False Positive on squid:S2583

Forest_John · March 3, 2020, 1:07pm

Versions used

SonarScanner 4.2.0.1873-macosx
Sonarqube 8.2.0.32929 Docker

Error observed
With the following code block

if (FeatureFlag.DEBUG) {
    MyLogger.d(TAG, "notifyFindContacts : "
        + "users=" + users != null ? Arrays.toString(users.toArray()) : "null"
        + ", buddies" + buddies != null ? Arrays.toString(buddies.toArray()) : "null");
}

This issue’s description says:
Change this condition so that it does not always evaluate to “true”

Implies ‘users’ is not null.

"notifyFindContacts : "
        + "users=" + users

Expression is always true.

"notifyFindContacts : "
                    + "users=" + users != null

However, users is nullable and I guess there is something wrong with Sonarqube while parsing the string “user=”.

oliver · March 3, 2020, 1:48pm

+ has a higher precedence than != or ?: (see Operators). What you are actually testing is

("notifyFindContacts : " + "users=" + users) != null

What you want is probably

"notifyFindContacts : " + "users=" + (users != null ? Arrays.toString(users.toArray()) : "null")

Forest_John · March 3, 2020, 11:58pm

You are right, thank you.

Topic		Replies	Views
Wrong nullness analysis leads to false positive "condition always true/false" (squid:S2583) Report False-positive / False-negative... java , symbolic_execution	2	2160	August 28, 2018
squid:S3655 False Positive on if + && Report False-positive / False-negative... java	3	614	July 22, 2019
Help with S2259 NullPointerException SonarQube Server / Community Build java	5	1286	March 16, 2021
S864 false positive with a single ?: operator Report False-positive / False-negative... java	1	506	June 24, 2019
S1066 - with outer null check Report False-positive / False-negative... java	2	883	March 30, 2020

False Positive on squid:S2583

Related topics