The following error is being thrown when sonarQube analysis is done on my java project : "Make sure this file handling is safe here".

The lines of code for which this error is being thrown are :

final String filePath = "<<dummy_file_path>>";

File file = new File(filePath);

I declared the variable name containing filePath as final so that it cannot be modified. Also, I read the filePath variable value from a property file and avoided hard coding it. But still the same error is being thrown.

I am expecting a fix for the above specified piece of code such that after sonarQube analysis, an error wont be thrown for safe file handling.

Thanks in advance.

1 Answers

Igor Konoplyanko On

This actually is not a bug and doesn't relates to being final or not. It's a security rule from owasp (Open Web Application Security Project) and says that you should not access your file system directly with path as String coming from outside of application.

Now you can ask yourself if you need security rules in your app. E.g. one time run application - then I would disable OWASP rules for your project. Another alternative will be just disable this rule within source code.

Read more about this rule here: