squid:S2259 : A "NullPointerException" could be thrown; "dc" is nullable here. While "dc" is checked as not null


We have a false positive with the " Null pointers should not be dereferenced -squid:S2259" rule :
We have a “NullPointerException” false positive for which we do not know how to solve it.
In the code, we check the not nullity with java.util.Objects.nonNull().
But even with this, the concerned object it tagged as a possible NullPointerException problem.

I have checked on multiple posts and googled it; It seemed that “crosschecked referenced issues” had been fixed since sonarqube 6.1; But not for this case.
Can you please help?

  • Version of Sonarqube used :
  • version of SonarJava used : 5.7 (build 15470)

Screenshot of the issue :

Zoom on the code :

import java.util.Objects;
if ( Objects.nonNull( dc ) && Objects.nonNull( dc.getDate() ) ) {
   headers.put( MediacentricHeaders.Metadata.PUBLICATION_DATE, DateHelper.format( dc.getDate(), DateHelper.W3C_FORMATTER ) );
    LOGGER.debug( "dc:date found : {} ", dc.getDate() );

Thank you!

1 Like


This subject does interest nobody?

Last try of update…


Really no chance to get an update?

Hi, i have the exact same Issue…did you found an solution meanwhile?


No, I have stopped hoping any answer…
No solution at the moment.
I will see with the latest version.

This is a pretty annoying issue because the code contains passages written in the same way but not marked by SonarQube.

hello @Franck_Biellmann,

sorry for the late reaction, this thread somehow slipped through the cracks. sonar-java analyzer should be able to detect that instance of an object cannot be null once java.util.Objects.nonNull returned true on it (here is a small project demonstrating it, notice that S2259 issue is raised only in the false branch).

Now, to understand why it is not working in your case, I would like to ask you for two things:

  • isolate the issue by simplifying the case where it is raised - removing all the dependencies and unrelated code, while still keeping the false positive
  • provide full debug log of the analysis

The Example you wrote, explains exact my Problem :slight_smile:

Here is the debug log from SQ:

SQ_DEBUG_LOG.txt (39.8 KB)

hello @Tobi,

I am not sure I understand what you mean, my example is demonstrating that the rule works as it should. I don’t see anything problematic in the log you posted.

The Problem is, that sepaMandate never could be null, because we check it with if(objects.nonNull).

Best regards,


Same problem for me :
I check the nullity with : Line 246 Objects.nonNull( dc )
And sonar raises, at the same line, that dc can be null on Objects.nonNull( dc.getDate() )

Please refer to :
if ( Objects.nonNull( dc ) && Objects.nonNull( dc.getDate() ) ) {
// Code …

dc can not be null here : the && condition prevents the execution of dc.getDate(), if Objects.nonNull( dc ) is not true

I am not able to reproduce the issue writing equivalent code. Something else has to be at play here. To understand the problem, can you please tell me

  • version of Java used for analysis, SonarQube and sonar-java plugin

Is the false positive still raised when you replace Objects.nonNull with != null ? Can you reproduce the false positive in small isolated project you could share here?

Hi, these are the version we are using:

Java Version:

openjdk version “1.8.0_212”
OpenJDK Runtime Environment (build 1.8.0_212-8u212-b03-0ubuntu1.16.04.1-b03)
OpenJDK 64-Bit Server VM (build 25.212-b03, mixed mode)

SQ Server:

java Plugin:

5.13 (build 18197)

Can you reproduce the false positive in small isolated project you could share here?
Yes but on monday, because too much work :slight_smile:

I had a look again and I really don’t see how this can happen. Feel free to come back if you manage to create a reproducer you can share with us.

I have the same problem as Franck Biellmann.
The code is:
If (Object.nonNull(smt) && smt.getSmt) {
// Do smt
Sonar still complains that smt is Nullable here.
My sonar version is Version 7.0 (build 36138)

To anybody reading this thread. if you are observing similar issue, please start a new thread with a self-contained reproducer for your issue.