SONARJAVA-6305 Fix the expected exceptions filter to work without semantic information#5626
Conversation
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
Agentic Analysis: Early ResultsAgentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action. 5 issue(s) found across 1 file(s):
Analyzed by SonarQube Agentic Analysis in 5.5 s |
![gitar-bot[bot]](https://avatars.githubusercontent.com/in/827041?s=60&v=4){kind=small}
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
Code Review ✅ Approved 2 resolved / 2 findingsRefactored the expected exceptions filter to function without semantic information and renamed the conversion check to broaden its scope. Addressed an unchecked argument index access and a duplicate test method name. ✅ 2 resolved✅ Quality: Duplicate method name in test file
✅ Edge Case: Unchecked argument index access may throw IndexOutOfBoundsException
OptionsAuto-apply is off → Gitar will not commit updates to this branch. Comment with these commands to change:
Was this helpful? React with 👍 / 👎 | Gitar |
NoemieBenard
left a comment
NoemieBenard
left a comment
There was a problem hiding this comment.
Overall LGTM and should work for the FPs that we have, just some comments
| } | ||
| } | ||
|
|
||
| // When semantic information is missing, the filter should conservatively activate. |
There was a problem hiding this comment.
Is it really about semantic here ?
There was a problem hiding this comment.
Yes, here this is an example that wouldn't even compile, because @Test is used without a fully qualified path and there is no import for the annotation, so when the filter processes the annotation it doesn't know its actual type. However, since the annotation looks like a test annotation that matches the criteria for the filter, we still want to trigger it.
| @Test(expected = DateTimeException) | ||
| void wrongExpectedType() { | ||
| Instant.from(date); // WithIssue | ||
| } | ||
|
|
||
| @Test(expect = DateTimeException.class) | ||
| void wrongAnnotationAttribute() { | ||
| Instant.from(date); // WithIssue | ||
| } | ||
|
|
||
| @Test | ||
| void wrongAssertMethodSignature() { | ||
| assertThrows(Instant.from(date)); // WithIssue | ||
| catchThrowableOfType(Instant.from(date)); // WithIssue |
There was a problem hiding this comment.
I wonder if we are not being too strict with these tests, we could prevent the filter from activating on patterns that we don't recognize even though they are correct. (but maybe we can keep it as it is for now, WDYT?)
There was a problem hiding this comment.
I think we don't want to trigger the filter in cases where we do not have enough information to know what specific exceptions are expected. Here, we cannot know if the intent of the user was to assert that the call throws a DateTimeException or one of its super/sub-classes. WDYT ?
There was a problem hiding this comment.
Yes, but we could say that we don't raise if there is any indication that an exception is expected, risking false negatives but avoiding false positives on specific behavior intended by the developer (but I am not sure this can happen). Anyway I think for now the way you did it is fine and we'll have feedback later if there are any issues
| @@ -195,42 +214,38 @@ private static Optional<Type> classLiteralType(ExpressionTree expression) { | |||
There was a problem hiding this comment.
This looks nicer IMO:
| if (expression instanceof MemberSelectExpressionTree memberSelect | |
| && "class".equals(memberSelect.identifier().name())) { | |
| return Optional.of(memberSelect.expression().symbolType()); | |
| } |
| import org.sonar.plugins.java.api.tree.UnionTypeTree; | ||
|
|
||
| import static org.sonar.java.checks.helpers.MethodTreeUtils.consecutiveMethodInvocation; | ||
| import static org.sonar.java.checks.helpers.UnitTestUtils.isTryCatchFail; |
There was a problem hiding this comment.
The unused import should be removed
aurelien-coet-sonarsource
temporarily deployed
to
sca-checking
GitHub Actions
Inactive
|
Code Review ✅ Approved 2 resolved / 2 findingsUpdates the expected exceptions filter to support non-semantic analysis and renames the conversion check for broader scope, addressing previous index access and naming concerns. No further issues found. ✅ 2 resolved✅ Quality: Duplicate method name in test file
✅ Edge Case: Unchecked argument index access may throw IndexOutOfBoundsException
OptionsAuto-apply is off → Gitar will not commit updates to this branch. Comment with these commands to change:
Was this helpful? React with 👍 / 👎 | Gitar |
2 participants
Summary by Gitar
InstantConversionsChecktoDateTimeConversionsCheckto reflect its broadened scope.LocalDate,LocalTime, andZonedDateTimetypes.ExpectedExceptionFilterto allow these conversions to work correctly without full semantic information.DateTimeConversionsCheckSampleandDateTimeConversionsCheckTestto verify the new detection logic.ExpectedExceptionFilter.javato validate filter behavior with various exception types and signatures.This will update automatically on new commits.