Nullpointer on SonarJava in version >= 5.9

Hello,

SonarJava fails with a Nullpointer after trying to analyze the next class:

public class SomeClass {

    private SomeClass() {
        throw new IllegalAccessError("Utility class");
    }

    @Nonnull
    public static <T> OtherClass<Optional<T>> doSomething() {
        return (oldValue, newValue) -> newValue.isPresent() ? newValue : oldValue;
    }
}

OtherClass is:

public interface OtherClass<T> {
    T combine(T oldValue, T newValue);
}

We get a Nullpointer when we try to run Sonar Analysis using Maven

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project some-project: SonarQube is unable to analyze file : '/path/SomeClass.java': NullPointerException -> [Help 1]

Sonar Version: 6.7.5

Plugin Version: 3.5.0

We reproduced the error with SonarJava plugin on version 5.9 and 5.9.1

It doesn’t happen with SonarJava 5.8.0, so we downgraded the plugin to that version.

Thank you

Hello,

Thanks for the feedback. Unfortunately, your reproducer does not compile. Can you fix it?

In particular, SomeClass is not parameterized in the class declaration (and does not extends/implements anything), while its obviously a parameterized class, looking at doSomething() method signature.

Thanks in advance,
Michael


Sorry, forgot to add something:
  • Could you also provide the full log of the analysis (maybe in debug mode), so we will be able to see which rule/component raise the NPE?
  • The Nonnull annotation which you use is also not defined, please provide the fully qualified name.

Hello,

You’re right. I updated the previous post with something that should compile in JDK 8

Best regards

1 Like

Thanks for the update.

Unfortunately, I have not been able to reproduce it on my side. Note that I assumed the annotation to be @javax.annotation.Nonnull. On my machine, your example compiles, and passes the analysis without failing, with absolutely all the rules from SonarJava enabled (version 5.9.1.16423).

Could you share the logs of your analysis? It would help to know the full stacktrace associated to the NPE. You may want to run your analysis with debug mode.

Hello @Ruben_Ruiz,

Sorry, I forgot to answer you earlier. Thanks to your edit, I reproduced the issue. This is the same case as the following:

So the conclusion is going to be the same: This is a bug in rule S4738, which will be handled by SONARJAVA-2967.

If you need a workaround, you can temporarily disable rule squid:S4738, or exclude the file which is causing the analysis to fail.

Regards,
Michael

Hello @Michael,

We have excluded the file until the issue is fixed.

Thank you very much for your answer and your efforts in reproducing the issue.