General issue : false negative during evaluation of UseBraces

[MarkusTiede]

We're currently evaluation the usage of cQL - see baloise/open-source#245

Description of the issue

While doing that (on this very basic repository: https://github.com/arburk/fishbone) we've noticed an (IMHO) false negative. Within the basic situation of provoking such a situation like in your UnitTests : "https://github.com/github/codeql/blob/main/java/ql/test/query-tests/UseBraces/UseBraces.java#L27 - https://github.com/arburk/fishbone/commit/00c935a32bb7a179836b640501584bd48400e97c we couldn't get the cQL Action to fail during our action / build (https://github.com/arburk/fishbone/runs/1309817904)

Could you please help us understanding whether it's an issue / misunderstanding on our side or whether this situation is, though unit test being present for that, currently not correctly being identified?

Thanks a lot for you feedback its very appreciated.

[aschackmull]

This might be due to mixed tabs/spaces - I see that the lines you've added to trigger the alert aren't consistent in their whitespace. Tabs/spaces very rarely makes a difference to queries, so it's not information that we extract, but with this particular query whitespace matters, so inconsistent tabs/spaces usage can confuse the query.

[MarkusTiede]

@aschackmull - thanks for the quick feedback: We've now unified the spaces tabs in the affected lines: https://github.com/arburk/fishbone/commit/aada76fb7ed1736166d3f10d7b61830fb8109405 however the check is still not failing. Or do we need a unified state within the complete class?

[aschackmull]

What you changed looks like it ought to be enough to trigger the query. I'll see if I can find someone who's more familiar with the CI part of things to take a look.

[aschackmull]

We've found the problem:

[2020-10-27 08:18:09] [javac-extractor-2755] [WARN] Skipping Lombok-ed source file: /home/runner/work/fishbone/fishbone/src/main/java/org/arburk/fishbone/domain/Fish.java

[MarkusTiede]

Oh ok - thanks for picking this up: so I guess it's intended behavior when Lombok is being used within a project? Is there already an issue for that describing why and how to enable it in such situations?

[aschackmull]

The problem is that Lombok achieves its magic by hacking compiler internals using reflection, so it's quite hard to support directly. I know that others have had success using delombok as part of the CodeQL build.

[github-actions]

This issue is stale because it has been open 14 days with no activity. Comment or remove the stale label in order to avoid having this issue closed in 7 days.