False Positive on `optional.orElse(null)`

  • Version info:
    Developer Edition, Version 9.4 (build 54424), LGPL v3

  • what are you trying to achieve:

Pass null as an argument to orElse in the Java Optional API: Optional.of(<anything>).map(<anyFunction>).orElse(null)

Example of how to replicate the issue in code:

    Optional.of("anything")
        .map(String::toUpperCase)
        .orElse(null);

This is failing as it’s being marked by SonarQube as a bug, with the message:

Parameter 1 to this call is marked "@NotNull" but null could be passed.

I believe this is incorrect and is a false positive, because the parameter itself is marked nullable in the java optional source code:

    public T orElse(@Nullable @Flow(targetIsContainer = true) T other) {
        return value != null ? value : other;
    }

Hi,

Welcome to the community!

What rule is raising this issue? The id will be something like java:S111. Also, can you upgrade to the latest version, SonarQube 9.8, and see if this is replicable?

 
Ann

I have the same issue using SonarCloud caused by rule java:S2637

1 Like

Hi @mbrown10,

Welcome to the community and thanks for chiming in here.

I’ve flagged this for team attention.

 
Ann

Hello Matt, hello Adam,

Thank you for reporting this issue. Indeed, this looks like a false positive.

Unfortunately, I have not been able to reproduce the issue on SonarCloud or SonarQube based on the first example provided in the initial post. Could you provide a stand-alone compilable reproducer, which triggers this behavior? Optionally, I can open a private channel for you to share such a reproducer if you cannot make it work without including private code.

We currently have this issue as well:

image

java:S2637 is the issue that is reported.

Using SonarQube Developer Edition Version 9.5 (build 56709).

Java’s Optional.ofNullable’s first parameter, however, is annotated with @Nullable.

Thank you @henrykuijpers for confirming the issue.

After digging a bit more, in fact, we have a ticket for this issue. Thank you all for reporting the issue anyway, it helps us assess how prevalent the problem is and how to prioritize fixing it.

1 Like

Do you have any idea how I can get my atlassian account to join the SonarSource JIRA? I see that the linked issue has been there for more than a year already, without a fix. If needed, I can try to work on this, to get this fixed.

Do you have any idea on how to join the SonarSource JIRA with my Atlassian account?
I see that the linked ticket is more than 1 year old, without a fix. It would be nice to work on this.

Hi,

Unfortunately, you won’t be able to interact in our Jira projects. Fortunately, you don’t need to to contribute. Feel free to reference an existing ticket in a PR and if we accept the PR, we’ll handle the Jira admin.

 
:smiley:
Ann

Hi, is there any progress on the issue? And/or are there any pointers on how to fix this? It’s popping up very frequently and making our quality pipelines fail.

I would be willing to submit a PR, however, I have no idea where to start on trying to make a test case to prove the issue and then fixing it.

@ganncamp Any update on this issue? Would love to see this fixed. And I could also help fixing it, if I knew how.

@henrykuijpers if there’s no progress in Jira, then there’s no progress.

 
Ann