How to avoid SonarLint' s False-Positive when assert-style null point check?

Clean Code Report False-positive / False-negative...
1

I have a BusinessException class below:

@Getter
public class BusinessException extends RuntimeException {

    private final Integer code;

    private final String msg;

    public BusinessException(Integer code, String msg) {
        super(msg);
        this.code = code;
        this.msg = msg;
    }

    /**
     * assert-style check
     */
    public static void failBuild(boolean isError, Integer errorCode, String message) {
        if (isError) {
            throw new BusinessException(errorCode, message);
        }
    }


    @Override
    public String toString() {
        return String.format("BizErrorCodeException:[code=%s,msg=%s]", code, msg);
    }
}

and I invoke BusinessException#failBuild like this in the other class:

@Getter
public class MyService {

    public void test(Order dto) {
        BusinessException.failBuild(Objects.isNull(dto), ErrorCodeEnum.PARAM_FAIL);
        //SonarLint' s FP here: dto is nullable here
        log.info("orderId: {}", dto.getId())
    }

}

There are two java source code files: BusinessException.java and MyService.java

My software information:

  • IDEA 2021.3
  • SonarLint 6.3.1.40948

I found some discuss in the community or stackoverflow, I know the symbolic execution engine. I want to know how to avoid this FP? Is there some jsr305’s annotations I can used?

3

Hey @cncsl ,

Thanks for reporting this.

Unfortunately, this is a well-known case revealing the limited capacities of our Java symbolic execution (SE) engine. This is indeed an FP, and you cannot do much about it except closing the issue as an FP.

The Java SE engine only supports similar cases when the method is declared in the file being analyzed, but since it is not cross-file, it will continue to fail in all these cases.

I added a comment to the following ticket to track your similar use case: [SONARJAVA-4026] FP in S2637 with user defined preconditions - SonarSource

There is no commitment on our side to fix this bug in particular, but be sure that we are working on a new cross-file engine that should be, ultimately, able to support these cases well! Be sure that we will communicate about it as soon as we have something production ready.

Cheers,
Michael