#C - Incorrect raising of: Change this condition so that it does not always evaluate to false

I have the following piece of code:

public static bool NullOrEmpty(this JToken token)
{
    return token == null
        || token.Type == JTokenType.Null
        || token.Type == JTokenType.Undefined
        || (token.Type == JTokenType.String && string.IsNullOrEmpty((string)token));
}

Where SonarCube complains:

Change this condition so that it does not always evaluate to ‘false’.
If a boolean expression doesn’t change the evaluation of the condition, then it is entirely unnecessary, and can be removed. If it is gratuitous because it does not match the programmer’s intent, then it’s a bug and the expression should be fixed.

It marks the string.IsNullOrEmpty((string)token) part with a red squiggly line, so I am assuming it’s here it complains mainly.

Testcases:

 NullOrEmpty(true) == false
 NullOrEmpty("True") == false
 NullOrEmpty(null) == true
 NullOrEmpty("") == true

Remove the isNullOrEmpty check:

 NullOrEmpty(true) == false
 NullOrEmpty("True") == true //Change
 NullOrEmpty(null) == true
 NullOrEmpty("") == true

Either I am not understanding fully what Sonar sees as redundant, or this is a bug. My only guess is that it’s the cast from JToken to string that makes it confused, while this is something we often do in C# for this kind of data.

What version of SonarCsharp are you using? What version of SonarQube are you using?

I’ve tried to reproduce with the latest version of our analyzer and I could not. Probably this got fixed in the 7.16 version when we fixed lots of false positives

Could you update

  • SonarLint for Visual Studio to 4.13.0.11687
  • SonarCSharp plugin to 8.0.0.9566

and let me know if the issue still appears

thanks

I am using the latest one that I can find here:
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/

Specifically the .NET 4.6+ one which downloads a: sonar-scanner-msbuild-4.7.1.2311-net46.zip

So I am unsure how to proceed with your input?

You are talking about the Sonar Scanner for MSBuild, which only orchestrates the analysis

The scanner downloads the plugin (which is used to analyze the code) from your SonarQube instance. You can check the latest version for the C# plugin https://docs.sonarqube.org/latest/analysis/languages/csharp/ - you will need to update it on your SonarQube instance