SonarQube server v10.8 (100206) does not seem to understand the @Contract annotation. SonarQube for IDE 10.14.1.80220 does not report this issue however.
@org.springframework.lang.Nullable
@org.jetbrains.annotations.Contract("null -> null; !null -> !null")
String example(@org.springframework.lang.Nullable String a) {
return a;
}
@org.springframework.lang.NonNull
String falsePositive() {
return example("@NonNull values should not be set to null. java:S2637");
}
Thank you for bringing this to our attention. Indeed, we currently do not support Contract annotations, and I was not aware of their existence. I have created a ticket to address this, and we will consider it during the next time we work on the symbolic executions engine.
S2637 is one of our symbolic execution rules, which analyze the various paths your code can take to identify complex bugs. While these rules are powerful, they can be time-consuming to execute. Therefore, we limit their runtime and report only the issues found within that timeframe. Additionally, we run them for less time in the plugin to provide quicker feedback. This could explain why the plugin might not report an issue that the server does.