Java Assert falsely reports NPE

iamlbk · January 5, 2021, 9:16am

In order to facilitate unified handling of exceptions, we write a RpcException and Assert utils. but sometimes NPE will be prompted

code:

public Response test(@RequestBody UserVO userVO) {
    HAssert.isTrue(userVO != null && userVO.getId() != null, new ErrorInfo(1000, "argument error"));

    // There will be no NPE prompt if com.google.common.base.Preconditions is used
    // but Preconditions can't carry error code
    // Preconditions.checkArgument(userVO != null && userVO.getId() != null, "argument error");

    // SonarLint: A "NullPointerException" could be thrown; "userVO" is nullable here.
    String name = userVO.getName();
}

HAssert:

public static <T> void isTrue(boolean expression, ErrorInfo errorInfo) {
    if (!expression) {
        throw new RpcClientException(errorInfo);
    }
}

sonarqube version: 8.3.1 (build 34397)
sonarlint version: sonarlint intellij 4.13.0.24781

Thanks

alban.auzeill · May 6, 2021, 2:09pm

Hi LBK,

When the HAssert#isTrue method definition and HAssert.isTrue(...) method invocation are not in the same java file, the above false-positive is a limitation of our symbolic execution engine that does not know the method behavior of methods from other files (except well-known method behaviors).
When the isTrue method definition and method invocation are in the same file, the above false-positive is a bug, so I created this ticket SONARJAVA-3834.

Thanks for your feedback.

Alban