java:S2583 should not apply for lombok `@NonNull` annotation

Make sure to read this post before raising a thread here:

Then tell us:

  • What language is this for?
  • Which rule?
  • Why do you believe it’s a false-positive/false-negative?
    lombok @NonNull only checks that the varargs array is not null. It doesn’t check that individual elements are not null.
  • Are you using
    • SonarCloud? yes
    • SonarQube - which version?
    • SonarLint - which IDE/version?
      • in connected mode with SonarQube or SonarCloud?
  • How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)

This code uses lombok @NonNull and I do not think the rule applies here. The test shows that lombok does not check for null values in the varargs.

public class NullVarargsTest {
  public final String method(@NonNull String... params) {
    var builder = new StringBuilder();
    for(var p : params) {
      if(p == null) {
        throw new NullPointerException("element was null");
    return builder.toString();

  void nullParams() {
    assertThatThrownBy(() -> method("hello", null))
        .hasMessage("element was null");

Hi John,
I tried to reproduce and I found a bug in our analyzer not only related to @lombok.NonNull, but to several non-null annotations used with a for-each loop having a var variable. I created this [SONARJAVA-4430] - Jira ticket.
Thanks for your feedback,

1 Like