S2259 False Positive when null check in a different method in the same class

agabrys · May 13, 2020, 5:31pm

Hello,
I hit a false positive for the Null pointers should not be dereferenced rule:

If the pipeline2 variable is null, then the method ends in the line 17.

Environment:

SonarQube 7.9.2 LTS
Java Code Quality and Security 6.3
SonarScanner for Maven 3.7.0.1746

Steps to reproduce:

checkout https://github.com/agabrys/sonarqube-falsepositives
execute mvn package sonar:sonar
open class biz.gabrys.agabrys.sonarqube.falsepositives.d20200513.S2259

Cheers

Quentin · June 3, 2020, 2:52pm

Hello @agabrys,

I agree that there is something wrong happening there. I managed to write other examples probably related to the same problem and I put everything in a ticket: SONARJAVA-3439.

Note that this check relies on symbolic execution, when something wrong happens there, it is challenging to investigate and understand exactly what is happening (hence the delay in the answer…). The exact explanation is still blurry, but we will probably investigate further when we will work on symbolic execution.

Thanks for reporting this false positive.

system · April 8, 2021, 9:03am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.