Rule S2259 Null pointers should not be dereferenced
S2259 reports an issue for the the following Java code:
package org.example;
import edu.umd.cs.findbugs.annotations.Nullable;
public class S2259BooleanNullability {
boolean test(@Nullable Boolean value) {
return value != null && value;
}
}
It reports ‘A “NullPointerException” could be thrown; “value” is nullable here.’ for the right-hand side of the expression, even though it has been checked before with value != null.
I’ve attached the above source as minimal maven project.
In SonarQube Cloud and current versions of SonarQube Server, that rule has been moved to javabugs:S2259 and its performance improved. Please let us know if you still see this once you upgrade.
I can’t find that rule in SonarQube Community Build 25.11.0.114957.
Is the javabugs rule repository available in the community build server? If not, are there plans to make it available at some time, or will certain fixes/improvements only become available in paid editions?
The javabugs repo doesn’t exist in SonarQube Community Build. We’re not anticipating any further work on the version of the rule that remains in Community Build.
Thank you, but that’s still a bit unclear. Do I understand you correctly, that the Community Build will not receive bug fixes for Java nullness anymore?
I’m not asking about improved performance or additional detected bug patterns here. I can totally understand that paid editions offer more.
I’m asking about correctness and fixes for false positives here. The false positive example in this thread is quite basic code, and I had expected that the Community Build would still receive fixes to correctly analyze such simple code. What are your plans there?
We have stopped working on java:S2259 which is only shipped today in Community Build. It will not receive bug fixes. We have shifted our focus to javabugs:S2259. When there is development time to be spent on nullness, it will be spent on javabugs:S2259.