Hello @christina
Answer greatly inspired by this other post, with up-to-date information.
Just a few words about the rule now. Rule S2259 is based on a Symbolic Execution (SE) engine. This engine is validating execution paths and checking for non-null values or null-check along the way, exploring all the possibilities. Unfortunately, its actual state also has some limitations, like the one you are hitting here.
As of today, the SE engine is able to explore non-overridable methods (static, for instance), when declared in the same file being analyzed. When exploring such methods, the engine then deduces behaviors regarding null-checking (among other things). The SonarJava SE engine is, however, by default, not configured to explore methods declared in other files (in your case, I suspect that checkNotNull is defined in another file).
In addition to methods declared in the same file, we also support “behavior” of well-known methods. As of today, we support the methods from the classes listed here. For example, the following code is not raising an issue:
if (Objects.nonNull(arg)) {
arg.doSomething(); // No issue here, arg is considered as not null
}
If you are using your own helper method, it is unfortunately not possible to define “custom method behavior” or anything like that. For the time being, I would recommend to mark as False Positive the issue.
Best,
Quentin