False Positive "Null pointers should not be dereferenced"
180 views
Skip to first unread message
Tony 79
Mar 22, 2016, 5:34:10 AM3/22/16
to SonarQube
Hi,
I have some "Blocker" which are actually false positives.
Is there any open task to solve?
The following is an excerpt of the source code with the error:
...
...
if (!GSSCUDGUtility.isNullOrEmpty(nodeString)){
DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
domFactory.setNamespaceAware(true); // never forget this!
DocumentBuilder builder = domFactory.newDocumentBuilder();
ByteArrayInputStream is = null;
try{
is = new ByteArrayInputStream(nodeString.getBytes());
NullPointerException might be thrown as 'nodeString' is nullable here
...
...
However, this method:
if (!GSSCUDGUtility.isNullOrEmpty(nodeString)){
checks that the "nodeString" is not null or ""
Nicolas Peru
Apr 11, 2016, 7:55:27 AM4/11/16
to Tony 79, SonarQube
Hi Tony,
We are working right now on cross procedural analysis in Symbolic Execution in order to remove this kind of false positive by going outside the boundaries of a method. This is still experimental work so please mark the issue as false positive in the meantime.
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/7a3e4eb1-61a5-4281-a757-9a3984fb0f2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Reply all
Reply to author
Forward
0 new messages