Skip to content

SONARJAVA-6330: Implement S8692 - The system clock should not be used in tests#5611

Open
aurelien-coet-sonarsource wants to merge 3 commits intomasterfrom
ac/SONARJAVA-6330
Open

SONARJAVA-6330: Implement S8692 - The system clock should not be used in tests#5611
aurelien-coet-sonarsource wants to merge 3 commits intomasterfrom
ac/SONARJAVA-6330

Conversation

@aurelien-coet-sonarsource
Copy link
Copy Markdown
Contributor

@aurelien-coet-sonarsource aurelien-coet-sonarsource commented May 8, 2026

No description provided.

@aurelien-coet-sonarsource aurelien-coet-sonarsource marked this pull request as ready for review May 8, 2026 13:05
@sonar-review-alpha
Copy link
Copy Markdown
Contributor

sonar-review-alpha Bot commented May 8, 2026
edited
Loading

Summary

This PR implements rule S8692: "The system clock should not be used in unit tests." The implementation adds a static analysis check that detects non-deterministic temporal method calls within test code.

The check flags:

  • .now() methods (Instant, LocalDate, LocalDateTime, etc.) called without parameters or with only a ZoneId
  • System clock factory methods: Clock.systemUTC(), Clock.systemDefaultZone(), Clock.system(ZoneId)

Compliant alternatives like Clock.fixed() and mocked clocks are permitted. The rule is integrated into the Sonar way profile and includes comprehensive documentation explaining why system clocks cause flaky tests and how to fix them.

A baseline update indicates the rule produces 0 false positives and 0 false negatives on the eclipse-jetty corpus.

What reviewers should know

Start with:

  • Rule logic: SystemClockCheck.java (60 lines) — uses MethodMatchers with two groups: temporal .now() methods and Clock system factory methods
  • Test samples: SystemClockCheckSample.java — shows both noncompliant (direct system clock calls) and compliant patterns (fixed clocks, mocks)

Key design decisions:

  • The check detects parametric .now(ZoneId) calls but allows .now(Clock) calls (which support injection)
  • Both temporal types and Clock methods are matched to catch direct calls and service instantiation patterns
  • Rules documentation (S8692.html) includes practical examples for token validation, leap years, and time zone handling

Integration notes:

  • Autoscan baseline created with 0 false positives/negatives
  • Eclipse-jetty corpus has 3 violations in DateCacheTest
  • S3577 baseline affected (+1 false negative), likely an unrelated baseline drift
  • Added to Sonar way profile in the default ruleset
  • Commit message indicates prior review feedback was applied regarding .now(Clock) handling
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

tomasz-tylenda-sonarsource
tomasz-tylenda-sonarsource reviewed May 8, 2026
View reviewed changes
Comment thread java-checks/src/main/java/org/sonar/java/checks/tests/SystemClockCheck.java Outdated

@Override
protected void onMethodInvocationFound(MethodInvocationTree mit) {
reportIssue(mit, "Replace this use of the system clock with a fixed clock.");
Copy link
Copy Markdown
Contributor

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's keep the message generic, so it also covers reading the clock to measure elapsed time..

sonar-review-alpha[bot]

This comment was marked as resolved.

Sign in to view

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next Bot commented May 8, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource left review comments

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@NoemieBenard NoemieBenard Awaiting requested review from NoemieBenard

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aurelien-coet-sonarsource @tomasz-tylenda-sonarsource