Sonar false-positive on rule: Null pointers should not be dereferenced

问题:

I have a sonar alert on this call minRating.getRatgCaam()

The alert is related to the sonar rule : Null pointers should not be dereferenced.

Ex:

AgencyRating minRating = null; ....... if (!getRatingUtilities().isNR(minRating)) {     return minRating.getRatgCaam(); //Sonar: Null pointers should not be dereferenced } 

The method isNR(minRating) is a helper method that validate among other things, if the object minRating is null

public boolean isNR(AgencyRating rating) {     return rating == null || isNR(rating.getRatgCaam()); } 

When I added the not null validation as sonar suggest. Sonar is ok.

if (minRating !=null  && !getRatingUtilities().isNR(minRating)) {     return minRating.getRatgCaam(); // no more alert } 

Sonar can't determine that the helper method did the null validation. I don't need to do this validation again.

Is my case a false positive ?

回答1:

This is indeed a false positive because, at time of writing, the sonarqube java analyzer (version 4.2.1 at time of writing) does not support cross procedural analysis and so it is not able to determine that indeed, for the condition to be true, the value of minRating has to be non null.

This is a feature that we are currently heavily working on to be able to switch off such kind of false positives.

回答2:

Now (sonarqube java analyzer version 4.3.0.7717) it's supported and works fine

文章来源: Sonar false-positive on rule: Null pointers should not be dereferenced