Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-1237

S2695 : NPE when sql query is defined in other file than the file currently analyzed

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5
    • Fix Version/s: 3.6
    • Component/s: Rules
    • Labels:
      None

      Description

      When the query used for the prepared statement is in another file, the rule fail with a NPE. Root cause: PreparedStatementAndResultSetCheck on line 123. Getting the declaration of a symbol outside currently analyzed file returns null. Return value is not checked.

      Reproducer:

      ExtendedClass.java
      package sonar.testcase;
      
      import java.sql.Connection;
      import java.sql.PreparedStatement;
      
      public class ExtendedClass extends BaseClass {
      
          protected void prepareReport(Connection connection) throws Exception {
              try {
                  String sql = SQL_QUERY_BASE;
                  PreparedStatement pstmt = connection.prepareStatement(sql);
                  pstmt.setString(1, "smth"); 
              } catch (Exception e) {}
          }
      }
      
      BaseClass.java
      package sonar.testcase;
      
      public class BaseClass {
          public static final String SQL_QUERY_BASE = "select * from MYTABLE where customerId = ?"; // Declaration can not be retrieved when analyzing ExtendedClass.java
      }
      

      Original thread from SQ google group: https://groups.google.com/d/msgid/sonarqube/1cf433a1-fd19-454e-93f4-9de1cb32815b%40googlegroups.com

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              michael.gumowski Michael Gumowski
              Reporter:
              michael.gumowski Michael Gumowski
              Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: