Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive for JUnit 5 Method Source: UPM_UNCALLED_PRIVATE_METHOD #2379

Closed
salbracco24 opened this issue Mar 17, 2023 · 9 comments
Closed

False positive for JUnit 5 Method Source: UPM_UNCALLED_PRIVATE_METHOD #2379

salbracco24 opened this issue Mar 17, 2023 · 9 comments

Comments

@salbracco24
Copy link

salbracco24 commented Mar 17, 2023
edited 

import com.vuln.Package;
import com.vuln.DateService;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;

import java.util.stream.Stream;  

private static final String DETECTION_DATE = "2023-03-15T04:20:00";

private final DateService dateService = new DateServiceImpl();

private static Stream<Arguments> vulnerabilities() {
    return Stream.of(
      Arguments.of(0.0, DETECTION_DATE, null),
      Arguments.of(0.04, DETECTION_DATE, null),
    );
  }

  @ParameterizedTest
  @MethodSource("vulnerabilities")
  public void testGetDueDateForPackage(double score, String detectionDate, String expectedDueDate) {
    Package issue = new Package();
    issue.setScore(score);
    issue.setDetectionDate(detectionDate);

    String actualDueDate = dateService.getDueDate(issue);

    assertEquals(expectedDueDate, actualDueDate);
  }

Spotbugs reports that the method vulnerabilities() is unused, but it is used as a MethodSource for this JUnit 5 test.

To reproduce, follow this guide and make a parametrized unit test
@welcome
Copy link

welcome bot commented Mar 17, 2023

Thanks for opening your first issue here! 😃
Please check our contributing guideline. Especially when you report a problem, make sure you share a Minimal, Complete, and Verifiable example to reproduce it in this issue.

@gtoison
Copy link
Contributor

gtoison commented Aug 9, 2023

I think that this one is a bit outside of the scope of the SpotBugs project.
SpotBugs could know about @MethodSource but that would mean replicating JUnit's logic (no arguments, static etc.)

gtoison added a commit to gtoison/spotbugs that referenced this issue Nov 5, 2023
@gtoison
test: sample reproducing issue spotbugs#2379
8175d8b
gtoison added a commit to gtoison/spotbugs that referenced this issue Nov 5, 2023
@gtoison
fix for issue spotbugs#2379: look for methods used through @MethodSource
b147603
hazendaz pushed a commit that referenced this issue Nov 8, 2023
@gtoison
Recognize JUnit's @MethodSource when looking for uncalled private m…
801e623 
…ethods (#2679)

* test: sample reproducing issue #2379

* test: fake JUnit library annotation for tests

* fix for issue #2379: look for methods used through @MethodSource

* test: replaced fake library by a direct dependency

* Made requested changes

* Handle the cases for zero or several source methods

* Moved changelog item since it was not incorporated in 4.8.1

* test: added the bug type when checking for the overall count of bugs
@gtoison
Copy link
Contributor

gtoison commented Nov 8, 2023

This should be fixed by #2679

@gtoison gtoison closed this as completed Nov 8, 2023
@salbracco24
Copy link
Author

salbracco24 commented Nov 8, 2023
edited

@gtoison I have upgraded to Spotbugs Annotations 4.8.1 and SpotBugs Maven plugin 4.8.1.0. I am still getting the uncalled private method issue. I even copy and pasted Issue2379.java into my project, and it had the same issue! So I know it's not my code. Am I doing something wrong?

image

@salbracco24
Copy link
Author

Oh, I guess you haven't released the changes yet, I see that now in the changelog

@gtoison
Copy link
Contributor

gtoison commented Nov 8, 2023

That's right, it's going to be in the next release

@hazendaz
Copy link
Member

hazendaz commented Nov 9, 2023

@salbracco24 If I was a betting man, I would say we release again in a week here. Seems we still had a few issues from the 4.8.0 release we are working through that 4.8.1 didn't completely solve. Goes to show waiting a year to release has far too much impact :( Give us a week anyways so we can fix up any other items that come in between now and then so we are not blowing through releases too quickly here. At this point I don't think we will ever again see years between releases so long we all stay very engaged :)

@salbracco24
Copy link
Author

Thanks for the update! I'll keep an eye out

@salbracco24
Copy link
Author

Confirmed, this bug is no longer present in SpotBugs 4.8.2. Thanks!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hazendaz @gtoison @salbracco24