SonarQube fails to detect NullPointerException

ckonca · December 16, 2025, 4:18pm

Hi

SonarQube Community Edition does not detect potential NullPointerException when a method parameter object is dereferenced without prior null validation, even though the code clearly shows the parameter is never checked for null before calling its methods.

Environment:

SonarQube Version: Enterprise Edition - v2025.1.3
Language: Java
Scanner: sonar-maven-plugin:jar:4.0.0.4121

Expected Behavior:
SonarQube should raise a “NullPointerException might be thrown” issue when updateDto.getShippingAddress() is called without validating that updateDto is not null.

Actual Behavior:
No warning or code smell is detected for the potential NullPointerException on lines where updateDto.getShippingAddress() is invoked.

Code Example:
See the sample code above. The method validateOrderUpdate accepts OrderUpdateDto updateDto as a parameter but never validates if it’s null before calling updateDto.getShippingAddress()

public class OrderValidator {

private static final String ORDER_TYPE_STANDARD = "STD";
private static final String ORDER_TYPE_EXPRESS = "EXP";



public static void validateOrderUpdate(Order existingOrder, OrderUpdateDto updateDto, 

                                       String customerId, List<ValidationError> errorList) {

    

    // Null check for existingOrder

    if (existingOrder.getShippingAddress() == null) {

        return;

    }



    // Potential NullPointerException - updateDto is NOT checked for null

    if (!StringUtils.equals(existingOrder.getOrderType(), ORDER_TYPE_EXPRESS) 

        && !StringUtils.equals(existingOrder.getShippingAddress(), updateDto.getShippingAddress())) {

        errorList.add(new ValidationError("ERR105", "Shipping address mismatch"));

        return;

    }



    // Same issue - updateDto.getShippingAddress() called without null check on updateDto

    if (StringUtils.equals(existingOrder.getOrderType(), ORDER_TYPE_EXPRESS)

        && (StringUtils.equals(customerId, existingOrder.getCustomerId()) 

            || StringUtils.equals(customerId, existingOrder.getTransferredToCustomerId()))

        && !StringUtils.equals(existingOrder.getShippingAddress(), updateDto.getShippingAddress())

    ) {

        errorList.add(new ValidationError("ERR105", "Shipping address mismatch for express order"));

    }

}


}

Topic		Replies	Views
Sonarqube does not detect null check by a method and showing possible NullPointerException Report False-positive / False-negative... java , sonarqube	2	5807	August 26, 2020
NullPointerException Issue Not Detected in Analysis SonarQube Server / Community Build java	2	54	December 10, 2024
Sonar Analysis fails with a NullPointerException SonarQube Server / Community Build java , sonarqube , npe	1	377	December 8, 2023
[Java] potential NullPointerException not detected SonarQube Server / Community Build java , sonarqube , sonarqube-ide	3	442	November 2, 2021
"value" is nullable here incorrectly reported after calling method that throws Report False-positive / False-negative... java , sonarqube-ide	2	1821	July 8, 2019

SonarQube fails to detect NullPointerException

Related topics