Tell Scanner that I've confirmed a variable is not null (.NET)

dstahl-axion · April 30, 2023, 4:13pm

In our code we use an extension method to assert things on an object, including whether it’s null. An example would be:

if (myVariable.IsNotNull())
    myVariable.DoSomething();

Is there a way to indicate to Sonar that myVariable cannot be null in the second line? Much of this code was written before c# added things like myVariable?.DoSomething() so it’ll take some time to refactor it all (we can use Clean as You Code, of course!), but I’d like to remove this as a Sonar warning if possible.

Colin · May 1, 2023, 7:56am

Hey there.

You can mark this as “Won’t Fix” in the SonarCloud UI.

And, do you use ValidatedNotNullAttribute with your extension method? The analyzer should catch this.

dstahl-axion · May 1, 2023, 3:24pm

Thanks for the quick reply and especially for giving me a few different options.

I prefer the code approach, so I checked it out and it mostly works. However, the function in question was written similar to this (I just added the ValidatedNotNull to test it out so it wasn’t there before).

    [ContractAnnotation("null => false; notnull => true")]
    public static bool IsNotNull(
        [ValidatedNotNull] this object aObject)
    {
        return !ReferenceEquals(null, aObject);
    }

It looks like the expected use of the ValidatedNotNull attribute is that it guarantees that this function will not return if the variable is null (i.e. it would throw an exception). In my case, I’m just returning false. So checks like:

if (var.IsNotNull())
    var.DoSomething();
else
    var.DoSomethingElse();

appear to pass with SonarLint because it doesn’t pick up that the else block is operating on a null variable. The Code Contracts annotation works well for this because it’ll map the null-ness to a return value, but Sonar doesn’t use that.

Unless Sonar has another method, I think I’m either going to have to do it in the UI OR (more likely) deprecate our extension method and start using the built-in null checks. Now that C# has options to check/coalesce, these extension methods aren’t as useful as they once were.

Colin · May 1, 2023, 3:26pm

I’m not enough of an expert to comment on if we should, so I’ll flag this for attention for another team.

And…

Sounds like a great way to clean up some technichal debt.

Martin_Strecker · May 2, 2023, 2:20pm

Hello @dstahl-axion

You can annotate your method with [NotNullWhen]

[ContractAnnotation("null => false; notnull => true")]
public static bool IsNotNull([NotNullWhen(true)] this object? aObject)
{
    return !ReferenceEquals(null, aObject);
}

This should also work if the NotNullWhenAttribute from the dotnet core framework is not available to you, or if the project is compiled without #nullable enable. You can create a custom NotNullWhenAttribute attribute with a single constructor parameter bool returnValue and we pick it up and respect it. Support for this attribute was added in version 8.46. by fixing this issue S2259: Support NotNullWhenAttribute · Issue #6128 · SonarSource/sonar-dotnet · GitHub

Best, Martin

system · May 10, 2023, 10:45am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.