Should we ignore public fields with annotations?
I think that way we will be sure to not generate any false positives.
A field with some annotation becomes a kind of API.
I'm thinking about the way SonarQube passes parameters to rules.
It's done using the @RuleProperty annotation currently.
It works, whether your field is public or not. It can even be private, it will still work.
Now, say you write a setter method for it, and make the field private.
Intuitively, it looks like the only way to set the field is via the setter, and that its logic cannot be bypassed.
But because of the annotation, SonarQube can find the field and set it via reflection, which is misleading.
In such a case, I'd rather keep the field public, because it clearly is part of the API.
That's why we probably need to exclude public fields with annotations.