Skip to content

SONARJAVA-5553 Raise only when returned mutable actually reaches outside the class for S2384#5136

Merged
romainbrenguier merged 5 commits intomasterfrom
romain/fp/mutable-store-taint-analysis
May 16, 2025
Merged

SONARJAVA-5553 Raise only when returned mutable actually reaches outside the class for S2384#5136
romainbrenguier merged 5 commits intomasterfrom
romain/fp/mutable-store-taint-analysis

Conversation

@romainbrenguier
Copy link
Copy Markdown
Contributor

@romainbrenguier romainbrenguier commented May 8, 2025
edited
Loading

https://sonarsource.atlassian.net/browse/SONARJAVA-5553

This is to reduce FPs where a mutable field is returned by a private method but this value is only used within the class and never escapes.

erwan-serandour
erwan-serandour requested changes May 8, 2025
View reviewed changes
Comment thread java-checks/src/main/java/org/sonar/java/checks/MutableMembersUsageCheck.java Outdated
/**
* Maps method that return the result of another method
*/
private final Map<String, String> passingThroughMethod = new HashMap<>();
Copy link
Copy Markdown
Contributor

@erwan-serandour erwan-serandour May 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

methods can have several returns

@romainbrenguier romainbrenguier force-pushed the romain/fp/mutable-store-taint-analysis branch from 5d9e398 to d1cb097 Compare May 9, 2025 07:28
@romainbrenguier romainbrenguier changed the title SONARJAVA-4473 Raise only when returned mutable actually reaches outside the class for S2384 SONARJAVA-5553 Raise only when returned mutable actually reaches outside the class for S2384 May 9, 2025
@romainbrenguier romainbrenguier force-pushed the romain/fp/mutable-store-taint-analysis branch 2 times, most recently from 39e37dc to 3b1ed31 Compare May 15, 2025 15:17
@romainbrenguier romainbrenguier force-pushed the romain/fp/mutable-store-taint-analysis branch from 3b1ed31 to 85dbec3 Compare May 16, 2025 11:17
@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented May 16, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
96.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@romainbrenguier romainbrenguier merged commit 4564d96 into master May 16, 2025
17 checks passed
@romainbrenguier romainbrenguier deleted the romain/fp/mutable-store-taint-analysis branch May 16, 2025 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erwan-serandour erwan-serandour erwan-serandour approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@romainbrenguier @erwan-serandour