java:S2447 and Spotbugs vs. jsr305 annotations

Hi,

it seems nowadays people are moving away from jsr305 annotations to other ones (see, for example, https://github.com/google/guava/issues/2960), for example the spotbugs or checker framework annotations. I tried to replace javax.annotation.CheckForNull with edu.umd.cs.findbugs.annotations.CheckForNull, but this triggers java:S2447, which wasn’t there before.

Poking at the code, I found https://github.com/SonarSource/sonar-java/blob/master/java-frontend/src/main/java/org/sonar/java/se/NullableAnnotationUtils.java#L55, which seems to be missing that particular class. Oh, and S2447 isn’t using that helper class at all:

Regards, Tobias

PS: Other places I found with a cursory grep:

• https://github.com/SonarSource/sonar-java/blob/master/java-checks/src/main/java/org/sonar/java/checks/PrimitivesMarkedNullableCheck.java#L55
• https://github.com/SonarSource/sonar-java/blob/master/java-checks/src/main/java/org/sonar/java/checks/ReturnEmptyArrayNotNullCheck.java#L182

Hello @TobiX,

I agree that it would make sense to use the helper everywhere, to be sure we consistently support the same set of annotations across the differents rules.

Ticket created: SONARJAVA-3536.

Thanks for the feedback.
Quentin

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.