java:S2583 should not apply for lombok `@NonNull` annotation

Clean Code Report False-positive / False-negative...
1

Make sure to read this post before raising a thread here:

Then tell us:

  • What language is this for?
    java
  • Which rule?
    java:S2583
  • Why do you believe it’s a false-positive/false-negative?
    lombok @NonNull only checks that the varargs array is not null. It doesn’t check that individual elements are not null.
  • Are you using
    • SonarCloud? yes
    • SonarQube - which version?
    • SonarLint - which IDE/version?
      • in connected mode with SonarQube or SonarCloud?
  • How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)

This code uses lombok @NonNull and I do not think the rule applies here. The test shows that lombok does not check for null values in the varargs.

public class NullVarargsTest {
  public final String method(@NonNull String... params) {
    var builder = new StringBuilder();
    for(var p : params) {
      if(p == null) {
        throw new NullPointerException("element was null");
      }
      builder.append(p);
    }
    return builder.toString();
  }

  @Test
  void nullParams() {
    assertThatThrownBy(() -> method("hello", null))
        .isInstanceOf(NullPointerException.class)
        .hasMessage("element was null");
  }
}
4

Hi John,
I tried to reproduce and I found a bug in our analyzer not only related to @lombok.NonNull, but to several non-null annotations used with a for-each loop having a var variable. I created this [SONARJAVA-4430] - Jira ticket.
Thanks for your feedback,
Alban

1 Like