[SONARJAVA-3535] Rule S3749 should not raise when the singleton has @ConfigurationProperties annotation - SonarSource

Details

Type: False-Positive
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.9
Component/s: Rules
Labels:

Description

A SonarCloud user gave this feedback:
"Spring @ConfigurationProperties are configured by Spring similar to @Autowired. Scanner is unable to exclude the configuration properties. Also Lombok is in play and is creating the getter/setters."

@Data
@Component
@ConfigurationProperties("token.cachemanager")
public class TokenCacheManagerConfigProperties {

    // HSDP OAuth2 Access Token has a 30 minutes, so cache expirery must be less than 30.
    private long expiryMinutes = 25; // Noncompliant but FP

    @PostConstruct
    public void postConstruct() {
        isTrue(expiryMinutes > 0L &&  expiryMinutes < 30,
                "token.cachemanager.expiryminutes is a required configuration, a positive value less than 30");
    }
}

The rule should not raise for any kind of members when @ConfigurationProperties annotation is set on a singleton by the developer (@ConfigurationProperties annotation has a similar meaning than @Value annotation that is a compliant solution for this rule)

Attachments

Issue Links

relates to

RSPEC-3749 Members of Spring components should be injected

Active

links to

SQ Community Forum feedback

Activity

People

Assignee:

Michael Gumowski

Reporter:

Eric Therond

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Due:

07/Oct/20

Created:

22/Sep/20 6:17 PM

Updated:

06/Nov/20 5:56 PM

Resolved:

02/Oct/20 10:37 AM