False Positive: DoNotCallFinalize.ql cannot detect 'finalize()' in the function call chain.

**Version**
2.23.9

**Description of the false positive**

When I use java/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.ql to detect the code as below, it passes normally.
```java
public class NegCase2 {
    @Override
    protected void finalize() throws Throwable {
        // Override of finalize with super.finalize call is allowed.
        super.finalize();
    }
}

```
However, when I put "super.finalize();" into another function for calling, DoNotCallFinalize.ql reported a problem.
```java
public class NegCase2_Var3 {
    // Helper method to encapsulate the call
    private void callSuperFinalize() throws Throwable {
        super.finalize(); // [REPORTED LINE]
    }
    @Override
    protected void finalize() throws Throwable {
        // Delegate to helper
        callSuperFinalize();
    }
}
```
These two code snippets are essentially the same and should both pass the test.




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

False Positive: DoNotCallFinalize.ql cannot detect 'finalize()' in the function call chain. #21394

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

False Positive: DoNotCallFinalize.ql cannot detect 'finalize()' in the function call chain. #21394

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions