SonarCloud gives false positive warnings for Java code

Hi,

We think that SonarCloud is giving false positive warnings that have already been fixed in e.g. SonarJava a long time ago.

We are using javax.validation.constraints.NotNull annotation on a property of a class. This class can be instantiated without setting a value for the property with this annotation and doing so is valid usage.
When our code checks if the value is null, we get a warning from SonarCloud that the condition is always false, which is not correct.

Jira ticket to SonarJava project, with the code example that demonstrates the problem:
[SONARJAVA-3157] - Jira (see also: S2637 javax.validation.constraints.NotNull False Positives)

We are wondering if SonarCloud is using an older version of SonarJava, or is it using some other technology where this is not yet fixed, and is there a proper fix in plan?

Hi,

Welcome to the community and thanks for this report!

Could you provide a code snippet or reproducer for the issue, please?

 
Thx,
Ann

Hi,

thank you for your support - we have realised that Sonar is not the problem - but the Lombok library that we use.

Unfortunately, when using @ Data annotation from Lombok on a class level, it generates getters and setters from the properties, and automatically inherits the @ NotNull annotation that was set on the property - and this is in this situation wrong.

In this case, sonar will complain if we compare this value to null - and it is good that it complains, because this is what is written in generated code.

Similar example is described in [BUG] Lombok incorrectly inherits constraints on setter · Issue #3180 · projectlombok/lombok · GitHub.

I guess this issue can be closed from our side.
Thank you for your time

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.