Skip to content

SONARJAVA-6330: Implement S8692 - The system clock should not be used in tests#5611

Merged
aurelien-coet-sonarsource merged 13 commits into
masterfrom
ac/SONARJAVA-6330
May 21, 2026
Merged

SONARJAVA-6330: Implement S8692 - The system clock should not be used in tests#5611
aurelien-coet-sonarsource merged 13 commits into
masterfrom
ac/SONARJAVA-6330

Conversation

@aurelien-coet-sonarsource

@aurelien-coet-sonarsource aurelien-coet-sonarsource commented May 8, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@aurelien-coet-sonarsource aurelien-coet-sonarsource marked this pull request as ready for review May 8, 2026 13:05
@sonar-review-alpha

sonar-review-alpha Bot commented May 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

This PR implements a new SonarQube rule S8692: "The system clock should not be used in unit tests."

The implementation adds a check that detects non-deterministic code in test files that relies on the system clock. It flags:

  • Java 8+ date/time API calls (Instant.now(), LocalDateTime.now(), etc.) without a fixed clock
  • Explicit system clock factories (Clock.system(), Clock.systemUTC(), Clock.systemDefaultZone())
  • Legacy date/time APIs (System.currentTimeMillis(), new Date(), Calendar.getInstance())

Compliant alternatives include using Clock.fixed(), mocking the clock, or injecting a clock instance. The rule is marked Critical severity and added to the default Sonar Way profile.

What reviewers should know

Core files to review:

  • SystemClockCheck.java: The main rule implementation extending AbstractMethodDetection. Uses MethodMatchers.or() to combine five different matcher groups for various clock-related APIs.
  • SystemClockCheckSample.java: Test file showing both compliant (fixed clock, mocked clock) and non-compliant examples. Clear annotation comments help understand the rule's scope.

Documentation:

  • S8692.html: Detailed explanation of why flaky time-dependent tests are problematic, with clear noncompliant/compliant code examples.
  • S8692.json: Rule metadata (severity, tags, impact mapping).

Test expectations:

  • Ruling test files (commons-beanutils, eclipse-jetty, sonar-server) contain expected violations from real projects. These help verify the rule catches real issues without excessive false positives.
  • Note: S3577's false negatives increased by 1; check the commit message for context on why.

Start here: Review SystemClockCheck.java first—it's compact (~50 lines). Then scan SystemClockCheckSample.java to confirm the rule's detection logic matches the documented behavior.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

@sonarqube-next

sonarqube-next Bot commented May 8, 2026

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

@sonarqubecloud

sonarqubecloud Bot commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

Agentic Analysis: Early Results

Agentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action.

24 issue(s) found across 1 file(s):

Rule File Line Message
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 39 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 39 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 41 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 41 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 48 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 48 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 50 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 50 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 57 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 57 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 59 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 59 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 65 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 65 Move this trailing comment on the previous empty line.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 67 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 73 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 73 Move this trailing comment on the previous empty line.
java:S2148 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 75 Add underscores to this numeric value for readability
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 77 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 77 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 79 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 79 Move this trailing comment on the previous empty line.
java:S125 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 81 This block of commented-out lines of code should be removed.
java:S139 java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java 81 Move this trailing comment on the previous empty line.

Analyzed by SonarQube Agentic Analysis in 5.5 s

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

NoemieBenard
NoemieBenard reviewed May 19, 2026
View reviewed changes
Comment thread sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S8692.json Outdated
sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

tomasz-tylenda-sonarsource
tomasz-tylenda-sonarsource reviewed May 19, 2026
View reviewed changes
Comment thread java-checks-test-sources/default/src/test/java/checks/tests/SystemClockCheckSample.java
Comment thread java-checks/src/main/java/org/sonar/java/checks/tests/SystemClockCheck.java
Comment thread its/ruling/src/test/resources/eclipse-jetty-similar-to-main/java-S8692.json
sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

NoemieBenard
NoemieBenard reviewed May 20, 2026
View reviewed changes

@NoemieBenard NoemieBenard left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should also add the java.util.Calendar getInstance method as you did for new Date()

Comment thread java-checks/src/main/java/org/sonar/java/checks/tests/SystemClockCheck.java
sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]

This comment was marked as outdated.

Sign in to view

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 21, 2026
View reviewed changes

@sonar-review-alpha sonar-review-alpha Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only change since the last review is adding three more expected violations to the commons-beanutils ruling snapshot — a mechanical update with nothing substantive to review. The highlight-range inconsistency flagged in the previous two rounds is still unaddressed.

🗣️ Give feedback

@sonarqube-next

sonarqube-next Bot commented May 21, 2026

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

NoemieBenard
NoemieBenard approved these changes May 21, 2026
View reviewed changes

@NoemieBenard NoemieBenard left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aurelien-coet-sonarsource aurelien-coet-sonarsource merged commit 37af5bf into master May 21, 2026
18 checks passed
@aurelien-coet-sonarsource aurelien-coet-sonarsource deleted the ac/SONARJAVA-6330 branch May 21, 2026 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource left review comments
@NoemieBenard NoemieBenard NoemieBenard approved these changes
+1 more reviewer
@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aurelien-coet-sonarsource @NoemieBenard @tomasz-tylenda-sonarsource