When a method calls another method in a different class, SonarQube may have incorrect judgments. For example, in the CheckUtil class in the figure, the isEmpty method has already made a judgment on “payeeName”, but a null pointer exception error is still reported.
Hey there.
I’ve moved your post to the section on reporting false-positives.
Please update your post with the required information (SonarQube version, Rule ID, and a reproducible snippet of code, no screenshots).
SonarQube version: Community Edition 9.9 LTS
Rule ID:java:S2259
code:
public class CheckUtil {
public static boolean isEmpty(Object obj){
if (obj == null) {
return true;
} else if (obj instanceof String && obj.toString().trim().length() == 0) {
return true;
} else if (obj.getClass().isArray() && Array.getLength(obj) == 0) {
return true;
} else if (obj instanceof Collection && ((Collection)obj).isEmpty()) {
return true;
} else {
return obj instanceof Map && ((Map)obj).isEmpty();
}
}
}
public class Test {
public static void main(String[] args) {
String payeeName=null;
if(!CheckUtil.isEmpty(payeeName) && payeeName.length()>50){
System.out.println("=========");
}
}
}
Thanks for the report and reproducer! This rule is based on an old symbolic execution (SE) engine. Unfortunately, this engine is full of shortcomings and has a very high cost of maintenance. In fact, it is not actively maintained anymore. If you search Jira for this rule, you’ll find that there are many cases where it exhibits false positives.
We’re currently working on an engine that can eventually supersede this rule’s implementation with better results. For right now, I cannot, unfortunately, give you an ETA of when/if that rule replacement will be available.
For now, it would be best to mark this a false-positive in SonarQube.