SonarQube version: Version 8.4.2 (build 36762)
Using java.Util.Properties SonarQube does not mark the following Codesegment:
"true".equals(properties.getProperty(EXAMPLE).trim())
If there is no Property “EXAMPLE” in the property file this statement throws a NullpointerException.
I hope i put this in the correct category even though its more of a not found instead of a false positive.
regards Kai
Hello @KaiR,
It’s true that this code can throw a NPE, and that we are not raising an issue for it.
In fact, the problem is not to detect when a NPE can be thrown, but to detect when it can not. We do not want to raise an issue if the user made sure this property was present before, the same way we do not when you dereference a variable after a null check.
And it is exactly the difficulty: knowing if a check was made to make sure the property exists is not easy from a static analysis point of view, as there are many ways to check this. We tried in the past and did not reach a state where the rule would not raise too many false positive.
We have ideas to improve this rule thanks to the new features that are added little by little, but it is still in an early stage, I’m afraid we are not going to support such cases in the near future.
Hope it clarifies the situation.