new Object();
sun.toString(); // Compliant - FP: "sun" is a local variable of type Object, not a sun.* package class
Copy link
Contributor

@andreaguarino andreaguarino Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should mention "FP" in the comment, it sounds confusing to me: I would rather leave only // Compliant - "sun" is a field of type Object, not a sun.* package class

}
}
15 changes: 14 additions & 1 deletion java-checks/src/main/java/org/sonar/java/checks/SunPackagesUsedCheck.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ private void reportIssueWithSecondaries(JavaFileScannerContext context) {
@Override
public void visitMemberSelectExpression(MemberSelectExpressionTree tree) {
String reference = ExpressionsHelper.concatenate(tree);
if (!isExcluded(reference) && isSunClass(reference)) {
if (!isExcluded(reference) && isSunClass(reference) && isActuallySunPackage(tree)) {
reportedTrees.add(tree);
}
}
Expand All @@ -75,6 +75,19 @@ private static boolean isSunClass(String reference) {
return reference.startsWith("sun.");
}

private static boolean isActuallySunPackage(MemberSelectExpressionTree tree) {
// Check if the expression's type actually comes from a sun.* package
// This prevents false positives when a variable is named "sun"
var type = tree.expression().symbolType();
if (type.isUnknown()) {
// If we can't determine the type, we should still check to avoid missing real issues
Copy link
Contributor

@andreaguarino andreaguarino Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would argue that when in doubt we shouldn't report instead, to prevent raising FPs

// In this case, rely on the string-based check
Copy link
Contributor

@andreaguarino andreaguarino Nov 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the unit tests are only checking for non-compiling code, meaning we always rely on the string based check, instead of our semantic analysis. Would it be possible to test compiling code?

return true;
}
String fullyQualifiedName = type.fullyQualifiedName();
return fullyQualifiedName.startsWith("sun.");
Copy link
Contributor

@andreaguarino andreaguarino Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is returning always false, i.e. we never have a test case where the type is known and that its fully qualified name starts with "sun."

}

private boolean isExcluded(String reference) {
for (String str : excludePackages) {
if (!str.isEmpty() && reference.startsWith(str)) {
Expand Down