Visual Studio version: Microsoft Visual Studio Community 2022 (64-bit) - Current Version 17.13.6
SonarQube for Visual Studio plugin version: SonarQube for Visual Studio 2022, v8.17.0.12886
Programming language you’re coding in: C#
Is connected mode used: no
And a thorough description of the problem / question:
A NRE is not detected in the following code:
public class Test
{
public string Prop { get; set; }
}
public static string GetProp(Test t1, Test t2)
{
if (t1 != null)
return t1.Prop;
if (t2 != null)
return t1.Prop;
return string.Empty;
}
static void Main()
{
var prop = GetProp(null, new Test { Prop = "hey" });
Console.WriteLine(prop);
}
Obviously, this is a simplified version of what we encountered, but on a colleague’s PC, with VS 2019, it was detected initially, but then after building again, not any more. Super strange.
Hi Ann,
just checked, I have no updates, but meantime SonarQube probably auto-updated to 8.18.0.13071… I can’t find a 10.xx version, even after uninstalled 8.18, so I reinstalled it.
I can confirm, the issue still reproduces with latest SonarQube I could find.
Cheers,
Marton
Sure, but not sure how will that help? The developers should be able to reproduce with the really short code I provided…
Anyway, attached the log. SonarQube log.txt (28.9 KB)
public class Test
{
public string Prop { get; set; }
// ^^^^ CS8618: Non-nullable property 'Prop' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.
public static string GetProp(Test t1, Test t2)
{
if (t1 != null)
return t1.Prop;
if (t2 != null)
return t1.Prop;
// ^^ CS8602: Dereference of a possibly null reference.
return string.Empty;
}
static void Main()
{
var prop = GetProp(null, new Test { Prop = "hey" });
// ^^^^ CS8625: Cannot convert null literal to non-nullable reference type.
Console.WriteLine(prop);
}
}
If put in your code, I get three C# issues (I’ve nullability enabled), exactly at the places I expect issues to appear. So what issue is raised for you that should not be raised?
I have never seen the first warning you have “CS8618: Non-nullable property ‘Prop’ must contain a non-null value when exiting constructor. Consider declaring the property as nullable.” on a class Did see something like that on structs, IIRC…
We have sooo many classes that don’t initialize all string properties to something not null and nothing.
Maybe you are on a different C#/.Net version? We are still stuck on .Net Framework 4.8 (and max C# version we can have for that).
And I expected to see the second warning you get (“CS8602: Dereference of a possibly null reference.”), but I don’t get it (see attached screenshot).
But what do you see instead? Both with and without nullability enabled, I do not see any Sonar rule being triggered, so which one do you see (what let to this report)?
As I said in my previous reply, I don’t see any detection, but there should be a detection about “Dereference of a possibly null reference”.
So the issue I logged is about the missing null reference warning.
For what it’s worth, in VS2022, with the class in the example I get:
For .NET 9 code
CS8618 on the Prop property (in IDE)
CS8602 on the second return t1.Prop (in IDE)
S2259 on the second return t1.Prop (in IDE and in SonarQube Cloud)
CS8625 on the null argument to GetProp in Main() (in IDE)
For .NET Framework 4.8
S2259 on the second return t1.Prop (in IDE and in SonarQube Cloud)
I would say the target framework makes a big difference in your case…
Please note that, for S2259 to show up in-IDE you need to use SonarQube IDE in connected mode to SonarQube Cloud or SonarQube Server Developer Edition or above.
I’m trying to figure out what filters out the CSXXX issues in .NET 9-targeting projects from being reported in SonarQube Cloud. I’m guessing there’s some Roslyn-Sarif export weirdness at play here.
@denis.troller I do not get S2259 when using SonarAnalyzer.CSharp version 10.10.0.116381 in my project file. The target framework is .NET 9.0. But if I check this rule is not longer shipped that way?! (I also have SonarQube IDE enabled, but I’m not sure how those to work togeter)
As I stated above: “Please note that, for S2259 to show up in-IDE you need to use SonarQube IDE in connected mode to SonarQube Cloud or SonarQube Server Developer Edition or above”.
You can still benefit from them for free when using the SonarQube Cloud Free plan (for public projects) and in-IDE using SonarQube for IDE in connected mode.
Hey Denis, in my case I use SonarQube as standalone extension in Visual Studio (not connected to any Cloud/Server) with .NET Framework 4.8 and I don’t get any warnings at all (see screenshot above).
I do expect seeing at least the S2259 on the second return t1.Prop, but it’s not shown, this being the issue I reported.
S2259 (among others) is only available in SonarQube Cloud, SonarQube Server, and SonarQube for IDE when connected to either SonarQube Cloud or SonarQube Server
Please use connected mode to an eligible edition of SonarQube Server or to a SonarQube Cloud project (any plan will do).
Did see something like that on structs, IIRC…