FP after all Spring 5 org.springframework.util.Assert validation methods

org.springframework.util.json is missing rules for all methods introduced with Spring 5, mainly the ones with string supplier.

Here’s the list of methods:

  • org.springframework.util.Assert#notNull(java.lang.Object, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#hasLength(java.lang.String, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#hasText(java.lang.String, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#notEmpty(java.lang.Object[], java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#notEmpty(java.util.Collection<?>, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#notEmpty(java.util.Map<?,?>, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#isInstanceOf(java.lang.Class<?>, java.lang.Object, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#isAssignable(java.lang.Class<?>, java.lang.Class<?>, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#isNull(java.lang.Object, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#isTrue(boolean, java.util.function.Supplier<java.lang.String>)
  • org.springframework.util.Assert#state(boolean, java.util.function.Supplier<java.lang.String>)

Hey there.

Thanks for the report! And noted here:

Can you please let us know what products/versions you’re using, and what rule(s) are affected?


I’m using Enterprise Edition / Version 8.9.9 (build 56886) but I would expect all versions are affected since as I mentioned earlier master branch (sonar-java/org.springframework.util.json at master · SonarSource/sonar-java · GitHub) is missing the definitions.

Here’s a simple example:

This works fine

int test(@Nullable String tmp) {
    org.springframework.util.Assert.notNull(tmp, "test");
    return tmp.length();

however this one reports java:S2259

int test(@Nullable String tmp) {
    org.springframework.util.Assert.notNull(tmp, () -> "test");
    return tmp.length();

Hello there, thank you very much for the feedback, indeed the analyzer seems to be taking a safe approach when evaluating the notNull invocation with a supplier passed in that way, and so it does not apply a not-null-check on the tmp variable.

I noticed that storing the supplier in a variable, and passing the variable as the second parameter of the notNull does not raise an issue. So that can maybe be a temporary fix, but we will investigate further as soon as we can.

Here you can find the ticket with the temporary fix example.


Quick update, the temporary solution I suggested doesn’t work, we had a look at the file you mentioned and indeed the signatures for all the new Springboot 5 methods are not there. We updated the ticket to be aware of this, and we will tackle it as soon as possible!
Thank you again for the precious feedback!