Skip to first unread message
thomas....@gmail.com
Mar 2, 2018, 9:56:45 AM3/2/18
to SonarQube
Hi there,
I have setup Sonarqube (6.7.1) for a larger multi-project Gradle project. All projects use Eclipse annotation-based null analysis and things work mostly fine in Eclipse.
When I run the Sonar analysis I get lots of false positives. Let me explain in more detail.
We are using a default of NonNull like this:
@NonNullByDefault
package sonar.nullanalysis.tests;
import org.eclipse.jdt.annotation.NonNullByDefault;
Now, when a method is allowed to return null that method is annotated with @Nullable. Sonar does not seem to pick up that the method should "overrule" the package default.
This leads to at least two false positives:
1) The method which returns null and is allowed to do so is marked with:
"@NonNull" values should not be set to null (squid:S2637) / This method's return value is marked "org.eclipse.jdt.annotation.NonNullByDefault" but null is returned.
This make me believe that the overruling does not work at all.
"@NonNull" values should not be set to null (squid:S2637) / This method's return value is marked "org.eclipse.jdt.annotation.NonNullByDefault" but null is returned.
This make me believe that the overruling does not work at all.
2) If the method is allowed to return null (as it is) the calling code should do a null check. Now, the sonar analyzer will mark that null check with this:
Conditionally executed blocks should be reachable (squid:S2583) / Change this condition so that it does not always evaluate to "false"
Conditionally executed blocks should be reachable (squid:S2583) / Change this condition so that it does not always evaluate to "false"
You will need to add the sonar connection information into a gradle.properties file to connect the project with some sonar server.
I'm looking forward to your assessment of these issues.
I'm looking forward to your assessment of these issues.
Regards, Thomas
Thomas Hofmann
Mar 6, 2018, 9:56:14 AM3/6/18
to SonarQube
Bump, anyone here who can tell me what I need to do to get an answer? I understood that this is the correct group for such issues...
Nicolas Peru
Apr 27, 2018, 5:19:18 AM4/27/18
to Thomas Hofmann, SonarQube
Hi Thomas,
Sorry for late answer :
Thanks a lot for the reproducer.
This is indeed a bug that was introduced recently with the support of meta annotations.
I created this ticket to fix it : https://jira.sonarsource.com/browse/SONARJAVA-2734
Thanks for the feedback.
Cheers,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/6432e9b6-46b8-4534-914c-04eca56a9151%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nicolas Peru | SonarSource
Senior Developer
Reply all
Reply to author
Forward
0 new messages