Reputation: 389
Sonarqube false positive for "Use try-with-resources or close this "ResultSet" in a "finally" clause"
Sonarqube keeps marking code with this issue which is, in my opinion, a false positive. Code looks like this:
try(PreparedStatement st=con.prepareStatement(myQuery)){
st.setInt(1, myValue);
...
ResultSet rs = st.executeQuery();
...
}
If I'm not mistaken, the PreparedStatement implements Closeable and, when closing itself, it also closes the underlying ResultSet.
This behaviour would prevent the ResultSet from being kept open, yet Sonarqube analysis marks it as a critical error.
Am I mistaken? Any way of making Sonarqube ignore this rule under this circumstances?
Tested under Sonarqube 6.7.3 and JDK 8.
From the ResultSet javadoc:
A ResultSet object is automatically closed when the Statement object that generated it is closed, re-executed, or used to retrieve the next result from a sequence of multiple results.
Upvotes: 2
Views: 5245
Answers (4)
Reputation: 389
This was finally fixed by the Sonarqube team, starting with the 6.7 release.
Upvotes: 1
Reputation: 4420
Indeed this is a false positive. It was already reported and there is open ticket to fix it https://jira.sonarsource.com/browse/SONARJAVA-2060
You can mark the issue as false positive in SonarQube UI, or add // NOSONAR comment on the line where the issue is raised to ignore it.
Upvotes: 6
Reputation: 18408
It's probably unreasonable to expect code analyzers to know such things. Can a tool know all the -additional- semantics of all Closeables in all libraries written anywhere anytime ?
The doco indeed mentions that "the current ResultSet, if any, is also closed".
Note "the current". What happens if you happen to have two distinct executeQuery() invocations ? Will it fail on bad status or some such ? Will there be two distinct ResultSet objects, both unclosed and one of them now unreferenced ?
(Note : two distinct executeQuery() invocations might sound like completely insane, but remember "coders can do anything" and that is even the very reason why tools such as SonarQube are written in the first place.)
I'm not saying it's entirely undebatable, but to me it doesn't seem that strange if the analysis tool just sees you getting a Closeable and not closing it and just simply complain about it.
Upvotes: 2
Reputation: 2366
There's no properties file or any configuration in the pom.xml file
Please take a look at this documentation, you can create sonar-project.properties file in your root project directory set a lot of diffrent properties which have impact on your analysis. One of them is sonar.java.source which allow you specific concreate java version. (details)
Any way of making Sonarqube ignore this rule under this circumstances?
I had situation when sonarqube engine mark block of code as an issue, but from developer point of view it wasn't, so in that case it's candidate to mark it as false-positive. To set rules which allow/disallow marking issues on specific files, please refer this sonarqube documentation .
Upvotes: 0
Related Questions
- Sonar asks to "Use try-with-resources or close this "Connection" in a "finally" clause."
- Use try-with-resources or close this "Stream" in a "finally" clause
- Apply Try with Resources correctly in Java 7?
- Sonarqube issue - Change this "try" to a try-with-resources. How to handle conditional resources?
- How to avoid sonar error "use try-with-resources or close this ... in a "finally" clause" if custom close method is used (java 6)?
- Try with multiple resource causes a sonar qube issue
- Sonar error Conditions should not unconditionally evaluate to "TRUE" or to "FALSE"
- Sonar-Use try-with-resources or close this "Stream" in a "finally" clause java8 stream
- Resources should be closed issue is raised by sonar java even if the resource is closed
- Resultset is never closed - Sonarqube analysis