False positive about java:S2259

source code:
I think this is false positive
java:S2259 Community Edition version 9.9.1 (build 69595)

Hello @squestc and welcome to the Sonar Community!

Thank you for reporting this issue. Unfortunately, we are aware of many false positives raised by rule S2259 and the list contains already [SONARJAVA-2317] - Jira that mentions the scenario in which isBlank() is used.

The rule S2259 is implemented on top of the Symbolic Execution engine that is not maintained, so mark it as won’t fix and ignore these issues for now. The good news is that a new engine, the Dataflow Bug Detection, is in development and will be soon available.


thanks a lot,respect


We have discovered that version 10.5.1 of SonarQube has been released. Therefore, when will the Dataflow Bug Detection feature be available? Currently, the false positives from the S2259 rule are causing us significant trouble

Hi @squestc,

Thank you for reporting the false positive.

We are considering significant changes around this topic for the next SonarQube LTS, which is expected in the last quarter of this year.

1 Like

Another question, does SonarQube have a rule that can scan the SQL syntax within the @Select annotation for correctness? Looking forward to your response."


This is a new question, and a new question deserves a new thread.

Please include all the details.


1 Like