A solution for NullPointerException

Michael · August 17, 2023, 2:46pm

I’m the very same SonarSourcer from 5 years ago.
Unfortunately, I’m also going to give you the very same answer, 5 years after.

In short, no, it’s not going to be simple to write an alternative to the rule or fix it.

As of today, I would still discourage you to write your own custom rules to try to have better results than our implementation of java:S2259. However, if you want to give it a try, our public API is now much more reliable than before and should provide you at least the basic block to start working on such a category of problems, aka, a Control Flow Graph. The engine needed to understand the state of a program will however still need to be implemented completely on your end.
Assuming you still face issues with some methods not being properly understood by our engine, another approach could be the following:
1. Fork our open source Sonar Java analyzer.
2. Add your own “method behaviors” to describe how your project methods are supposed to be understood, in json format, in the adequate package (java-symbolic-execution/src/main/resources/org/sonar/java/se/xproc/). It will be on your side to infer the logic here, as it is currently not documented. Having a look at other .json files from this directory might help you.
3. Make sure the new hardcoded behaviors are loaded by the engine (see the BehavioCache)
4. repackage the plugin and deploy it on your local SonarQube instance.
Note that we do not plan to allow such kind of configuration for our users in our official release, since we did not formalize the format or thought about how to integrate external configuration.
Finally, a new engine is currently being developed at Sonar, and it should be much more powerful than SonarJava’s open-source Symbolic Execution engine. We are still testing it, but it will most probably replace this engine and the rules, in the upcoming future (no ETA yet). Some rules are already available for commercial versions of SonarQube, and on SonarCloud. More rules will be deployed under the SonarQube 10.x serie.

Hope this answers your question,
Michael

Topic		Replies	Views
SonarQube executes correct custom rule test class error Writing rules java , sonarqube	6	27	January 8, 2025
S2259: Null pointers should not be dereferenced Report False-positive / False-negative... java	9	5422	February 28, 2020
How to customize Java null pointer rules? I don't understand some of the rules SonarQube Server / Community Build java , sonarqube	1	17	January 2, 2025
False positive: NullPointerException could be thrown when using springframework util Report False-positive / False-negative... java	2	197	March 6, 2024
Can you tell me the scenario for null pointer Report False-positive / False-negative... java , sonarqube-ide	3	622	May 25, 2022

A solution for NullPointerException

Related topics