SONARJAVA-5160 S1144 Handle arrays in @MethodSource by tomasz-tylenda-sonarsource · Pull Request #5638 · SonarSource/sonar-java

tomasz-tylenda-sonarsource · 2026-05-28T11:20:54Z

Summary by Gitar

Logic enhancements:
- Updated UnusedPrivateMethodCheck to correctly identify methods referenced as arrays in @MethodSource annotations.
- Added logic to traverse NEW_ARRAY trees within annotation arguments to extract and filter method names.
Test coverage:
- Added UnusedPrivateMethodSampleTest.java to verify false-positive prevention with array-based @MethodSource configurations.
- Included a new test case in UnusedPrivateMethodCheckTest to validate the check against the sample file.

_{This will update automatically on new commits.}

sonarqubecloud · 2026-05-28T11:21:05Z

Agentic Analysis: Early Results

Agentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action.

6 issue(s) found across 1 file(s):

Rule	File	Line	Message
`java:S1144`	`java-checks-test-sources/default/src/test/java/checks/tests/UnusedPrivateMethodSampleTest.java`	20	Remove this unused private "provideDataFQ" method.
`java:S1144`	`java-checks-test-sources/default/src/test/java/checks/tests/UnusedPrivateMethodSampleTest.java`	24	Remove this unused private "provideDataArray1" method.
`java:S1144`	`java-checks-test-sources/default/src/test/java/checks/tests/UnusedPrivateMethodSampleTest.java`	28	Remove this unused private "provideDataArray2" method.
`java:S1144`	`java-checks-test-sources/default/src/test/java/checks/tests/UnusedPrivateMethodSampleTest.java`	32	Remove this unused private "provideDataArray1Value" method.
`java:S1144`	`java-checks-test-sources/default/src/test/java/checks/tests/UnusedPrivateMethodSampleTest.java`	36	Remove this unused private "provideDataArray2Value" method.
`java:S1144`	`java-checks-test-sources/default/src/test/java/checks/tests/UnusedPrivateMethodSampleTest.java`	40	Remove this unused private "notUsed" method.

_{Analyzed by SonarQube Agentic Analysis in 6.3 s}

hashicorp-vault-sonar-prod · 2026-05-28T11:21:10Z

SONARJAVA-5160

rombirli · 2026-05-29T13:29:55Z

+
+    private void removeMethodNames(NewArrayTree newArrayTree) {
+      for (ExpressionTree initializer : newArrayTree.initializers()) {
+        if (initializer.is(Tree.Kind.STRING_LITERAL)) {


The condition should always be true (or the code doesn't compile)

The initializer must be known at compile time, but does not have to be a literal. For example, the following is fine:

private static final String PROVIDE_DATA_ARRAY = "provideDataArray"; @ParameterizedTest @MethodSource(value = {PROVIDE_DATA_ARRAY, PROVIDE_DATA_ARRAY + "2"}) void testAddArray(int num) {}

This is, however, a corner case, and I don't think supporting it is a good use of time.

rombirli

LGTM, minor suggestions

sonarqube-next · 2026-05-29T14:42:08Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
97.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

gitar-bot · 2026-05-29T16:36:00Z

Code Review ✅ Approved 4 resolved / 4 findings

Updates UnusedPrivateMethodCheck to correctly identify array-based @MethodSource references, successfully resolving issues with named array arguments, debug artifacts, and Javadoc errors.

✅ 4 resolved

✅ Quality: Unused method overload: removeMethodName(String)

📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:296-298
The new removeMethodName(String value) method at line 296-298 is never called anywhere in the file. All call sites pass a LiteralTree argument, invoking the removeMethodName(LiteralTree) overload instead. This dead code should be removed or used.

✅ Quality: Javadoc typo: @MethodsSource should be @MethodSource

📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:132 📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:135
The Javadoc comment at line 132 says @MethodsSource (plural) but the actual annotation is @MethodSource. Also the closing tag </> at line 135 should be </li>.

✅ Quality: Debug variables left in production code (lines 117-119)

📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:117-119
Three variables (unusedMethodsStr, filterStr, methodSourceAnnotatedMethodsStr) are declared at lines 117-119 but never used anywhere in the file. These appear to be leftover debugging aids from development. They duplicate work already done (e.g., methodNames at line 110 is effectively the same as unusedMethodsStr) and will confuse future readers.

Since the PR title says "dirty impl", this is likely intentional for now but should be cleaned up before merge.

