csharpsquid:S2589 false positive

  • Enterprise Edition Version 7.3 (build 15553)

The following is being flagged by csharpsquid:S2589, with a request to “Change this condition so that it does not always evaluate to ‘false’”.

if ((context.User?.Identity.IsAuthenticated ?? false) && await this.options.ShouldProxy(context.Request))

Specifically, the false above is what’s underlined.
This is a false positive. There’s nothing gratuitous about this. It’s a requirement to even compile since null propogating operators in C# (xxx.?yyy) result in a nullable bool, which can’t be directly evaluated in a conditional. Therefore I’m using the null coalescing operator (xxx ?? yyy) to convert it back to a non-nullable bool.
Since it’s only highlighting the word false, it’s almost as if it’s complaining that "the keyword false always evaluates to false", which is worthless. Taken at any scope above the direct keyword, it’s no longer true to say that it “always evaluates to false”.

Possible workaround:


if ((context.User?.Identity.IsAuthenticated ?? false) && ...


if ((context.User?.Identity.IsAuthenticated).GetValurOrDefault() && ...

which in my experience is less common practice, isn’t as concise, and doesn’t read as well.

Hi @Balfa

Could you please update to the latest version of SonarCSharp and try again? We’ve fixed a lot of false positives in 7.16. And the latest released version , 8.3, has lots of goodies inside

You can update the version of a plugin inside the SonarQube Marketplace - see our docs https://docs.sonarqube.org/latest/instance-administration/marketplace/