False positive for java:S2259

Alain_Picard · April 21, 2022, 12:28pm

Please provide

Operating system: Windows 10
IDE name and flavor/env: Eclipse 4.23
SonarLint plugin version: 7.4.0.46482
Is connected mode used: No
- Connected to SonarCloud or SonarQube (and which version):

And a thorough description of the problem / question:
Error reported:

	public static String quoteIfSpaces(final String str) {
		if (indexOf(str, ' ') != -1) {
			return quoted(str, '"');  //<-- error here
		}
		return str;
	}

	public static int indexOf(final String inStr, final char del) {
		if (inStr != null) {
			return inStr.indexOf(del);
		}
		return -1;
	}

and the reported info:
sonar npe fp

It can easily be seen that if null is passed as str, indexOf will return -1, in which case quoted will never be called.

Michael · July 8, 2022, 3:02pm

Hello @Alain_Picard ,

Sorry for the (very) late reply. First, thanks a lot for the very precise reproducer and all the details, it really helps. This is indeed a FP, due to the fact that the advanced Java engine used for this rule (contrarily to the C/C++ engine) very poorly track integer constraints.

There is a ticket already existing that cover this case: SONARJAVA-4258.

Note that the fix is not at all trivial, as it requires rethinking some parts of the engine. It is not yet on our roadmap.

Cheers,
Michael

system · July 15, 2022, 3:03pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.