squid:S2259 : A "NullPointerException" could be thrown; "dc" is nullable here. While "dc" is checked as not null

Franck_Biellmann · September 17, 2018, 10:07am

Hello.

We have a false positive with the " Null pointers should not be dereferenced -squid:S2259" rule :
We have a “NullPointerException” false positive for which we do not know how to solve it.
In the code, we check the not nullity with java.util.Objects.nonNull().
But even with this, the concerned object it tagged as a possible NullPointerException problem.

I have checked on multiple posts and googled it; It seemed that “crosschecked referenced issues” had been fixed since sonarqube 6.1; But not for this case.
Can you please help?

Version of Sonarqube used : 7.3.0.15553
version of SonarJava used : 5.7 (build 15470)

Screenshot of the issue :

Zoom on the code :

import java.util.Objects;
.....
.....
if ( Objects.nonNull( dc ) && Objects.nonNull( dc.getDate() ) ) {
   headers.put( MediacentricHeaders.Metadata.PUBLICATION_DATE, DateHelper.format( dc.getDate(), DateHelper.W3C_FORMATTER ) );
    LOGGER.debug( "dc:date found : {} ", dc.getDate() );
 }

Thank you!
Franck;

Franck_Biellmann · October 2, 2018, 8:43am

Hello.

This subject does interest nobody?

Franck_Biellmann · November 5, 2018, 5:55pm

Last try of update…

Franck_Biellmann · November 14, 2018, 10:52am

Hello.

Really no chance to get an update?

Tobi · July 2, 2019, 2:37pm

Hi, i have the exact same Issue…did you found an solution meanwhile?

Franck_Biellmann · July 2, 2019, 3:02pm

Hello.

No, I have stopped hoping any answer…
No solution at the moment.
I will see with the latest version.

Tobi · July 2, 2019, 3:14pm

This is a pretty annoying issue because the code contains passages written in the same way but not marked by SonarQube.

saberduck · July 2, 2019, 4:16pm

hello @Franck_Biellmann,

sorry for the late reaction, this thread somehow slipped through the cracks. sonar-java analyzer should be able to detect that instance of an object cannot be null once java.util.Objects.nonNull returned true on it (here is a small project demonstrating it, notice that S2259 issue is raised only in the false branch).

Now, to understand why it is not working in your case, I would like to ask you for two things:

isolate the issue by simplifying the case where it is raised - removing all the dependencies and unrelated code, while still keeping the false positive
provide full debug log of the analysis

Tobi · July 3, 2019, 8:48am

The Example you wrote, explains exact my Problem

Here is the debug log from SQ:

SQ_DEBUG_LOG.txt (39.8 KB)

saberduck · July 3, 2019, 9:24am

hello @Tobi,

I am not sure I understand what you mean, my example is demonstrating that the rule works as it should. I don’t see anything problematic in the log you posted.

Tobi · July 3, 2019, 10:20am

The Problem is, that sepaMandate never could be null, because we check it with if(objects.nonNull).

Best regards,
Tobi

Franck_Biellmann · July 3, 2019, 10:34am

Hello.

Same problem for me :
I check the nullity with : Line 246 Objects.nonNull( dc )
And sonar raises, at the same line, that dc can be null on Objects.nonNull( dc.getDate() )

Please refer to :
if ( Objects.nonNull( dc ) && Objects.nonNull( dc.getDate() ) ) {
// Code …
}

dc can not be null here : the && condition prevents the execution of dc.getDate(), if Objects.nonNull( dc ) is not true

saberduck · July 3, 2019, 12:00pm

I am not able to reproduce the issue writing equivalent code. Something else has to be at play here. To understand the problem, can you please tell me

version of Java used for analysis, SonarQube and sonar-java plugin

Is the false positive still raised when you replace Objects.nonNull with != null ? Can you reproduce the false positive in small isolated project you could share here?

Tobi · July 4, 2019, 12:26pm

Hi, these are the version we are using:

Java Version:

openjdk version “1.8.0_212”
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b03-0ubuntu1.16.04.1-b03)
OpenJDK 64-Bit Server VM (build 25.212-b03, mixed mode)

SQ Server:

7.7.0.23042

java Plugin:

5.13 (build 18197)

Can you reproduce the false positive in small isolated project you could share here?
Yes but on monday, because too much work

saberduck · July 17, 2019, 9:19am

I had a look again and I really don’t see how this can happen. Feel free to come back if you manage to create a reproducer you can share with us.

annguyen · December 27, 2019, 4:34am

I have the same problem as Franck Biellmann.
The code is:
If (Object.nonNull(smt) && smt.getSmt) {
// Do smt
}
Sonar still complains that smt is Nullable here.
My sonar version is Version 7.0 (build 36138)

Michael · March 31, 2020, 3:43pm

To anybody reading this thread. if you are observing similar issue, please start a new thread with a self-contained reproducer for your issue.