Unresolvable FP: java:S2638

• ALM used: GitHub
• CI system used: Jenkins
• Languages of the repository: Java/JS/TS
• Problem observed
  There is no obvious way to fix java:S2638 when it’s already violated by the parent class not under our control
• Steps to reproduce

import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.multipart.MaxUploadSizeExceededException;

public class ExceptionHandler extends org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler {
	@Override
	protected ResponseEntity<Object> handleMaxUploadSizeExceededException(MaxUploadSizeExceededException ex, HttpHeaders headers, HttpStatusCode status,
		WebRequest request) {
		return null;
	}
}

The method triggers java:S2638 whenever

1. we leave it without nullability annotation

2. if we put @Nullable

3. if we put @NonNull

The parent class from Spring6 overrode the package-global @NonNull by the @Nullable annotation on the method level.

Thank you for the report and the clear example! I created SONARJAVA-5865 to track resolution of this issue.

I wish to follow this up by reporting an almost Identical issue with extending the class ResponseEntityExceptionHandler except with the method handleMethodArgumentNotValid.

In our case however it reports incompatibility with @NonNullApi since we are still on Spring Boot 3.5.8.

@tomasz.tylenda BTW I found thanks to the recent Sonar community summary letter a similar issue (duplicate?) Jira

Thank you for pointing this out! I’ve linked the tickets so they can be investigated together.