sonarqube incorrectly reports on the following (simplified) source PreparedStatement has no parameters. (squid:S2695):
public static final String UPDATE_QUERY = "UPDATE TABLE SET COL1=? WHERE PK=?";
private PreparedStatement preparedStatement = null;
public void updateMethod(Date date, Long pk )
{
  if(preparedStatement == null)
  {
    //ConnectionService is not a Connection!
    preparedStatement = ConnectionService.prepareStatement(UPDATE_QUERY);
  }
  //sonarqube reports on the following two lines: 'This "PreparedStatement" has no parameters.'
  preparedStatement.setDate(1, date);
  preparedStatement.setLong(2, pk);
  ResultSet rs = preparedStatement .executeQuery(); 
  //further code left out
}
Questions:
Is this a bug or a limitation of the analyser?
Is there something I can do to hide these "false positives"?
It's a false positive as you can see here it's fixed in version 4.5.
Answer to question 1:
Yes, it is a bug, upgrade your Sonar version to 4.5 (or newer)
Answer to question 2:
Disable rule in sonar here
or
How to remove False-Positive issues? here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With