Java - Incorrect detection of a Quality Risk displayed in the dashboard
Case 1: The QR displayed on the dashboard refers to an incorrect line number within the code
Generally speaking, in the Sealights dashboard - the method signature will always be denoted along with the line in which it is declared.
With that being said, this location is detected according to where the method body (the actual code) begins.
In those cases where the method body begins a few lines beneath the signature, the Quality Risk line number detected within the dashboard QR view will not match the actual location of the method in the code viewer.
Case 2: The QR displayed on the dashboard appears on a method that wasn’t changed
In this case, it could also be that the method on which a QR was detected, invokes another class which was changed.
In order to verify the changes, follow these steps:
Requirements:
A machine with JDK (not JRE)
Both versions of the class files in which the risk was detected (before detection/after detection)
For the sake of this example, we’ll refer to the class file in question as Foo.java.
Steps:
On the earlier version of Foo.java , run the following command:
javap -p -v Foo.class > before.txt
On the later version of Foo.java , run the following command:
javap -p -v Foo.class > after.txt
Compare the files to understand the changes in the bytecode.
Since Sealights operates within the Java bytecode, this will be the indicator as to what actually changed with the class files in question.
In case any further information is needed, or additional assistance is required with understanding the results - contact Sealights support.