False Negative when using Method Reference with Null Input in S2259

Rules and Languages Report False-positive / False-negative...
,
1

Rule:

S2259 Null pointers should not be dereferenced

Environment:

SonarQube Version: 10.0.0.68432

Description:

When using a method reference and passing a null value, SonarQube should raise an issue for S2259. In the provided code sample, the process method does not check whether the input string is null before applying the method reference String::toUpperCase, which can lead to a NullPointerException.

Here’s the code sample that triggers the false negative:

import java.util.function.UnaryOperator;

public class Test {
    public void process(UnaryOperator<String> func, String input) {
        System.out.println(func.apply(input));    // Noncompliant, FN
    }

    public static void main(String[] args) {
        Test test = new Test();
        test.process(String::toUpperCase, null);
    }
}

SonarQube should report an issue for S2259 in this case.

5

Hello @mohui1999,

Thanks for reporting this issue. I was able to reproduce it. Looks like we’re not taking into account Functional interfaces.

Here you can find a ticket to track this issue:
https://sonarsource.atlassian.net/browse/SONARJAVA-4568

Regards,
Margarita

1 Like