False positive on C# - Null pointers should not be dereferenced

Rules and Languages Report False-positive / False-negative...
1
  • SonarQube 7.9.1, SonarC# 7.16

It says that userEntity is null on at least one execution path

var userEntity = _usersDao.GetUsers(new List<string> { user.Email });
foreach (var storeCode in user.StoreCodes)
{
	var storeId = _userStoreDao.GetStoreId(storeCode);
	if (storeId > 0 && userEntity != null && userEntity.Count > 0)
	{
		_userStoreDao.InsertUserStore(userEntity.FirstOrDefault().IdUser, storeId);
		continue;
	}
	_userStoreDao.InsertPendingUserStore(ProjectId, user.Email, storeCode);
}
2

hi @Jose and welcome to the forum!

I cannot seem to repro your issue - on what line is it raising a problem?

What MSBuild version are you using?

3

Hello Andrei,

Versions used:
SonarScanner for MSBuild 4.7.1

MSBuild 15.9

Please find attached the screenshot of the issue.

image
image.png799×264 15.4 KB

4

thanks! Could you please let me know what’s the type of userEntity?

5

Yeah, the type is: IList<UserEntity>

public class UserEntity
{
    [Column(DatabaseStructure.FieldUserIdUser)]
    public int IdUser { get; set; }

    [Column(DatabaseStructure.FieldUserCsIdUser)]
    public string CsIdUser { get; set; }

    [Column(DatabaseStructure.FieldUserIdRole)]
    public int IdRole { get; set; }
}
7

Hi @Jose

I’ve also tried to reproduce the problem with the following snippet but without any luck

using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema;
using System.Linq;

namespace Test
{
    public class S2259
    {
        public void Test(IUserStoreDao _userStoreDao)
        {
            var userEntity = GetUsers();
            foreach (var storeCode in new List<string> { "" })
            {
                var storeId = _userStoreDao.GetStoreId(storeCode);
                
                if (storeId > 0 && userEntity != null && userEntity.Count > 0)
                {
                    _userStoreDao.InsertUserStore(userEntity.FirstOrDefault().IdUser, storeId);
                    continue;
                }

                _userStoreDao.InsertPendingUserStore(1, "email", storeCode);
            }
        }

        private List<UserEntity> GetUsers() => new List<UserEntity>();
    }

    public interface IUserStoreDao
    {
        int GetStoreId(string code);

        void InsertUserStore(int userId, int storeId);

        void InsertPendingUserStore(int id, string email, string storeCode);
    }

    public class UserEntity
    {
        [Column("FieldUserIdUser")]
        public int IdUser { get; set; }

        [Column("FieldUserCsIdUser")]
        public string CsIdUser { get; set; }

        [Column("FieldUserIdRole")]
        public int IdRole { get; set; }
    }
}

Do you think it’s possible to create a small test project which reproduces the false positive and attach it to this thread?

Thank you,
Costin

1 Like
8

Hello Andrei,

I tried to make an small project with the same code, but in that project the issue is not raising. Any suggestions?

Thanks!

9

I am afraid that if you cannot have a reproducer, it is hard to make a suggestion or to act upon feedback.