Hi, So I thought I should clarify few things here :
- So as mentioned here in this comment A solution for NullPointerException - #8 by Michael , and in this file [sonar-java/java-symbolic-execution/java-symbolic-execution-plugin/src/main/resources/org/sonar/java/se/xproc/org.apache.commons.collections.json at master · SonarSource/sonar-java · GitHub], Sonar should be able to track null check when this method is referenced
org.apache.commons.collections4.CollectionUtils#isEmpty, but from my analysis when I write a code like this, sonar is unable to track NPE here -
package org.example;
import org.apache.commons.collections4.CollectionUtils;
import java.util.List;
public class dummy {
public Integer process(List<Integer> a) {
if (CollectionUtils.isEmpty(a)) {
return a.get(0) + a.get(1);
}
return 0;
}
}
Whereas the below code reports an NPE.
package org.example;
import java.util.Collection;
import java.util.List;
public class dummy {
public Integer process(List<Integer> a) {
if (isEmpty(a)) {
return a.get(0) + a.get(1);
}
return 0;
}
public static boolean isEmpty(Collection<?> coll) {
return coll == null || coll.isEmpty();
}
}
The underlying code for
org.apache.commons.collections4.CollectionUtils.isEmpty() = dummy.isEmpty()
My only question is, even though config for this method is explicitly defined in the json file, why is it unable to track NPE ?