Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3294

S4426: duplicates and FP when multiple declaration of KeyPairGenerator in the same method

    Details

    • Type: False-Positive
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.1
    • Component/s: Rules
    • Labels:
      None

      Description

      When a method contains multiple uses of KeyPairGenerator, the rule reports duplicates and false positives.

        public void report_only_once(int size) throws NoSuchAlgorithmException {
          if (size == 1) {
            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
            keyGen.initialize(1);  // 4 issues
          } else if(size == 2) {
            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
            keyGen.initialize(2);  // 4 issues
          } else if(size == 3) {
            KeyGenerator keyGen = KeyGenerator.getInstance("AES");
            keyGen.init(3);  // 4 issues
          } else {
            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
            keyGen.initialize(2048); // 4 issues
          }
        }
      

      For such code, 4 issues are reported for each initialize, for a total of 16 issues, and 12 FP.

      The problem became obvious when we added the support for more cases in SONARJAVA-3211, however, it was already present since the first implementation,

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.jaquier Quentin Jaquier
                Reporter:
                quentin.jaquier Quentin Jaquier
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: