#1233 urf_unread_public_or_protected_field false positive when using reflection

3.x
open
William Pugh
9
2014-08-13
2013-12-11
Vitaly Bichov
No

When using container class with public fields and serializing this class false positive (urf_unread_public_or_protected_field) is reported. I.E:

class Container {
    public String containdField;
}

class WebRsource {

private static Gson gson = new GsonBuilder().registerTypeAdapter(JsonContent.class, new JsonContentAdapter()).create();

@GET
public String getJSON() {
    Container container = new Container();
    container.containdField = "Some String";  //<--here you get false positive
    return gson.toJson(container);

}

Discussion

  • William Pugh
    William Pugh
    2013-12-17

    • assigned_to: William Pugh
     
  • William Pugh
    William Pugh
    2013-12-17

    Do you have any recommendations for reducing false positives, other than just disabling the detector? Trying to figure out what might be accessed via Gson seems very difficult.

     
  • William Pugh
    William Pugh
    2013-12-17

    • Group: 2.0.3 --> 3.0.0
     
  • William Pugh
    William Pugh
    2014-01-09

    • labels: --> false positive
     
    • Group: 3.0.0 --> 3.0.1