cleanup

tomasz-tylenda-sonarsource · tomasz-tylenda-sonarsource · commit 3424d8b1ac4c · 2025-07-07T17:50:52.000+02:00
diff --git a/java-checks-test-sources/default/src/main/java/checks/SQLInjection.java b/java-checks-test-sources/default/src/main/java/checks/SQLInjection.java
@@ -286,4 +286,17 @@ public void formattedConst(Locale locale, String input) throws SQLException {
     String query = "SELECT %s".formatted("1");
     this.stmt.execute(query);
   }
+
+  public void plusAssignment(String input) throws SQLException  {
+    String query = "SELECT";
+    query += String.format("WHERE col = %c", input);
+    this.stmt.execute(query); // Noncompliant
+  }
+
+  public void plusAssignmentConst() throws SQLException  {
+    // FP, but probably rare and not worth complicating the code to fix it.
+    String query = "SELECT";
+    query += String.format("WHERE col = \"%c\"", "value");
+    this.stmt.execute(query); // Noncompliant
+  }
 }
diff --git a/java-checks/src/main/java/org/sonar/java/checks/SQLInjectionCheck.java b/java-checks/src/main/java/org/sonar/java/checks/SQLInjectionCheck.java
@@ -131,8 +131,6 @@ public List<Tree.Kind> nodesToVisit() {
   @Override
   public void visitNode(Tree tree) {
     if (anyMatch(tree)) {
-      var dbg = QuickFixHelper.contentForTree(tree, context);
-
       Optional<ExpressionTree> sqlStringArg = arguments(tree)
         .filter(arg -> arg.symbolType().is(JAVA_LANG_STRING))
         .findFirst();
@@ -208,21 +206,21 @@ private static boolean isDynamicPlusAssignment(ExpressionTree arg) {
     return arg.is(Tree.Kind.PLUS_ASSIGNMENT) && !((AssignmentExpressionTree) arg).expression().asConstant().isPresent();
   }
 
-  private boolean isDynamicString(ExpressionTree arg) {
+  private static boolean isDynamicString(ExpressionTree arg) {
     return isDynamicConcatenation(arg) || isDynamicFormatting(arg);
   }
 
   private static boolean isDynamicConcatenation(ExpressionTree arg) {
     return arg.is(Tree.Kind.PLUS) && !arg.asConstant().isPresent();
   }
 
-  private boolean isDynamicFormatting(Tree tree) {
+  private static boolean isDynamicFormatting(Tree tree) {
     return tree instanceof MethodInvocationTree mit
       && FORMAT_METHODS.matches(mit)
       && hasDynamicStringParameters(mit);
   }
 
-  private boolean hasDynamicStringParameters(MethodInvocationTree mit) {
+  private static boolean hasDynamicStringParameters(MethodInvocationTree mit) {
     for (ExpressionTree arg: mit.arguments()) {
       if (arg.symbolType().is(JAVA_LANG_STRING) && arg.asConstant().isEmpty()) {
         return true;