✅ Bug: Named array arg @MethodSource(value={...}) not handled

📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:313-321 📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:323-327 📄 java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java:314-322
The new array handling at line 313 only matches when the annotation argument itself is a NEW_ARRAY (i.e., the implicit value case: @MethodSource({"a", "b"})). However, when the user writes @MethodSource(value = {"a", "b"}), the argument is an AssignmentExpressionTree whose expression is a NEW_ARRAY. The existing assignment branch at line 323 only handles STRING_LITERAL expressions, so this case falls through unhandled, causing a false positive.

The fix should also handle NEW_ARRAY inside an assignment expression.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

`Auto-apply`	`Compact`
`gitar auto-apply:on`	`gitar display:verbose`

_{Was this helpful? React with 👍 / 👎 | Gitar}

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 11:21 — with GitHub Actions Inactive

gitar-bot Bot reviewed May 28, 2026

View reviewed changes

Comment thread java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java Outdated

gitar-bot Bot reviewed May 28, 2026

View reviewed changes

Comment thread java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java Outdated

gitar-bot Bot reviewed May 28, 2026

View reviewed changes

Comment thread java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java Outdated

gitar-bot Bot reviewed May 28, 2026

View reviewed changes

Comment thread java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java Outdated

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 11:48 — with GitHub Actions Inactive

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 11:49 — with GitHub Actions Inactive

tomasz-tylenda-sonarsource force-pushed the tt/method-source-array branch from 54f2553 to 7ece85f Compare May 28, 2026 11:51

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 11:51 — with GitHub Actions Inactive

tomasz-tylenda-sonarsource marked this pull request as ready for review May 28, 2026 11:57

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 12:55 — with GitHub Actions Inactive

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 13:17 — with GitHub Actions Inactive

tomasz-tylenda-sonarsource force-pushed the tt/method-source-array branch from 2a40bd9 to ec6916d Compare May 28, 2026 13:46

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 13:46 — with GitHub Actions Inactive

Handle array arguments in @MethodSource.

5d1aee6

tomasz-tylenda-sonarsource force-pushed the tt/method-source-array branch from ec6916d to 5d1aee6 Compare May 28, 2026 14:07

tomasz-tylenda-sonarsource temporarily deployed to sca-checking May 28, 2026 14:07 — with GitHub Actions Inactive

tomasz-tylenda-sonarsource requested a review from rombirli May 28, 2026 14:07

rombirli reviewed May 29, 2026

View reviewed changes

Comment thread java-checks/src/main/java/org/sonar/java/checks/unused/UnusedPrivateMethodCheck.java

rombirli approved these changes May 29, 2026

View reviewed changes

Comment on assignment in annotation.

289f27d

tomasz-tylenda-sonarsource deployed to sca-checking May 29, 2026 14:33 — with GitHub Actions Active

tomasz-tylenda-sonarsource merged commit 2439c92 into master May 29, 2026
15 checks passed

tomasz-tylenda-sonarsource deleted the tt/method-source-array branch May 29, 2026 15:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SONARJAVA-5160 S1144 Handle arrays in @MethodSource#5638

SONARJAVA-5160 S1144 Handle arrays in @MethodSource#5638
tomasz-tylenda-sonarsource merged 2 commits into
masterfrom
tt/method-source-array

tomasz-tylenda-sonarsource commented May 28, 2026 •

edited by gitar-bot Bot

Loading

Uh oh!

sonarqubecloud Bot commented May 28, 2026 •

edited

Loading

Uh oh!

hashicorp-vault-sonar-prod Bot commented May 28, 2026 •

edited by atlassian Bot

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

rombirli May 29, 2026

Uh oh!

tomasz-tylenda-sonarsource May 29, 2026

Uh oh!

Uh oh!

rombirli left a comment

Uh oh!

sonarqube-next Bot commented May 29, 2026

Uh oh!

Uh oh!

gitar-bot Bot commented May 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

tomasz-tylenda-sonarsource commented May 28, 2026 • edited by gitar-bot Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by Gitar

Uh oh!

sonarqubecloud Bot commented May 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Agentic Analysis: Early Results

Uh oh!

hashicorp-vault-sonar-prod Bot commented May 28, 2026 • edited by atlassian Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

rombirli May 29, 2026

Choose a reason for hiding this comment

Uh oh!

tomasz-tylenda-sonarsource May 29, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

rombirli left a comment

Choose a reason for hiding this comment

Uh oh!

sonarqube-next Bot commented May 29, 2026

Quality Gate passed

Uh oh!

Uh oh!

gitar-bot Bot commented May 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

tomasz-tylenda-sonarsource commented May 28, 2026 •

edited by gitar-bot Bot

Loading

sonarqubecloud Bot commented May 28, 2026 •

edited

Loading

hashicorp-vault-sonar-prod Bot commented May 28, 2026 •

edited by atlassian Bot

Loading