java:S5411 after constructor call

Topic [Java:S5411] Boxed booleans are ok to be used, if null-checked before discussed relaxing rule java:S5411 (which basically says don’t use a Boolean like a regular boolean because the former COULD be null) when the use is preceded by an explicit null check. The thread referenced a Jira ticket.

  1. Was the fix finished and released? (Sorry, I’m not too good with Jira. It says a “very simple fix was implemented” but the latest log entry just says “peach verified” so don’t know if that means released.)
  2. Was an exception also made for the case when the Boolean is used right after being constructed, since a Java constructor can never return null? (In that case, putting in a null check to avoid the smell might then get you dinged for java:S2583, which is a blocker bug – sort of “out of the frying pan and into the blast furnace…”)
  3. The Jira ticket discusses the difficulty of checking beyond the simple case of having a null check immediately before. Couldn’t you have this rule’s code link with the code for S2259 that looks for NPE’s? Also the code for the aforementioned S2583 since some of our violations of that rule occur because of a null check following a constructor call, so the implementation of the rule does seem to understand that constructors can’t return null.

Hi,

Are you still on SonarQube 8.6? The resolution date on the Jira ticket is 5 March 2021, which puts it in either 8.8 or 8.9. [Insert obligatory advice to upgrade here.]

 
Ann

Well, it’d be nice if the Jira ticket had a note like “included in release x.y” (sorry if it’s there and I missed it).

And yeah, we’re evaluating a bunch of SW upgrades and I’m hoping to work SQ in there somewhere…

Hi,

Yeah, I agree completely. Unfortunately, it’s not something I’ve been able to get enough others to agree on. Barring that, you’ll just have to fall back on the date-based sleuthing I demonstrated above.

 
:woman_shrugging:
Ann

So basically once something is marked as being fixed, we can assume it gets released fairly quickly?

BTW, can I assume the entry at SonarSource Code Analyzers Rules Explorer is current? Because the rule description doesn’t mention the null-check exception. So it seems the description is now out of date.

Hi,

“Fairly quickly” is a relative term. You should be able to assume that it goes out in the next release. Depending on the dates, that could be 2mo for SonarQube tho. :smiley:. (And, exceptionally, if the date on an analyzer is right at the cusp of a SonarQube release, it may be that it waits until the next release, although - as I said - that’s an exceptional case.)

Yes, and it may be more current than the latest SonarQube release. I won’t swear to the exact timing, but you should expect to see the rules site updated when changes appear on SonarCloud, which can happen within a few days of the analysis engine release. The practical result is that the rules site is often ahead of SonarQube in parts.

 
HTH,
Ann

Yeah, by “fairly quickly” I meant “… in one or two releases” – anyway I made another post about the description: java:S5411 description out of date

1 Like