A "NullPointerException" could be thrown; "ofNullable()" can return null

reda-alaoui · February 10, 2025, 1:41pm

This is a bug report.

Versions

SonarQube Server: v24.12.0.100206
Scanner: 4.0.0.4121

How is SonarQube deployed

zip

Checked code

import java.util.Optional;
import org.jspecify.annotations.Nullable;

public record Foo(@Nullable String attribute) {

  @Nullable
  public String bar() {
    return Optional.ofNullable(attribute).filter("bar"::equals).orElse(null);
  }
}

Observed behaviour

Sonar raises a java:S2259 violation. The given explanation is A "NullPointerException" could be thrown; "ofNullable()" can return null.

Expected behaviour

Sonar should not raises a java:S2259 violation because Optional#ofNullable can’t return null.

rfcom · February 24, 2025, 12:09pm

The same applies to java.util.Objects.requireNonNullElse

reda-alaoui · February 28, 2025, 4:43pm

Seems like the issue happens with any strong nullable notation (sonar-java/java-frontend/src/main/java/org/sonar/java/model/JSymbolMetadataNullabilityHelper.java at 322b122ea3f0c210ae2d7bbb1434e3005ac3b594 · SonarSource/sonar-java · GitHub) having @Target TYPE_USE:

org.jspecify.annotations.Nullable
org.eclipse.jdt.annotation.Nullable

reda-alaoui · February 28, 2025, 5:23pm

FTR, I created A “NullPointerException” could be thrown; “ofNullable()” can return null by reda-alaoui · Pull Request #5046 · SonarSource/sonar-java · GitHub which contains a test case + a fix breaking a less important rule.

romain.brenguier · March 17, 2025, 8:27am

Thanks for the bug report and the PR with the minimal example. The underlying issue seems to the same as reported here: FP java:S2259 Optional.map(). We are aware of the issue and took note of your example. Thanks again for sharing.

Cheers,

Romain

winne42 · October 10, 2025, 5:57am

This false positive starts to become a daily issue for me and the bye far most annoying thing about SonarQube. If you are working with a library that uses JSpecify, you will constantly mark Sonar issues “false positive”, leading to cry-wolf syndrome. Is there any timeline when this will be fixed?

Joko · October 17, 2025, 7:55am

We’ve been facing the same problem and had hoped that waiting would bring a solution. Since that hasn’t been the case so far, we’d really appreciate it if this issue could be picked up soon. It’s starting to become a recurring frustration for us in our daily work as well and would be great to see some movement on it.

Topic		Replies	Views
False Positive on `optional.orElse(null)` Report False-positive / False-negative... java , sonarqube , false-positive	17	3635	March 25, 2025
FP java:S2259 Optional.map() Report False-positive / False-negative... java , sonarqube	10	340	November 14, 2025
FP java:S2259 Optional and Nullability Report False-positive / False-negative... java , false-positive , bump	1	29	November 10, 2025
NPE on S4276: Optinal.ofNullable() causes analysis to fail SonarQube Server / Community Build java	5	1225	December 6, 2018
False positive about potential null access SonarQube Server / Community Build java , sonarqube-ide	1	34	November 20, 2024