[java] false positive NPE

[moun...@gmail.com]

SonarQube shows a false positive NPE message.

It happens because method Util.isNotEmpty is in a dependency project.

I know that all that is based on SonarQube's internal Symbolic Execution engine, which symbolically executes source code during analysis to locate potential NPE. 

And SonarQube Team is working to improve it in order to be cross-procedural.

But may be there can be an opportunity to set a list of Null-Safe methods, that will tell SE not to check on NPE when there was a call of such methods before.

I've created a simple repo here to reproduce that.

[Nicolas Peru]

Hi, 

I understand your suggestion to add a user configurable parameter to the rule to let the engine know that some methods will mark their parameters as null safe. 

This is not something we want to do for different reasons : 

- as you pointed out we are currently working to avoid this.

- we want to avoid user configuration as much as possible (otherwise we are actually not solving a problem with our analyzer but just asking the user to solve its own issue).

So, while waiting for this feature to land, please mark the issue as won't fix.

Cheers, 

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/47acc245-8c1c-4053-8cbc-fbd6a35f9ddb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Nicolas Peru | SonarSource

Senior Developer

https://twitter.com/benzonico

https://sonarsource.com