False Negative when using Method Reference with Null Input in S2259


S2259 Null pointers should not be dereferenced


SonarQube Version:


When using a method reference and passing a null value, SonarQube should raise an issue for S2259. In the provided code sample, the process method does not check whether the input string is null before applying the method reference String::toUpperCase, which can lead to a NullPointerException.

Here’s the code sample that triggers the false negative:

import java.util.function.UnaryOperator;

public class Test {
    public void process(UnaryOperator<String> func, String input) {
        System.out.println(func.apply(input));    // Noncompliant, FN

    public static void main(String[] args) {
        Test test = new Test();
        test.process(String::toUpperCase, null);

SonarQube should report an issue for S2259 in this case.

Hello @mohui1999,

Thanks for reporting this issue. I was able to reproduce it. Looks like we’re not taking into account Functional interfaces.

Here you can find a ticket to track this issue:


1 Like